Repository: ambari Updated Branches: refs/heads/branch-2.2 756f2c401 -> bcef4bbb1
AMBARI-14053: PXF should get secured when security is enabled on cluster via kerberos wizard on ambari (bhuvnesh2703 via jaoki) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bcef4bbb Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bcef4bbb Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bcef4bbb Branch: refs/heads/branch-2.2 Commit: bcef4bbb1d896f73aec53b2d84ebebc6d5b701ce Parents: 756f2c4 Author: Jun Aoki <ja...@apache.org> Authored: Wed Dec 23 15:48:30 2015 -0800 Committer: Jun Aoki <ja...@apache.org> Committed: Wed Dec 23 15:48:30 2015 -0800 ---------------------------------------------------------------------- .../common-services/PXF/3.0.0/kerberos.json | 35 ++++++++++++++++++++ .../PXF/3.0.0/package/scripts/params.py | 4 +++ .../PXF/3.0.0/package/scripts/pxf.py | 10 +++++- 3 files changed, 48 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/bcef4bbb/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json new file mode 100644 index 0000000..0a3c3c7 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json @@ -0,0 +1,35 @@ +{ + "services": [ + { + "components": [ + { + "identities": [ + { + "keytab": { + "configuration": null, + "file": "${keytab_dir}/pxf.service.keytab", + "group": { + "access": "", + "name": "${cluster-env/user_group}" + }, + "owner": { + "access": "r", + "name": "pxf" + } + }, + "name": "pxf_client_pxf", + "principal": { + "configuration": null, + "local_username": null, + "type": "service", + "value": "pxf/_HOST@${realm}" + } + } + ], + "name": "PXF" + } + ], + "name": "PXF" + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/bcef4bbb/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py index a4986c9..1d77787 100644 --- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py @@ -40,3 +40,7 @@ java_home = config["hostLevelParams"]["java_home"] if "java_home" in config["hos # Timeouts default_exec_timeout = 600 + +# security related +security_enabled = config['configurations']['cluster-env']['security_enabled'] +realm_name = config['configurations']['kerberos-env']['realm'] http://git-wip-us.apache.org/repos/asf/ambari/blob/bcef4bbb/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py index dd0031c..08475fd 100644 --- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py @@ -21,6 +21,7 @@ limitations under the License. from resource_management import Script from resource_management.libraries.resources.xml_config import XmlConfig +from resource_management.libraries.script.config_dictionary import ConfigDictionary from resource_management.core.resources.accounts import User from resource_management.core.resources.system import Directory, File, Execute from resource_management.core.source import Template @@ -99,9 +100,16 @@ class Pxf(Script): shutil.copy2("{0}/pxf-privatehdp.classpath".format(params.pxf_conf_dir), "{0}/pxf-private.classpath".format(params.pxf_conf_dir)) + if params.security_enabled: + pxf_site_dict = dict(params.config['configurations']['pxf-site']) + pxf_site_dict['pxf.service.kerberos.principal'] = "{0}/_HOST@{1}".format(params.pxf_user, params.realm_name) + pxf_site = ConfigDictionary(pxf_site_dict) + else: + pxf_site = params.config['configurations']['pxf-site'] + XmlConfig("pxf-site.xml", conf_dir=params.pxf_conf_dir, - configurations=params.config['configurations']['pxf-site'], + configurations=pxf_site, configuration_attributes=params.config['configuration_attributes']['pxf-site'])