AMBARI-20308 - Atlas service check fails during EU on wire encrypted cluster (jonathanhurley)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9d38b66d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9d38b66d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9d38b66d Branch: refs/heads/branch-feature-AMBARI-12556 Commit: 9d38b66d1bc015896b82ea6e6e89e1f9bfee79ac Parents: 6cfcc90 Author: Jonathan Hurley <jhur...@hortonworks.com> Authored: Fri Mar 3 13:00:58 2017 -0500 Committer: Jonathan Hurley <jhur...@hortonworks.com> Committed: Mon Mar 6 12:38:04 2017 -0500 ---------------------------------------------------------------------- .../configuration/application-properties.xml | 42 ++++++++++++++++++++ .../stacks/HDP/2.5/upgrades/config-upgrade.xml | 5 +++ .../HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml | 6 +++ .../HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml | 6 +++ .../stacks/HDP/2.5/upgrades/upgrade-2.5.xml | 6 +++ .../stacks/HDP/2.5/upgrades/upgrade-2.6.xml | 1 + .../configuration/application-properties.xml | 3 +- 7 files changed, 67 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml new file mode 100644 index 0000000..366ecf6 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml @@ -0,0 +1,42 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false"> + + <!-- Supported in HDP 2.5.4 --> + <property> + <name>atlas.ssl.exclude.protocols</name> + <display-name>Excluded Wire Encryption Protocols</display-name> + <value>TLSv1.2</value> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <description>A comma-separate list of the wire encryption protocols to exclude when TLS is enabled. Some versions of cURL do not work with TLSv1.2.</description> + <used-by> + <property> + <type>application-properties</type> + <name>atlas.enableTLS</name> + </property> + </used-by> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml index bfe7405..5d19652 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml @@ -140,6 +140,11 @@ <replace key="content" find="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">" replace-with="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">\n<param name="MaxFileSize" value="{{atlas_log_max_backup_size}}MB" />"/> <replace key="content" find="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">" replace-with="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">\n<param name="MaxFileSize" value="{{atlas_log_number_of_backup_files}}" />"/> </definition> + + <definition xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol" summary="Excluding TLS v1.2 Protocol"> + <type>application-properties</type> + <set key="atlas.ssl.exclude.protocols" value="TLSv1.2" if-type="application-properties" if-key="atlas.ssl.exclude.protocols" if-key-state="absent"/> + </definition> </changes> </component> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml index 2dbc468..39cb0dc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml @@ -296,6 +296,7 @@ <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Storm"> <task xsi:type="configure" id="hdp_2_5_0_0_remove_empty_storm_topology_submission_notifier_plugin_class"/> </execute-stage> + <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Nimbus"> <task xsi:type="configure" id="increase_storm_zookeeper_timeouts"/> </execute-stage> @@ -306,6 +307,11 @@ </task> </execute-stage> + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Updating Atlas TLS Exclude Protocols"> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"> + <summary>Updating Atlas TLS Exclude Protocols to exclude TLS v1.2</summary> + </task> + </execute-stage> </group> <!-- http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml index 3afa230..9f7a01a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml @@ -434,6 +434,12 @@ <summary>Updating the Atlas Log4J properties to include parameterizations</summary> </task> </execute-stage> + + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Updating Atlas TLS Exclude Protocols"> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"> + <summary>Updating Atlas TLS Exclude Protocols to exclude TLS v1.2</summary> + </task> + </execute-stage> <!--KAFKA--> <execute-stage service="KAFKA" component="KAFKA_BROKER" title="Parameterizing Kafka Log4J Properties"> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml index a102d13..b5b45cb 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml @@ -934,6 +934,12 @@ <service name="ATLAS"> <component name="ATLAS_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"/> + </pre-upgrade> + + <pre-downgrade/> + <upgrade> <task xsi:type="restart-task"/> </upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml index 0c0b08e..97313b5 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml @@ -1066,6 +1066,7 @@ <component name="ATLAS_SERVER"> <pre-upgrade> <task xsi:type="configure" id="atlas_log4j_parameterize" /> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"/> </pre-upgrade> <pre-downgrade /> <upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d38b66d/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml index 47e1fb5..91de1b0 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml @@ -60,7 +60,7 @@ <on-ambari-upgrade add="true"/> </property> - <property> + <property> <name>atlas.sso.knox.browser.useragent</name> <value/> <description/> @@ -92,5 +92,4 @@ </value-attributes> <on-ambari-upgrade add="true"/> </property> - </configuration>