Updated Branches: refs/heads/trunk 4fdeab528 -> 676567f8f
Security Wizard: UI tweaks. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/676567f8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/676567f8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/676567f8 Branch: refs/heads/trunk Commit: 676567f8f01eda2fa33a7c992defe453bc8b122e Parents: 4fdeab5 Author: Jaimin Jetly <[email protected]> Authored: Tue Jul 9 13:39:10 2013 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Tue Jul 9 13:40:40 2013 -0700 ---------------------------------------------------------------------- .../hdp-hadoop/manifests/hdfs/decommission.pp | 2 +- .../puppet/modules/hdp-hadoop/manifests/init.pp | 4 +- .../hdp-hbase/manifests/hbase/service_check.pp | 2 +- .../modules/hdp-hbase/manifests/params.pp | 9 +- .../templates/hbase_master_jaas.conf.erb | 4 +- .../templates/hbase_regionserver_jaas.conf.erb | 4 +- .../main/puppet/modules/hdp/manifests/params.pp | 2 + .../main/admin/security/add/step2.js | 60 +++- .../main/admin/security/add/step3.js | 47 ++- ambari-web/app/data/secure_configs.js | 24 +- ambari-web/app/data/secure_mapping.js | 32 +- ambari-web/app/data/secure_properties.js | 289 +++++++++++++++---- ambari-web/app/messages.js | 6 +- ambari-web/app/routes/add_security.js | 1 + ambari-web/app/views/wizard/controls_view.js | 2 + 15 files changed, 371 insertions(+), 117 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp index c94c992..68ef792 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp @@ -26,7 +26,7 @@ class hdp-hadoop::hdfs::decommission( } $kinit_path = $hdp::params::kinit_path_local - $keytab_path = "${hdp::params::keytab_path}/hdfs.headless.keytab" + $keytab_path = $hdp::params::hdfs_user_keytab $hdfs_user = $hdp::params::hdfs_user $kinit_cmd = "su - ${hdfs_user} -c '${kinit_path} -kt ${keytab_path} ${hdfs_user}'" http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp index c9b9bc4..0fca0e7 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp @@ -378,10 +378,10 @@ define hdp-hadoop::exec-hadoop( if (($security_enabled == true) and ($kinit_override == false)) { if ($run_user in [$hdfs_user,'root']) { - $keytab = "${hdp::params::keytab_path}/hdfs.headless.keytab" + $keytab = $hdp::params::hdfs_user_keytab $principal = $hdfs_user } elsif ($run_user in [$hbase_user]) { - $keytab = "${hdp::params::keytab_path}/hbase.headless.keytab" + $keytab = $hdp::params::hbase_user_keytab $principal = $hbase_user } else { $keytab = $hdp::params::smokeuser_keytab http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp b/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp index c78a69a..a5aaeb1 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp @@ -26,7 +26,7 @@ class hdp-hbase::hbase::service_check() inherits hdp-hbase::params $conf_dir = $hdp::params::hbase_conf_dir $smoke_user_keytab = $hdp::params::smokeuser_keytab $hbase_user = $hdp-hbase::params::hbase_user - $hbase_keytab = "${hdp-hbase::params::keytab_path}/hbase.headless.keytab" + $hbase_keytab = $hdp::params::hbase_user_keytab $test_cmd = "fs -test -e ${output_file}" $serviceCheckData = hdp_unique_id_and_date() $kinit_cmd = "${hdp::params::kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user};" http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp b/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp index 6726b0a..1e6d6b4 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp @@ -88,16 +88,19 @@ class hdp-hbase::params() inherits hdp::params $hbase_master_jaas_config_file = hdp_default("hbase_master_jaas_config_file", "${conf_dir}/hbase_master_jaas.conf") $hbase_regionserver_jaas_config_file = hdp_default("hbase_regionserver_jaas_config_file", "${conf_dir}/hbase_regionserver_jaas.conf") - $hbase_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab") + $hbase_master_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab") + $hbase_regionserver_keytab_path = hdp_default("hbase-site/hbase.regionserver.keytab.file", "${keytab_path}/hbase.service.keytab") $hbase_master_principal = hdp_default("hbase-site/hbase.master.kerberos.principal", "hbase/_HOST@${kerberos_domain}") $hbase_regionserver_principal = hdp_default("hbase-site/hbase.regionserver.kerberos.principal", "hbase/_HOST@${kerberos_domain}") $hbase_primary_name = hdp_default("hbase_primary_name", "hbase") $hostname = $hdp::params::hostname if ($use_hostname_in_principal) { - $hbase_jaas_princ = "${hbase_primary_name}/${hostname}@${kerberos_domain}" + $hbase_master_jaas_princ = "${hbase_master_primary_name}/${hostname}@${kerberos_domain}" + $hbase_regionserver_jaas_princ = "${hbase_regionserver_primary_name}/${hostname}@${kerberos_domain}" } else { - $hbase_jaas_princ = "${hbase_primary_name}@${kerberos_domain}" + $hbase_master_jaas_princ = "${hbase_master_principal_name}@${kerberos_domain}" + $hbase_regionserver_jaas_princ = "${hbase_regionserver_primary_name}@${kerberos_domain}" } $smokeuser_permissions = hdp_default("smokeuser_permissions", "RWXCA") http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb index 6b8455c..68bf733 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb @@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false -keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>" -principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>"; +keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_keytab_path")%>" +principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_jaas_princ")%>"; }; http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb index 6b8455c..87838ca 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb @@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false -keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>" -principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>"; +keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_keytab_path")%>" +principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_jaas_princ")%>"; }; http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp index 5f5e7f8..81c6090 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp @@ -56,6 +56,8 @@ class hdp::params() $keytab_path = hdp_default("keytab_path", "/etc/security/keytabs") $use_hostname_in_principal = hdp_default("instance_name", true) $smokeuser_keytab = hdp_default("smokeuser_keytab", "/etc/security/keytabs/smokeuser.headless.keytab") + $hdfs_user_keytab = hdp_default("hdfs_user_keytab", "/etc/security/keytabs/hdfs.headless.keytab") + $hbase_user_keytab = hdp_default("hbase_user_keytab", "/etc/security/keytabs/hbase.headless.keytab") $nagios_keytab_path = hdp_default("nagios_keytab_path", "/etc/security/keytabs/nagios.service.keytab") $nagios_principal_name = hdp_default("nagios_principal_name", "nagios") http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/controllers/main/admin/security/add/step2.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/admin/security/add/step2.js b/ambari-web/app/controllers/main/admin/security/add/step2.js index 8b49f01..fefa2e7 100644 --- a/ambari-web/app/controllers/main/admin/security/add/step2.js +++ b/ambari-web/app/controllers/main/admin/security/add/step2.js @@ -25,6 +25,7 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ stepConfigs: [], installedServices: [], selectedService: null, + securityUsers: [], isSubmitDisabled: function () { return !this.stepConfigs.filterProperty('showConfig', true).everyProperty('errorCount', 0); @@ -32,6 +33,7 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ clearStep: function () { this.get('stepConfigs').clear(); + this.get('securityUsers').clear(); }, @@ -41,6 +43,8 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ loadStep: function () { console.log("TRACE: Loading addSecurity step2: Configure Services"); this.clearStep(); + this.loadUsers(); + this.addUserPrincipals(this.get('content.services')); this.addMasterHostToGlobals(this.get('content.services')); this.addSlaveHostToGlobals(this.get('content.services')); this.renderServiceConfigs(this.get('content.services')); @@ -127,6 +131,47 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ } }, + loadUsers: function() { + var securityUsers = App.router.get('mainAdminSecurityController').get('serviceUsers'); + if (!securityUsers || securityUsers.length < 1) { // Page could be refreshed in middle + if (App.testMode) { + securityUsers.pushObject({id: 'puppet var', name: 'hdfs_user', value: 'hdfs'}); + securityUsers.pushObject({id: 'puppet var', name: 'mapred_user', value: 'mapred'}); + securityUsers.pushObject({id: 'puppet var', name: 'hbase_user', value: 'hbase'}); + securityUsers.pushObject({id: 'puppet var', name: 'hive_user', value: 'hive'}); + securityUsers.pushObject({id: 'puppet var', name: 'smokeuser', value: 'ambari-qa'}); + } else { + App.router.get('mainAdminSecurityController').setSecurityStatus(); + securityUsers = App.router.get('mainAdminSecurityController').get('serviceUsers'); + } + } + this.set('securityUsers',securityUsers); + }, + + addUserPrincipals: function(serviceConfigs) { + var securityUsers = this.get('securityUsers'); + var smokeUser = securityUsers.findProperty('name', 'smokeuser'); + var hdfsUser = securityUsers.findProperty('name', 'hdfs_user'); + var hbaseUser = securityUsers.findProperty('name', 'hbase_user'); + var generalService = serviceConfigs.findProperty('serviceName', 'GENERAL'); + var smokeUserPrincipal = generalService.configs.findProperty('name', 'smokeuser_principal_name'); + var hdfsUserPrincipal = generalService.configs.findProperty('name', 'hdfs_principal_name'); + var hbaseUserPrincipal = generalService.configs.findProperty('name', 'hbase_principal_name'); + var hbaseUserKeytab = generalService.configs.findProperty('name', 'hbase_user_keytab'); + var hbaseService = serviceConfigs.findProperty('serviceName', 'HBASE'); + if(smokeUser && smokeUserPrincipal) { + smokeUserPrincipal.defaultValue = smokeUser.value; + } + if(hdfsUser && hdfsUserPrincipal) { + hdfsUserPrincipal.defaultValue = hdfsUser.value; + } + if(hbaseService && hbaseUser && hbaseUserPrincipal) { + hbaseUserPrincipal.defaultValue = hbaseUser.value; + hbaseUserPrincipal.isVisible = true; + hbaseUserKeytab.isVisible = true; + } + }, + addSlaveHostToGlobals: function(serviceConfigs){ var hdfsService = serviceConfigs.findProperty('serviceName', 'HDFS'); var mapReduceService = serviceConfigs.findProperty('serviceName', 'MAPREDUCE'); @@ -139,9 +184,8 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ addMasterHostToGlobals: function (serviceConfigs) { var oozieService = serviceConfigs.findProperty('serviceName', 'OOZIE'); var hiveService = serviceConfigs.findProperty('serviceName', 'HIVE'); - var webHcatService = App.Service.find().mapProperty('serviceName').contains('WEBHCAT'); + var webHcatService = serviceConfigs.findProperty('serviceName', 'WEBHCAT'); var nagiosService = serviceConfigs.findProperty('serviceName', 'NAGIOS'); - var generalService = serviceConfigs.findProperty('serviceName', 'GENERAL'); var hbaseService = serviceConfigs.findProperty('serviceName', 'HBASE'); var zooKeeperService = serviceConfigs.findProperty('serviceName', 'ZOOKEEPER'); var hdfsService = serviceConfigs.findProperty('serviceName', 'HDFS'); @@ -149,12 +193,11 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ if (oozieService) { var oozieServerHost = oozieService.configs.findProperty('name', 'oozie_servername'); var oozieServerPrincipal = oozieService.configs.findProperty('name', 'oozie_principal_name'); - var oozieSpnegoPrincipal = generalService.configs.findProperty('name', 'oozie_http_principal_name'); + var oozieSpnegoPrincipal = oozieService.configs.findProperty('name', 'oozie_http_principal_name'); if (oozieServerHost && oozieServerPrincipal && oozieSpnegoPrincipal) { oozieServerHost.defaultValue = App.Service.find('OOZIE').get('hostComponents').findProperty('componentName', 'OOZIE_SERVER').get('host.hostName'); oozieServerPrincipal.defaultValue = 'oozie/' + oozieServerHost.defaultValue; oozieSpnegoPrincipal.defaultValue = 'HTTP/' + oozieServerHost.defaultValue; - oozieSpnegoPrincipal.isVisible = true; } } if (hiveService) { @@ -163,13 +206,12 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({ hiveServerHost.defaultValue = App.Service.find('HIVE').get('hostComponents').findProperty('componentName', 'HIVE_SERVER').get('host.hostName'); } } - if(webHcatService) { - var webHcatHost = App.Service.find('WEBHCAT').get('hostComponents').findProperty('componentName', 'WEBHCAT_SERVER').get('host.hostName'); - var webHcatSpnegoPrincipal = generalService.configs.findProperty('name', 'webHCat_http_principal_name'); + var webHcatHost = webHcatService.configs.findProperty('name', 'webhcatserver_host'); + var webHcatSpnegoPrincipal = webHcatService.configs.findProperty('name', 'webHCat_http_principal_name'); if(webHcatHost && webHcatSpnegoPrincipal) { - webHcatSpnegoPrincipal.defaultValue = 'HTTP/' + webHcatHost; - webHcatSpnegoPrincipal.isVisible = true; + webHcatHost.defaultValue = App.Service.find('WEBHCAT').get('hostComponents').findProperty('componentName', 'WEBHCAT_SERVER').get('host.hostName'); + webHcatSpnegoPrincipal.defaultValue = 'HTTP/' + webHcatHost.defaultValue; } } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/controllers/main/admin/security/add/step3.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/admin/security/add/step3.js b/ambari-web/app/controllers/main/admin/security/add/step3.js index cc926a7..325a0a1 100644 --- a/ambari-web/app/controllers/main/admin/security/add/step3.js +++ b/ambari-web/app/controllers/main/admin/security/add/step3.js @@ -61,6 +61,9 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({ } var isHbaseInstalled = App.Service.find().findProperty('serviceName', 'HBASE'); var generalConfigs = configs.filterProperty('serviceName', 'GENERAL'); + var hdfsConfigs = configs.filterProperty('serviceName', 'HDFS'); + var webHcatConfigs = configs.filterProperty('serviceName', 'WEBHCAT'); + var oozieConfigs = configs.filterProperty('serviceName', 'OOZIE'); var realm = generalConfigs.findProperty('name', 'kerberos_domain').value; var smokeUserId = securityUsers.findProperty('name', 'smokeuser').value; var hdfsUserId = securityUsers.findProperty('name', 'hdfs_user').value; @@ -76,10 +79,14 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({ var hdfsUser = hdfsUserId + '@' + realm; var hbaseUser = hbaseUserId + '@' + realm; var smokeUserKeytabPath = generalConfigs.findProperty('name', 'smokeuser_keytab').value; - var hdfsUserKeytabPath = generalConfigs.findProperty('name', 'keytab_path').value + "/hdfs.headless.keytab"; - var hbaseUserKeytabPath = generalConfigs.findProperty('name', 'keytab_path').value + "/hbase.headless.keytab"; - var httpPrincipal = generalConfigs.findProperty('name', 'hadoop_http_principal_name'); - var httpKeytabPath = generalConfigs.findProperty('name', 'hadoop_http_keytab').value; + var hdfsUserKeytabPath = generalConfigs.findProperty('name', 'hdfs_user_keytab').value; + var hbaseUserKeytabPath = generalConfigs.findProperty('name', 'hbase_user_keytab').value; + var hadoopHttpPrincipal = hdfsConfigs.findProperty('name', 'hadoop_http_principal_name'); + var hadoopHttpKeytabPath = hdfsConfigs.findProperty('name', 'hadoop_http_keytab').value; + var webHCatHttpPrincipal = webHcatConfigs.findProperty('name', 'webHCat_http_principal_name'); + var webHCatHttpKeytabPath = webHcatConfigs.findProperty('name', 'webhcat_http_keytab').value; + var oozieHttpPrincipal = oozieConfigs.findProperty('name', 'oozie_http_principal_name'); + var