Updated Branches: refs/heads/trunk b26c489fc -> f8444ad99
AMBARI-2648. Nagios and Ganglia cannot be run as the same user (Oleksandr Diachenko via smohanty) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/f8444ad9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/f8444ad9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/f8444ad9 Branch: refs/heads/trunk Commit: f8444ad99478aec4a196c4377741d2f15b0fb396 Parents: b26c489 Author: Sumit Mohanty <[email protected]> Authored: Mon Jul 15 13:43:23 2013 -0700 Committer: Sumit Mohanty <[email protected]> Committed: Mon Jul 15 13:43:23 2013 -0700 ---------------------------------------------------------------------- .../modules/hdp-ganglia/manifests/init.pp | 24 ++--- .../puppet/modules/hdp-hadoop/manifests/init.pp | 13 +-- .../puppet/modules/hdp-hue/manifests/init.pp | 6 +- .../puppet/modules/hdp-yarn/manifests/init.pp | 10 +- .../modules/hdp-zookeeper/manifests/init.pp | 6 +- .../main/puppet/modules/hdp/manifests/init.pp | 105 ++++++++++++------- .../main/puppet/modules/hdp/manifests/params.pp | 1 + 7 files changed, 101 insertions(+), 64 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp-ganglia/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-ganglia/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-ganglia/manifests/init.pp index e048f38..2c98355 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-ganglia/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-ganglia/manifests/init.pp @@ -27,29 +27,27 @@ class hdp-ganglia( $gmetad_user = $hdp-ganglia::params::gmetad_user $gmond_user = $hdp-ganglia::params::gmond_user - group { $gmetad_user : - ensure => present + hdp::group { 'gmetad_group' : + group_name => $gmetad_user, } - if ($gmetad_user != $gmond_user) { - group { $gmond_user : - ensure => present - } + hdp::group { 'gmond_group': + group_name => $gmond_user, } - hdp::user { $gmond_user: + hdp::user { 'gmond_user': + user_name => $gmond_user, gid => $gmond_user, groups => ["$gmond_user"] } - if ( $gmetad_user != $gmond_user) { - hdp::user { $gmetad_user: - gid => $gmetad_user, - groups => ["$gmetad_user"] - } + hdp::user { 'gmetad_user': + user_name => $gmetad_user, + gid => $gmetad_user, + groups => ["$gmetad_user"] } - anchor{'hdp-ganglia::begin':} -> Group<|title == $gmond_user or title == $gmetad_user|> -> User<|title == $gmond_user or title == $gmetad_user|> -> anchor{'hdp-ganglia::end':} + anchor{'hdp-ganglia::begin':} -> Hdp::Group<|title == 'gmond_group' or title == 'gmetad_group'|> -> Hdp::User['gmond_user'] -> Hdp::User['gmetad_user'] -> anchor{'hdp-ganglia::end':} } } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp index 0b6f894..b3c08ee 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp @@ -224,13 +224,14 @@ class hdp-hadoop( group => $hdp::params::user_group } - hdp::user{ $hdfs_user: + hdp::user{ 'hdfs_user': + user_name => $hdfs_user, groups => [$hdp::params::user_group] } - if ( !defined(hdp::user[$mapred_user]) ) { - hdp::user { $mapred_user: - groups => [$hdp::params::user_group] - } + + hdp::user { 'mapred_user': + user_name => $mapred_user, + groups => [$hdp::params::user_group] } $logdirprefix = $hdp-hadoop::params::hdfs_log_dir_prefix @@ -297,7 +298,7 @@ class hdp-hadoop( } } - Anchor['hdp-hadoop::begin'] -> Hdp-hadoop::Package<||> -> Hdp::User<|title == $hdfs_user or title == $mapred_user|> -> + Anchor['hdp-hadoop::begin'] -> Hdp-hadoop::Package<||> -> Hdp::User<|title == 'hdfs_user' or title == 'mapred_user'|> -> Hdp::Directory_recursive_create[$hadoop_config_dir] -> Hdp-hadoop::Configfile<|tag == 'common'|> -> Hdp::Directory_recursive_create[$logdirprefix] -> Hdp::Directory_recursive_create[$piddirprefix] -> Anchor['hdp-hadoop::end'] } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp-hue/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hue/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-hue/manifests/init.pp index 233be9a..876f76c 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hue/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-hue/manifests/init.pp @@ -43,7 +43,9 @@ class hdp-hue( hdp::package { 'hue-server': } ## Create user - hdp::user{ $hue_user: } + hdp::user{ 'hue_user': + user_name => $hue_user + } ## Create dir hdp::directory_recursive_create { $hue_conf_dir: @@ -59,7 +61,7 @@ class hdp-hue( } } - anchor { 'hdp-hue::begin': } -> Hdp::Package['hue-server'] -> Hdp::User[$hue_user] -> Hdp::Directory_recursive_create[$hue_conf_dir] -> Hdp-Hue::Generate_config_file<||> -> anchor { 'hdp-hue::end': } + anchor { 'hdp-hue::begin': } -> Hdp::Package['hue-server'] -> Hdp::User['hue_user'] -> Hdp::Directory_recursive_create[$hue_conf_dir] -> Hdp-Hue::Generate_config_file<||> -> anchor { 'hdp-hue::end': } } } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp-yarn/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-yarn/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-yarn/manifests/init.pp index 577b327..d636d19 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-yarn/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-yarn/manifests/init.pp @@ -28,15 +28,19 @@ class hdp-yarn::initialize() hdp-yarn::package{'yarn-common':} # Create yarn user - hdp::user { $yarn_user:} + hdp::user { 'yarn_user': + user_name => $yarn_user + } # Create mapred user - hdp::user { $mapred_user:} + hdp::user { 'mapred_user': + user_name => $mapred_user + } #Generate common configs hdp-yarn::generate_common_configs{'yarn-common-configs':} - anchor{ 'hdp-yarn::initialize::begin': } Hdp::Package['yarn-common'] -> Hdp::User[$yarn_user] -> Hdp-yarn::Generate_common_configs['yarn-common-configs'] -> anchor{ 'hdp-yarn::initialize::end': } + anchor{ 'hdp-yarn::initialize::begin': } Hdp::Package['yarn-common'] -> Hdp::User['yarn_user'] -> Hdp-yarn::Generate_common_configs['yarn-common-configs'] -> anchor{ 'hdp-yarn::initialize::end': } } define hdp-yarn::generate_common_configs() { http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp index 2f176e8..56e8146 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp @@ -64,7 +64,9 @@ class hdp-zookeeper( } else { hdp::package { 'zookeeper':} - hdp::user{ $zk_user:} + hdp::user{ 'zk_user': + user_name => $zk_user + } hdp::directory_recursive_create { $zk_config_dir: service_state => $service_state, @@ -100,7 +102,7 @@ class hdp-zookeeper( group => $hdp::params::user_group } - Anchor['hdp-zookeeper::begin'] -> Hdp::Package['zookeeper'] -> Hdp::User[$zk_user] -> + Anchor['hdp-zookeeper::begin'] -> Hdp::Package['zookeeper'] -> Hdp::User['zk_user'] -> Hdp::Directory_recursive_create[$zk_config_dir] -> Hdp-zookeeper::Configfile<||> -> File["${zk_config_dir}/zoo_sample.cfg"] -> Anchor['hdp-zookeeper::end'] if ($type == 'server') { Hdp::Directory_recursive_create[$zk_config_dir] -> Hdp-zookeeper::Configfile<||> -> Class['hdp-zookeeper::service'] -> Anchor['hdp-zookeeper::end'] http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp index b7dac69..bc7405b 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp @@ -28,9 +28,9 @@ class hdp( include hdp::params Exec { logoutput => 'on_failure' } - - group { $hdp::params::user_group : - ensure => present + + hdp::group { 'hdp_user_group': + group_name => $hdp::params::user_group, } ## Port settings @@ -126,45 +126,55 @@ class hdp( ##Create all users for all components presents in cluster if ($hdp::params::hbase_master_hosts != "") { - hdp::user{ $hdp::params::hbase_user: + hdp::user{ 'hbase_user': + user_name => $hdp::params::hbase_user, groups => [$hdp::params::user_group] } - Anchor['hdp::begin'] -> Group[$hdp::params::user_group] -> Hdp::User[$hdp::params::hbase_user] -> Anchor['hdp::end'] + Anchor['hdp::begin'] -> Hdp::Group['hdp_user_group'] -> Hdp::User['hbase_user'] -> Anchor['hdp::end'] } if ($hdp::params::nagios_server_host != "") { - group {$hdp::params::nagios_group: - ensure => present - } + hdp::group { 'nagios_group': + group_name => $hdp::params::nagios_group, + } - hdp::user{ $hdp::params::nagios_user: + hdp::user{ 'nagios_user': + user_name => $hdp::params::nagios_user, gid => $hdp::params::nagios_group } - Anchor['hdp::begin'] -> Group[$hdp::params::nagios_group] -> Hdp::User[$hdp::params::nagios_user] -> Anchor['hdp::end'] + Anchor['hdp::begin'] -> Hdp::Group['nagios_group'] -> Hdp::User['nagios_user'] -> Anchor['hdp::end'] } if ($hdp::params::oozie_server != "") { - hdp::user{ $hdp::params::oozie_user:} + hdp::user{ 'oozie_user': + user_name => $hdp::params::oozie_user + } - Anchor['hdp::begin'] -> Group[$hdp::params::user_group] -> Hdp::User[$hdp::params::oozie_user] -> Anchor['hdp::end'] + Anchor['hdp::begin'] -> Hdp::Group['hdp_user_group'] -> Hdp::User['oozie_user'] -> Anchor['hdp::end'] } if ($hdp::params::hcat_server_host != "") { - hdp::user{ $hdp::params::webhcat_user:} + hdp::user{ 'webhcat_user': + user_name => $hdp::params::webhcat_user + } if ($hdp::params::webhcat_user != $hdp::params::hcat_user) { - hdp::user { $hdp::params::hcat_user:} + hdp::user { 'hcat_user': + user_name => $hdp::params::hcat_user + } } - Anchor['hdp::begin'] -> Group[$hdp::params::user_group] -> Hdp::User<|title == $webhcat_user or title == $hcat_user|> -> Anchor['hdp::end'] + Anchor['hdp::begin'] -> Hdp::Group['hdp_user_group'] -> Hdp::User<|title == 'webhcat_user' or title == 'hcat_user'|> -> Anchor['hdp::end'] } if ($hdp::params::hive_server_host != "") { - hdp::user{ $hdp::params::hive_user:} + hdp::user{ 'hive_user': + user_name => $hdp::params::hive_user + } - Anchor['hdp::begin'] -> Group[$hdp::params::user_group] -> Hdp::User[$hdp::params::hive_user] -> Anchor['hdp::end'] + Anchor['hdp::begin'] -> Hdp::Group['hdp_user_group'] -> Hdp::User['hive_user'] -> Anchor['hdp::end'] } } @@ -190,19 +200,16 @@ class hdp::create_smoke_user() $smoke_user = $hdp::params::smokeuser $security_enabled = $hdp::params::security_enabled - if ( $smoke_group != $proxyuser_group) { - group { $smoke_group : - ensure => present - } + hdp::group { 'smoke_group': + group_name => $smoke_group, } - if ($hdp::params::user_group != $proxyuser_group) { - group { $proxyuser_group : - ensure => present - } - } + hdp::group { 'proxyuser_group': + group_name => $proxyuser_group, + } - hdp::user { $smoke_user: + hdp::user { 'smoke_user': + user_name => $smoke_user, gid => $hdp::params::user_group, groups => ["$proxyuser_group"] } @@ -226,8 +233,8 @@ class hdp::create_smoke_user() require => File[$changeUid_path] } - Group<|title == $smoke_group or title == $proxyuser_group|> -> - Hdp::User[$smoke_user] -> Hdp::Exec[$cmd_set_uid] + Hdp::Group<|title == 'smoke_group' or title == 'proxyuser_group'|> -> + Hdp::User['smoke_user'] -> Hdp::Exec[$cmd_set_uid] } @@ -241,13 +248,29 @@ class hdp::set_selinux() } } +define hdp::group( + $group_name = undef +) +{ + if($hdp::params::defined_groups[$group_name]!="defined"){ + group { $name: + name => $group_name, + ensure => present + } + + $hdp::params::defined_groups[$group_name] = "defined" + } +} + define hdp::user( + $user_name = undef, $gid = $hdp::params::user_group, $just_validate = undef, $groups = undef ) { - $user_info = $hdp::params::user_info[$name] + $user_info = $hdp::params::user_info[$user_name] + if ($just_validate != undef) { $just_val = $just_validate } elsif (($user_info == undef) or ("|${user_info}|" == '||')){ #tests for different versions of Puppet @@ -258,17 +281,23 @@ define hdp::user( if ($just_val == true) { exec { "user ${name} exists": - command => "su - ${name} -c 'ls /dev/null' >/dev/null 2>&1", + command => "su - ${user_name} -c 'ls /dev/null' >/dev/null 2>&1", path => ['/bin'] } } else { - user { $name: - ensure => present, - managehome => true, - gid => $gid, #TODO either remove this to support LDAP env or fix it - shell => '/bin/bash', - groups => $groups - } + if(!defined(User[$user_name])){ + user { $user_name: + ensure => present, + managehome => true, + gid => $gid, #TODO either remove this to support LDAP env or fix it + shell => '/bin/bash', + groups => $groups + } + } else { + User <| $name == $user_name |> { + groups +> $groups + } + } } } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/f8444ad9/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp index 3f302d3..715fc46 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp @@ -185,6 +185,7 @@ class hdp::params() ############ users $user_info = hdp_default("user_info",{}) + $defined_groups = {} $nagios_default_user = "nagios" $nagios_default_group = "nagios"
