AMBARI-19337. Ambari has some spelling mistakes in YARN proxyuser properties in many places (Jay SenSharma via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c689096d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c689096d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c689096d Branch: refs/heads/branch-dev-patch-upgrade Commit: c689096d13c62beafe1eb52a8aa9a4a8c4d9cd63 Parents: 37baf9a Author: Sumit Mohanty <smoha...@hortonworks.com> Authored: Tue Jan 17 12:18:06 2017 -0800 Committer: Sumit Mohanty <smoha...@hortonworks.com> Committed: Tue Jan 17 12:18:06 2017 -0800 ---------------------------------------------------------------------- .../YARN/2.1.0.2.0/kerberos.json | 12 +- .../YARN/2.1.0.2.0/kerberos.json.orig | 216 ++ .../YARN/3.0.0.3.0/kerberos.json | 12 +- .../YARN/3.0.0.3.0/kerberos.json.orig | 280 ++ .../stacks/HDP/2.2/services/YARN/kerberos.json | 12 +- .../HDP/2.2/services/YARN/kerberos.json.orig | 217 ++ .../HDP/2.3.ECS/services/YARN/kerberos.json | 12 +- .../2.3.ECS/services/YARN/kerberos.json.orig | 220 ++ .../stacks/HDP/2.3/services/YARN/kerberos.json | 12 +- .../HDP/2.3/services/YARN/kerberos.json.orig | 226 ++ .../stacks/HDP/2.5/services/YARN/kerberos.json | 12 +- .../HDP/2.5/services/YARN/kerberos.json.orig | 280 ++ .../stacks/PERF/1.0/services/YARN/kerberos.json | 12 +- .../PERF/1.0/services/YARN/kerberos.json.orig | 278 ++ .../2.2/configs/pig-service-check-secure.json | 12 +- .../configs/pig-service-check-secure.json.orig | 651 ++++ .../test_kerberos_descriptor_2_1_3.json | 12 +- .../test_kerberos_descriptor_2_1_3.json.orig | 1320 ++++++++ .../data/stacks/HDP-2.1/service_components.json | 12 +- .../stacks/HDP-2.1/service_components.json.orig | 3170 ++++++++++++++++++ .../app/data/configs/wizards/secure_mapping.js | 12 +- 21 files changed, 6924 insertions(+), 66 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json index 6b61c13..c8b5989 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json @@ -23,13 +23,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", "hadoop.registry.secure" : "true", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json.orig b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json.orig new file mode 100644 index 0000000..6b61c13 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json.orig @@ -0,0 +1,216 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "false", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json index d334887..fb85e7a 100644 --- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json @@ -24,13 +24,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", "hadoop.registry.secure" : "true", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json.orig b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json.orig new file mode 100644 index 0000000..d334887 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json.orig @@ -0,0 +1,280 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "true", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.admin.acl": "${yarn-env/yarn_user},dr.who", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + }, + { + "capacity-scheduler": { + "yarn.scheduler.capacity.root.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_submit_applications": "${yarn-env/yarn_user}" + } + }, + { + "ranger-yarn-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/HIVE/HIVE_SERVER/hive_server_hive", + "principal": { + "configuration": "hive-interactive-site/hive.llap.daemon.service.principal" + }, + "keytab": { + "configuration": "hive-interactive-site/hive.llap.daemon.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "llap_zk_hive", + "principal": { + "value": "hive/_HOST@${realm}", + "type" : "service", + "configuration": "hive-interactive-site/hive.llap.zk.sm.principal" + }, + "keytab": { + "file": "${keytab_dir}/hive.llap.zk.sm.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "hive-interactive-site/hive.llap.zk.sm.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + }, + { + "name": "/YARN/RESOURCEMANAGER/resource_manager_rm", + "principal": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json index ad30b76..85a3221 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json @@ -23,13 +23,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-state-store.parent-path": "/rmstore-secure", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json.orig b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json.orig new file mode 100644 index 0000000..ad30b76 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json.orig @@ -0,0 +1,217 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "true", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-state-store.parent-path": "/rmstore-secure", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json index 7977941..e27513a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json @@ -26,13 +26,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", "hadoop.registry.secure" : "true", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json.orig b/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json.orig new