oozieHttpKeytabPath = oozieConfigs.findProperty('name', 'oozie_http_keytab').value; var componentToOwnerMap = { 'NAMENODE': hdfsUserId, 'SECONDARY_NAMENODE': hdfsUserId, @@ -127,14 +134,34 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({ }); } if(host.get('hostComponents').someProperty('componentName', 'NAMENODE') || - host.get('hostComponents').someProperty('componentName', 'SECONDARY_NAMENODE') || - host.get('hostComponents').someProperty('componentName', 'WEBHCAT_SERVER') || - host.get('hostComponents').someProperty('componentName', 'OOZIE_SERVER')){ + host.get('hostComponents').someProperty('componentName', 'SECONDARY_NAMENODE')){ result.push({ host: host.get('hostName'), - component: Em.I18n.t('admin.addSecurity.user.httpUser'), - principal: httpPrincipal.value.replace('_HOST', host.get('hostName')) + httpPrincipal.unit, - keytab: httpKeytabPath, + component: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser'), + principal: hadoopHttpPrincipal.value.replace('_HOST', host.get('hostName')) + hadoopHttpPrincipal.unit, + keytab: hadoopHttpKeytabPath, + owner: 'root', + group: hadoopGroupId, + acl: '440' + }); + } + if (host.get('hostComponents').someProperty('componentName', 'WEBHCAT_SERVER')) { + result.push({ + host: host.get('hostName'), + component: Em.I18n.t('admin.addSecurity.webhcat.user.httpUser'), + principal: webHCatHttpPrincipal.value.replace('_HOST', host.get('hostName')) + webHCatHttpPrincipal.unit, + keytab: webHCatHttpKeytabPath, + owner: 'root', + group: hadoopGroupId, + acl: '440' + }); + } + if (host.get('hostComponents').someProperty('componentName', 'OOZIE_SERVER')) { + result.push({ + host: host.get('hostName'), + component: Em.I18n.t('admin.addSecurity.oozie.user.httpUser'), + principal: oozieHttpPrincipal.value.replace('_HOST', host.get('hostName')) + oozieHttpPrincipal.unit, + keytab: oozieHttpKeytabPath, owner: 'root', group: hadoopGroupId, acl: '440' http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/data/secure_configs.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/secure_configs.js b/ambari-web/app/data/secure_configs.js index 8f60fdc..9f498d1 100644 --- a/ambari-web/app/data/secure_configs.js +++ b/ambari-web/app/data/secure_configs.js @@ -26,11 +26,12 @@ var configProperties = App.SecureConfigProperties.create(); module.exports = [ { serviceName: 'GENERAL', - displayName: 'Kerberos', + displayName: 'General', configCategories: [ - App.ServiceConfigCategory.create({ name: 'KERBEROS', displayName: 'General'}) + App.ServiceConfigCategory.create({ name: 'KERBEROS', displayName: 'Kerberos'}), + App.ServiceConfigCategory.create({ name: 'AMBARI', displayName: 'Ambari'}) ], - sites: ['global','webhcat-site'], + sites: ['global'], configs: configProperties.filterProperty('serviceName', 'GENERAL') }, { @@ -52,7 +53,7 @@ module.exports = [ displayName: 'MapReduce', filename: 'mapred-site', configCategories: [ - App.ServiceConfigCategory.create({ name: 'JobTracker', displayName: 'JobTracker'}), + App.ServiceConfigCategory.create({ name: 'JobTracker', displayName: 'JobTracker and Job History Server'}), App.ServiceConfigCategory.create({ name: 'TaskTracker', displayName: 'TaskTracker'}) ], sites: ['mapred-site'], @@ -64,17 +65,28 @@ module.exports = [ displayName: 'Hive', filename: 'hive-site', configCategories: [ - App.ServiceConfigCategory.create({ name: 'Hive Metastore', displayName: 'Hive Metastore'}) + App.ServiceConfigCategory.create({ name: 'Hive Metastore', displayName: 'Hive Metastore and Hive Server 2'}) ], sites: ['hive-site'], configs: configProperties.filterProperty('serviceName', 'HIVE') }, { + serviceName: 'WEBHCAT', + displayName: 'WebHCat', + filename: 'webhcat-site', + configCategories: [ + App.ServiceConfigCategory.create({ name: 'WebHCat Server', displayName : 'WebHCat Server'}) + ], + sites: ['webhcat-site'], + configs: configProperties.filterProperty('serviceName', 'WEBHCAT') + }, + { serviceName: 'HBASE', displayName: 'HBase', filename: 'hbase-site', configCategories: [ - App.ServiceConfigCategory.create({ name: 'HBase', displayName: 'HBase'}) + App.ServiceConfigCategory.create({ name: 'HBase Master', displayName : 'HBase Master'}), + App.ServiceConfigCategory.create({ name: 'RegionServer', displayName : 'RegionServer'}) ], sites: ['hbase-site'], configs: configProperties.filterProperty('serviceName', 'HBASE') http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/data/secure_mapping.