Revert "AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)"
This reverts commit 38076327525986b780942f33eff01d2de4a70ce2. Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4551c9f9 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4551c9f9 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4551c9f9 Branch: refs/heads/branch-feature-AMBARI-18634 Commit: 4551c9f9cbc3e1723a331b038dfee954098f3b44 Parents: 29db227 Author: Robert Levas <rle...@hortonworks.com> Authored: Wed Nov 23 09:32:37 2016 -0500 Committer: Robert Levas <rle...@hortonworks.com> Committed: Wed Nov 23 09:32:37 2016 -0500 ---------------------------------------------------------------------- .../common-services/HDFS/2.1.0.2.0/kerberos.json | 2 +- .../HIVE/0.12.0.2.0/package/scripts/webhcat.py | 10 ++++++++++ .../resources/stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json index f30c9e4..e8c96cb 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json @@ -56,7 +56,7 @@ }, "group": { "name": "${cluster-env/user_group}", - "access": "" + "access": "r" }, "configuration": "hadoop-env/hdfs_user_keytab" } http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py index 00b057c..a7feb60 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py @@ -70,6 +70,16 @@ def webhcat(): group=params.user_group, cd_access="a") + if params.security_enabled: + kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab} {hdfs_principal_name};") + else: + kinit_if_needed = "" + + if kinit_if_needed: + Execute(kinit_if_needed, + user=params.webhcat_user, + path='/bin' + ) # Replace _HOST with hostname in relevant principal-related properties webhcat_site = params.config['configurations']['webhcat-site'].copy() http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json index 9000e95..974a69c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json @@ -66,7 +66,7 @@ }, "group": { "name": "${cluster-env/user_group}", - "access": "" + "access": "r" }, "configuration": "hadoop-env/hdfs_user_keytab" }