file mode 100644 index 0000000..7977941 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json.orig @@ -0,0 +1,220 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/ECS/hdfs" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "false", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.yarn.groups": "*", + "hadoop.proxyuser.yarn.hosts": "${yarn-site/yarn.resourcemanager.hostname}" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/ECS/hdfs" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} + http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json index 73addb1..bf0280b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json @@ -24,13 +24,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", "hadoop.registry.secure" : "true", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json.orig b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json.orig new file mode 100644 index 0000000..73addb1 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json.orig @@ -0,0 +1,226 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "true", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.admin.acl": "${yarn-env/yarn_user},dr.who", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + }, + { + "capacity-scheduler": { + "yarn.scheduler.capacity.root.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_submit_applications": "${yarn-env/yarn_user}" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json index d334887..fb85e7a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json @@ -24,13 +24,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", "hadoop.registry.secure" : "true", http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json.orig b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json.orig new file mode 100644 index 0000000..d334887 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json.orig @@ -0,0 +1,280 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "true", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.admin.acl": "${yarn-env/yarn_user},dr.who", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda", + "hadoop.registry.secure" : "true", + "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + }, + { + "capacity-scheduler": { + "yarn.scheduler.capacity.root.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_submit_applications": "${yarn-env/yarn_user}" + } + }, + { + "ranger-yarn-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/HIVE/HIVE_SERVER/hive_server_hive", + "principal": { + "configuration": "hive-interactive-site/hive.llap.daemon.service.principal" + }, + "keytab": { + "configuration": "hive-interactive-site/hive.llap.daemon.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "llap_zk_hive", + "principal": { + "value": "hive/_HOST@${realm}", + "type" : "service", + "configuration": "hive-interactive-site/hive.llap.zk.sm.principal" + }, + "keytab": { + "file": "${keytab_dir}/hive.llap.zk.sm.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "hive-interactive-site/hive.llap.zk.sm.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + }, + { + "name": "/YARN/RESOURCEMANAGER/resource_manager_rm", + "principal": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json index 7e74237..2735323 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json @@ -24,13 +24,13 @@ "yarn.timeline-service.http-authentication.token.validity": "", "yarn.timeline-service.http-authentication.cookie.domain": "", "yarn.timeline-service.http-authentication.cookie.path": "", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", - "yarn.resourcemanager.proxyusers.*.groups": "", - "yarn.resourcemanager.proxyusers.*.hosts": "", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.groups": "", + "yarn.resourcemanager.proxyuser.*.hosts": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.resourcemanager.proxy-user-privileges.enabled": "true", "yarn.resourcemanager.zk-state-store.parent-path": "/rmstore-secure" } http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json.orig ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json.orig b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json.orig new file mode 100644 index 0000000..7e74237 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/kerberos.json.orig @@ -0,0 +1,278 @@ +{ + "services": [ + { + "name": "YARN", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.timeline-service.enabled": "true", + "yarn.timeline-service.http-authentication.type": "kerberos", + "yarn.acl.enable": "true", + "yarn.admin.acl": "${yarn-env/yarn_user},dr.who", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.resourcemanager.zk-state-store.parent-path": "/rmstore-secure" + } + }, + { + "core-site": { + "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}" + } + }, + { + "capacity-scheduler": { + "yarn.scheduler.capacity.root.