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/secure_mapping.js b/ambari-web/app/data/secure_mapping.js index 14533ad..66091eb 100644 --- a/ambari-web/app/data/secure_mapping.js +++ b/ambari-web/app/data/secure_mapping.js @@ -36,13 +36,13 @@ module.exports = [ { "name": "hadoop.security.auth_to_local", - "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"], + "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user","hbase_regionserver_primary_name"], "foreignKey": null, - "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT", + "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT", "filename": "core-site.xml", "serviceName": "HDFS", "dependedServiceName": "HBASE", - "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/" + "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/" }, { "name": "dfs.namenode.kerberos.principal", @@ -62,14 +62,14 @@ module.exports = [ }, { "name": "dfs.secondary.namenode.kerberos.principal", - "templateName": ["namenode_principal_name", "kerberos_domain"], + "templateName": ["snamenode_principal_name", "kerberos_domain"], "foreignKey": null, "value": "<templateName[0]>@<templateName[1]>", "filename": "hdfs-site.xml" }, { "name": "dfs.secondary.namenode.keytab.file", - "templateName": ["namenode_keytab"], + "templateName": ["snamenode_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "hdfs-site.xml", @@ -197,7 +197,7 @@ module.exports = [ }, { "name": "hbase.master.kerberos.principal", - "templateName": ["hbase_principal_name", "kerberos_domain"], + "templateName": ["hbase_master_principal_name", "kerberos_domain"], "foreignKey": null, "value": "<templateName[0]>@<templateName[1]>", "filename": "hbase-site.xml", @@ -205,7 +205,7 @@ module.exports = [ }, { "name": "hbase.master.keytab.file", - "templateName": ["hbase_service_keytab"], + "templateName": ["hbase_master_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "hbase-site.xml", @@ -213,7 +213,7 @@ module.exports = [ }, { "name": "hbase.regionserver.kerberos.principal", - "templateName": ["hbase_principal_name", "kerberos_domain"], + "templateName": ["hbase_regionserver_principal_name", "kerberos_domain"], "foreignKey": null, "value": "<templateName[0]>@<templateName[1]>", "filename": "hbase-site.xml", @@ -221,7 +221,7 @@ module.exports = [ }, { "name": "hbase.regionserver.keytab.file", - "templateName": ["hbase_service_keytab"], + "templateName": ["hbase_regionserver_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "hbase-site.xml", @@ -253,7 +253,7 @@ module.exports = [ }, { "name": "hive.metastore.kerberos.keytab.file", - "templateName": ["hive_metastore__keytab"], + "templateName": ["hive_metastore_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "hive-site.xml", @@ -269,7 +269,7 @@ module.exports = [ }, { "name": "hive.server2.authentication.kerberos.keytab", - "templateName": ["hive_metastore__keytab"], + "templateName": ["hive_metastore_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "hive-site.xml", @@ -333,7 +333,7 @@ module.exports = [ }, { "name": "oozie.authentication.kerberos.keytab", - "templateName": ["hadoop_http_keytab"], + "templateName": ["oozie_http_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "oozie-site.xml", @@ -341,13 +341,13 @@ module.exports = [ }, { "name": "oozie.authentication.kerberos.name.rules", - "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"], + "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user","hbase_regionserver_primary_name"], "foreignKey": null, - "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT", + "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT", "filename": "oozie-site.xml", "serviceName": "OOZIE", "dependedServiceName": "HBASE", - "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/" + "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/" }, { "name": "templeton.kerberos.principal", @@ -359,7 +359,7 @@ module.exports = [ }, { "name": "templeton.kerberos.keytab", - "templateName": ["hadoop_http_keytab"], + "templateName": ["webhcat_http_keytab"], "foreignKey": null, "value": "<templateName[0]>", "filename": "webhcat-site.xml", http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/data/secure_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/secure_properties.js b/ambari-web/app/data/secure_properties.js index 6ccbf98..74759b1 100644 --- a/ambari-web/app/data/secure_properties.js +++ b/ambari-web/app/data/secure_properties.js @@ -53,7 +53,7 @@ module.exports = "isVisible": false, "isOverridable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, { "id": "puppet var", @@ -71,7 +71,7 @@ module.exports = { "id": "puppet var", "name": "kinit_path_local", - "displayName": "kinit path", + "displayName": "Kinit path", "value": "", "defaultValue": "/usr/bin/kinit", "description": "Path to installed kinit command", @@ -83,68 +83,84 @@ module.exports = }, { "id": "puppet var", - "name": "hadoop_http_principal_name", - "displayName": "DFS Web Principal name", + "name": "smokeuser_principal_name", + "displayName": "Smoke test user Principal", "value": "", - "defaultValue": "HTTP/_HOST", - "description": "Principal name for spnego access for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode", - "displayType": "advanced", + "defaultValue": "ambari-qa", + "description": "This is the principal name for Smoke test user", + "displayType": "principal", "isVisible": true, "isOverridable": false, + "isReconfigurable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, { "id": "puppet var", - "name": "oozie_http_principal_name", - "displayName": "Oozie Web Principal name", + "name": "smokeuser_keytab", + "displayName": "Path to smoke test user keytab file", "value": "", - "defaultValue": "HTTP/_HOST", - "description": "Principal name for spnego access for Oozie", - "displayType": "advanced", - "isVisible": false, + "defaultValue": "/etc/security/keytabs/smokeuser.headless.keytab", + "description": "Path