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_queue": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_jobs": "${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_submit_applications": "${yarn-env/yarn_user}" + } + }, + { + "ranger-yarn-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.nodemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "/HIVE/HIVE_SERVER/hive_server_hive", + "principal": { + "configuration": "hive-interactive-site/hive.llap.daemon.service.principal" + }, + "keytab": { + "configuration": "hive-interactive-site/hive.llap.daemon.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "llap_zk_hive", + "principal": { + "value": "hive/_HOST@${realm}", + "type" : "service", + "configuration": "hive-interactive-site/hive.llap.zk.sm.principal" + }, + "keytab": { + "file": "${keytab_dir}/hive.llap.zk.sm.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "hive-interactive-site/hive.llap.zk.sm.keytab.file" + }, + "when" : { + "contains" : ["services", "HIVE"] + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + } + } + ], + "configurations": [ + { + "yarn-site": { + "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.resourcemanager.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + } + }, + { + "name": "/YARN/RESOURCEMANAGER/resource_manager_rm", + "principal": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ] + }, + { + "name": "APP_TIMELINE_SERVER", + "identities": [ + { + "name": "app_timeline_server_yarn", + "principal": { + "value": "yarn/_HOST@${realm}", + "type" : "service", + "configuration": "yarn-site/yarn.timeline-service.principal", + "local_username": "${yarn-env/yarn_user}" + }, + "keytab": { + "file": "${keytab_dir}/yarn.service.keytab", + "owner": { + "name": "${yarn-env/yarn_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.timeline-service.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "keytab": { + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "type" : "service", + "configuration": "mapred-site/mapreduce.jobhistory.principal", + "local_username": "${mapred-env/mapred_user}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${mapred-env/mapred_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "keytab": { + "configuration": "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + } + } + ] + } + ] + } + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c689096d/ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json b/ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json index f14eb52..0ac9e78 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json @@ -402,7 +402,7 @@ "yarn.log-aggregation-enable": "true", "yarn.nodemanager.delete.debug-delay-sec": "0", "yarn.timeline-service.store-class": "org.apache.hadoop.yarn.server.timeline.LeveldbTimelineStore", - "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts": "", "yarn.timeline-service.client.retry-interval-ms": "1000", "hadoop.registry.zk.quorum": "c6402.ambari.apache.org:2181,c6403.ambari.apache.org:2181,c6401.ambari.apache.org:2181", "yarn.nodemanager.aux-services": "mapreduce_shuffle", @@ -424,7 +424,7 @@ "yarn.nodemanager.resource.memory-mb": "2048", "yarn.timeline-service.http-authentication.kerberos.name.rules": "", "yarn.nodemanager.resource.cpu-vcores": "1", - "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxyuser.*.users": "", "yarn.timeline-service.ttl-ms": "2678400000", "yarn.nodemanager.resource.percentage-physical-cpu-limit": "100", "yarn.nodemanager.disk-health-checker.min-free-space-per-disk-mb": "1000", @@ -433,7 +433,7 @@ "yarn.nodemanager.log.retain-seconds": "604800", "yarn.timeline-service.http-authentication.type": "kerberos", "yarn.nodemanager.log-dirs": "/hadoop/yarn/log", - "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyuser.*.groups": "", "yarn.timeline-service.client.max-retries": "30", "yarn.nodemanager.health-checker.interval-ms": "135000", "yarn.nodemanager.admin-env": "MALLOC_ARENA_MAX=$MALLOC_ARENA_MAX", @@ -445,7 +445,7 @@ "yarn.client.nodemanager-connect.max-wait-ms": "60000", "yarn.timeline-service.http-authentication.simple.anonymous.allowed": "true", "yarn.timeline-service.leveldb-timeline-store.start-time-read-cache-size": "10000", - "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyuser.*.users": "", "yarn.timeline-service.http-authentication.signer.secret.provider": "", "yarn.resourcemanager.bind-host": "0.0.0.0", "yarn.http.policy": "HTTP_ONLY", @@ -463,7 +463,7 @@ "hadoop.registry.rm.enabled": "false", "yarn.timeline-service.leveldb-timeline-store.ttl-interval-ms": "300000", "yarn.resourcemanager.fs.state-store.retry-policy-spec": "2000, 500", - "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.proxyuser.*.groups": "", "yarn.nodemanager.log-aggregation.compression-type": "gz", "yarn.timeline-service.http-authentication.kerberos.principal": "HTTP/_h...@example.com", "yarn.nodemanager.log-aggregation.num-log-files-per-app": "30", @@ -478,7 +478,7 @@ "yarn.resourcemanager.zk-state-store.parent-path": "/rmstore", "yarn.resourcemanager.connect.retry-interval.ms": "30000", "yarn.timeline-service.leveldb-timeline-store.start-time-write-cache-size": "10000", - "yarn.resourcemanager.proxyusers.*.hosts": "" + "yarn.resourcemanager.proxyuser.*.hosts": "" }, "capacity-scheduler": { "yarn.scheduler.capacity.default.minimum-user-limit-percent": "100",