to keytab file for smoke test user", + "displayType": "directory", + "isVisible": true, "isOverridable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, { "id": "puppet var", - "name": "webHCat_http_principal_name", - "displayName": "WebHCat Principal name", + "name": "hdfs_principal_name", + "displayName": "HDFS User Principal", "value": "", - "defaultValue": "HTTP/_HOST", - "description": "Principal name for spnego access for WebHCat", - "displayType": "advanced", - "isVisible": false, + "defaultValue": "hdfs", + "description": "This is the principal name for HDFS user", + "displayType": "principal", + "isVisible": true, "isOverridable": false, + "isReconfigurable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, { "id": "puppet var", - "name": "hadoop_http_keytab", - "displayName": "Path to spnego keytab file", + "name": "hdfs_user_keytab", + "displayName": "Path to HDFS user keytab file", "value": "", - "defaultValue": "/etc/security/keytabs/spnego.service.keytab", - "description": "Path to spnego keytab file for NameNode, SNameNode, Oozie and WebHCat", + "defaultValue": "/etc/security/keytabs/hdfs.headless.keytab", + "description": "Path to keytab file for HDFS user", "displayType": "directory", "isVisible": true, "isOverridable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, { "id": "puppet var", - "name": "smokeuser_keytab", - "displayName": "Path to smoke test user keytab file", + "name": "hbase_principal_name", + "displayName": "HBase User Principal", "value": "", - "defaultValue": "/etc/security/keytabs/smokeuser.headless.keytab", - "description": "Path to keytab file for smoke test user", + "defaultValue": "hbase", + "description": "This is the principal name for HBase user", + "displayType": "principal", + "isVisible": false, + "isOverridable": false, + "isReconfigurable": false, + "serviceName": "GENERAL", + "category": "AMBARI" + }, + { + "id": "puppet var", + "name": "hbase_user_keytab", + "displayName": "Path to HBase user keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/hbase.headless.keytab", + "description": "Path to keytab file for Hbase user", "displayType": "directory", - "isVisible": true, + "isVisible": false, "isOverridable": false, "serviceName": "GENERAL", - "category": "KERBEROS" + "category": "AMBARI" }, //HDFS @@ -167,13 +183,13 @@ module.exports = "displayName": "Principal name", "value": "", "defaultValue": "nn/_HOST", - "description": "Principal name for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode", - "displayType": "advanced", + "description": "Principal name for NameNode. _HOST will get automatically replaced with actual hostname at an instance of NameNode", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "HDFS", "category": "NameNode", - "components": ["NAMENODE", "SECONDARY_NAMENODE"] + "components": ["NAMENODE"] }, { "id": "puppet var", @@ -181,13 +197,13 @@ module.exports = "displayName": "Path to Keytab File", "value": "", "defaultValue": "/etc/security/keytabs/nn.service.keytab", - "description": "Path to NameNode and SNameNode keytab file", + "description": "Path to NameNode keytab file", "displayType": "directory", "isVisible": true, "isOverridable": false, "serviceName": "HDFS", "category": "NameNode", - "components": ["NAMENODE", "SECONDARY_NAMENODE"] + "components": ["NAMENODE"] }, { "id": "puppet var", @@ -204,6 +220,34 @@ module.exports = }, { "id": "puppet var", + "name": "snamenode_principal_name", + "displayName": "Principal name", + "value": "", + "defaultValue": "nn/_HOST", + "description": "Principal name for SNameNode. _HOST will get automatically replaced with actual hostname at an instance of SNameNode", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "HDFS", + "category": "SNameNode", + "components": ["SECONDARY_NAMENODE"] + }, + { + "id": "puppet var", + "name": "snamenode_keytab", + "displayName": "Path to Keytab File", + "value": "", + "defaultValue": "/etc/security/keytabs/nn.service.keytab", + "description": "Path to SNameNode keytab file", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "HDFS", + "category": "SNameNode", + "components": ["SECONDARY_NAMENODE"] + }, + { + "id": "puppet var", "name": "datanode_hosts", //not in the schema. For UI purpose "displayName": "DataNode hosts", "value": "", @@ -248,7 +292,7 @@ module.exports = "value": "", "defaultValue": "dn/_HOST", "description": "Principal name for DataNode. _HOST will get automatically replaced with actual hostname at every instance of DataNode", - "displayType": "advanced", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "HDFS", @@ -269,6 +313,32 @@ module.exports = "category": "DataNode", "component": "DATANODE" }, + { + "id": "puppet var", + "name": "hadoop_http_principal_name", + "displayName": "DFS Web Principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "HDFS", + "category": "General" + }, + { + "id": "puppet var", + "name": "hadoop_http_keytab", + "displayName": "Path to spnego keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for NameNode and SNameNode", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "HDFS", + "category": "General" + }, //MAPREDUCE { "id": "puppet var", @@ -289,8 +359,8 @@ module.exports = "displayName": "Principal name", "value": "", "defaultValue": "jt/_HOST", - "description": "Principal name for JobTracker. _HOST will get automatically replaced with actual hostname at an instance of JobTracker", - "displayType": "advanced", + "description": "Principal name for JobTracker and Job History Server. _HOST will get automatically replaced with actual hostname at instance of JobTracker and Job History Server", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "MAPREDUCE", @@ -303,7 +373,7 @@ module.exports = "displayName": "Path to keytab file", "value": "", "defaultValue": "/etc/security/keytabs/jt.service.keytab", - "description": "Path to JobTracker keytab file", + "description": "Path to JobTracker and Job History Server keytab file", "displayType": "directory", "isVisible": true, "isOverridable": false, @@ -331,7 +401,7 @@ module.exports = "value": "", "defaultValue": "tt/_HOST", "description": "Principal name for TaskTracker. _HOST will get automatically replaced with actual hostname at every instance of TaskTracker", - "displayType": "advanced", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "MAPREDUCE", @@ -367,6 +437,46 @@ module.exports = "component": "TASKTRACKER" }, + //WEBHCAT + { + "id": "puppet var", + "name": "webhcatserver_host", + "displayName": "WebHCat Server host", + "value": "", + "defaultValue": "localhost", + "description": "The host that has been assigned to run WebHCat Server", + "displayType": "masterHost", + "isVisible": true, + "isOverridable": false, + "serviceName": "WEBHCAT", + "category": "WebHCat Server" + }, + { + "id": "puppet var", + "name": "webHCat_http_principal_name", + "displayName": "Principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access for WebHCat", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "WEBHCAT", + "category": "WebHCat Server" + }, + { + "id": "puppet var", + "name": "webhcat_http_keytab", + "displayName": "Path to keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for WebHCat", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "WEBHCAT", + "category": "WebHCat Server" + }, //HBASE { "id": "puppet var", @@ -379,7 +489,35 @@ module.exports = "isOverridable": false, "isVisible": true, "serviceName": "HBASE", - "category": "HBase" + "category": "HBase Master" + }, + { + "id": "puppet var", + "name": "hbase_master_principal_name", + "displayName": "Principal name", + "value": "", + "defaultValue": "hbase/_HOST", + "description": "Principal name for HBase master. _HOST will get automatically replaced with actual hostname at an instance of HBase Master", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "HBASE", + "category": "HBase Master", + "components": ["HBASE_MASTER"] + }, + { + "id": "puppet var", + "name": "hbase_master_keytab", + "displayName": "Path to Keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/hbase.service.keytab", + "description": "Path to HBase master keytab file", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "HBASE", + "category": "HBase Master", + "components": ["HBASE_MASTER"] }, { "id": "puppet var", @@ -392,35 +530,35 @@ module.exports = "isOverridable": false, "isVisible": true, "serviceName": "HBASE", - "category": "HBase" + "category": "RegionServer" }, { "id": "puppet var", - "name": "hbase_principal_name", + "name": "hbase_regionserver_principal_name", "displayName": "Principal name", "value": "", "defaultValue": "hbase/_HOST", - "description": "Principal name for HBase master and RegionServer. _HOST will get automatically replaced with actual hostname at every instance of HBase master and RegionServer", - "displayType": "advanced", + "description": "Principal name for HBase RegionServer. _HOST will get automatically replaced with actual hostname at every instance of RegionServer", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "HBASE", - "category": "HBase", - "components": ["HBASE_MASTER", "HBASE_REGIONSERVER"] + "category": "RegionServer", + "components": ["HBASE_REGIONSERVER"] }, { "id": "puppet var", - "name": "hbase_service_keytab", + "name": "hbase_regionserver_keytab", "displayName": "Path to Keytab file", "value": "", "defaultValue": "/etc/security/keytabs/hbase.service.keytab", - "description": "Path to HBase master and RegionServer keytab file", + "description": "Path to HBase RegionServer keytab file", "displayType": "directory", "isVisible": true, "isOverridable": false, "serviceName": "HBASE", - "category": "HBase", - "components": ["HBASE_MASTER", "HBASE_REGIONSERVER"] + "category": "RegionServer", + "components": ["HBASE_REGIONSERVER"] }, //HIVE @@ -430,7 +568,7 @@ module.exports = "displayName": "Hive Metastore host", "value": "", "defaultValue": "localhost", - "description": "The host that has been assigned to run Hive Metastore", + "description": "The host that has been assigned to run Hive Metastore and HiveServer2", "displayType": "masterHost", "isVisible": true, "isOverridable": false, @@ -443,8 +581,8 @@ module.exports = "displayName": "Principal name", "value": "", "defaultValue": "hive/_HOST", - "description": "Principal name for Hive Metastore. _HOST will get automatically replaced with actual hostname at an instance of Hive Metastore", - "displayType": "advanced", + "description": "Principal name for Hive Metastore and HiveServer2. _HOST will get automatically replaced with actual hostname at an instance of Hive Metastore and HiveServer2", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "HIVE", @@ -453,18 +591,17 @@ module.exports = }, { "id": "puppet var", - "name": "hive_metastore__keytab", + "name": "hive_metastore_keytab", "displayName": "Path to Keytab file", "value": "", "defaultValue": "/etc/security/keytabs/hive.service.keytab", - "description": "Path to Hive Metastore keytab file", + "description": "Path to Hive Metastore and HiveServer2 keytab file", "displayType": "directory", "isVisible": true, "isOverridable": false, "serviceName": "HIVE", "category": "Hive Metastore", "component": "HIVE_SERVER" - }, //OOZIE @@ -488,7 +625,7 @@ module.exports = "value": "", "defaultValue": "oozie/_HOST", "description": "Principal name for Oozie server", - "displayType": "advanced", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "OOZIE", @@ -509,6 +646,32 @@ module.exports = "category": "Oozie Server", "component": "OOZIE_SERVER" }, + { + "id": "puppet var", + "name": "oozie_http_principal_name", + "displayName": "Oozie Web Principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access for Oozie", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "OOZIE", + "category": "Oozie Server" + }, + { + "id": "puppet var", + "name": "oozie_http_keytab", + "displayName": "Path to spnego keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for oozie", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "OOZIE", + "category": "Oozie Server" + }, //ZooKeeper { @@ -531,7 +694,7 @@ module.exports = "value": "", "defaultValue": "zookeeper/_HOST", "description": "Principal name for ZooKeeper. _HOST will get automatically replaced with actual hostname at every instance of zookeeper server", - "displayType": "advanced", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "ZOOKEEPER", @@ -573,7 +736,7 @@ module.exports = "value": "", "defaultValue": "nagios", "description": "Primary name for Nagios server", - "displayType": "advanced", + "displayType": "principal", "isVisible": true, "isOverridable": false, "serviceName": "NAGIOS", http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/messages.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js index cfaad4b..1dc3bda 100644 --- a/ambari-web/app/messages.js +++ b/ambari-web/app/messages.js @@ -628,7 +628,7 @@ Em.I18n.translations = { 'admin.security.enable.popup.header': 'Add security', 'admin.security.disable.popup.header': 'Remove security', 'admin.security.disable.popup.body': 'Kerberos security will be disabled on the cluster', - 'admin.addSecurity.header': 'Add security wizard', + 'admin.addSecurity.header': 'Enable Security Wizard', 'admin.security.step1.header': 'Get Started', 'admin.security.step2.header': 'Configure Services', 'admin.security.step3.header': 'Create Principals and Keytabs', @@ -661,7 +661,9 @@ Em.I18n.translations = { 'admin.addSecurity.user.smokeUser': 'Ambari Smoke Test User', 'admin.addSecurity.user.hdfsUser': 'HDFS User', 'admin.addSecurity.user.hbaseUser': 'HBase User', - 'admin.addSecurity.user.httpUser': 'SPNEGO User', + 'admin.addSecurity.hdfs.user.httpUser': 'HDFS SPNEGO User', + 'admin.addSecurity.webhcat.user.httpUser': 'WebHCat SPNEGO User', + 'admin.addSecurity.oozie.user.httpUser': 'Oozie SPNEGO User', 'admin.addSecurity.enable.onClose': 'You are in the process of enabling security on your cluster. ' + 'Are you sure you want to quit? If you quit, ' + 'you may have to re-run the security wizard from the beginning to enable security.', http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/routes/add_security.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/routes/add_security.js b/ambari-web/app/routes/add_security.js index bb62a96..ac7e93e 100644 --- a/ambari-web/app/routes/add_security.js +++ b/ambari-web/app/routes/add_security.js @@ -128,6 +128,7 @@ module.exports = Em.Route.extend({ next: function (router) { var addSecurityController = router.get('addSecurityController'); addSecurityController.get('content').set('serviceConfigProperties', null); + App.db.setSecureConfigProperties(null); router.transitionTo('step2'); } }), http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/676567f8/ambari-web/app/views/wizard/controls_view.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/views/wizard/controls_view.js b/ambari-web/app/views/wizard/controls_view.js index b0edc87..0a9a70e 100644 --- a/ambari-web/app/views/wizard/controls_view.js +++ b/ambari-web/app/views/wizard/controls_view.js @@ -71,6 +71,8 @@ App.ServiceConfigTextField = Ember.TextField.extend(App.ServiceConfigPopoverSupp // sets the width of the field depending on display type if (['directory', 'url', 'email', 'user', 'host','advanced'].contains(this.get('serviceConfig.displayType'))) { return ['span6']; + } else if (this.get('serviceConfig.displayType') === 'principal'){ + return ['span12']; } else { return ['input-small']; }
