Updated Branches: refs/heads/trunk a811db6d4 -> 3a97a6e99
AMBARI-2930. Whether security is enabled or not should be keyed off of "hadoop.security.authentication" in "core-site.xml", not "security_enabled" global param (Vitaly Brodetskyi via dlysnichenko) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/3a97a6e9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/3a97a6e9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/3a97a6e9 Branch: refs/heads/trunk Commit: 3a97a6e999c51f7843819463a12c8b3ff542fcb1 Parents: a811db6 Author: Lisnichenko Dmitro <[email protected]> Authored: Wed Aug 21 16:03:38 2013 +0300 Committer: Lisnichenko Dmitro <[email protected]> Committed: Wed Aug 21 16:03:38 2013 +0300 ---------------------------------------------------------------------- .../puppet/modules/hdp-hadoop/templates/health_check.erb | 2 +- .../main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb | 2 +- .../modules/hdp-nagios/templates/hadoop-services.cfg.erb | 6 +++--- .../main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb | 2 +- .../modules/hdp-zookeeper/templates/zookeeper-env.sh.erb | 2 +- ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp | 8 +++++++- .../HDP/1.2.0/services/HDFS/configuration/core-site.xml | 2 +- .../HDP/1.2.1/services/HDFS/configuration/core-site.xml | 2 +- .../HDP/1.3.0/services/HDFS/configuration/core-site.xml | 2 +- .../HDP/1.3.2/services/HDFS/configuration/core-site.xml | 2 +- .../HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml | 2 +- .../HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml | 2 +- .../HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml | 2 +- .../HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml | 2 +- 14 files changed, 22 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb b/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb index 112f36e..b84b336 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb @@ -41,7 +41,7 @@ function check_disks { } function check_taskcontroller { - if [ "<%=scope.function_hdp_template_var("security_enabled")%>" == "true" ]; then + if [ "<%=scope.function_hdp_template_var("::hdp::params::security_enabled")%>" == "true" ]; then perm=`stat -c %a:%U:%G <%=scope.function_hdp_template_var("task_bin_exe")%> 2>/dev/null` if [ $? -eq 0 ] && [ "$perm" == "6050:root:hadoop" ] ; then echo "taskcontroller ok" http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb index 43ed8cc..6c4e146 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb @@ -76,7 +76,7 @@ export HBASE_PID_DIR=<%=scope.function_hdp_template_var("hbase_pid_dir")%> export HBASE_MANAGES_ZK=false -<% if scope.function_hdp_template_var("security_enabled") == true %> +<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %> export HBASE_OPTS="$HBASE_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_client_jaas_config_file")%>" export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_jaas_config_file")%>" export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_jaas_config_file")%>" http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb index ca64fe1..97ff763 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb @@ -645,7 +645,7 @@ define service { use hadoop-service service_description HIVE-METASTORE::Hive Metastore status servicegroups HIVE-METASTORE - <%if scope.function_hdp_template_var("security_enabled")-%> + <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%> check_command check_hive_metastore_status!<%=scope.function_hdp_template_var("::hive_metastore_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%> <%else-%> check_command check_hive_metastore_status!<%=scope.function_hdp_template_var("::hive_metastore_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!false @@ -662,7 +662,7 @@ define service { use hadoop-service service_description OOZIE::Oozie Server status servicegroups OOZIE - <%if scope.function_hdp_template_var("security_enabled")-%> + <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%> check_command check_oozie_status!<%=scope.function_hdp_template_var("::hdp::oozie_server_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%> <%else-%> check_command check_oozie_status!<%=scope.function_hdp_template_var("::hdp::oozie_server_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!false @@ -679,7 +679,7 @@ define service { use hadoop-service service_description WEBHCAT::WebHCat Server status servicegroups WEBHCAT - <%if scope.function_hdp_template_var("security_enabled")-%> + <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%> check_command check_templeton_status!<%=scope.function_hdp_template_var("::hdp::templeton_port")%>!v1!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%> <%else-%> check_command check_templeton_status!<%=scope.function_hdp_template_var("::hdp::templeton_port")%>!v1!false http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb index df1381c..e3edc7c 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb @@ -36,7 +36,7 @@ clientPort=<%=scope.function_hdp_template_var("clientPort")%> server.<%=(i+1).to_s%>=<%=host%>:2888:3888 <% end -%> -<% if scope.function_hdp_template_var("security_enabled") == true %> +<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %> authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider jaasLoginRenew=3600000 kerberos.removeHostFromPrincipal=true http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb index 448a093..03cf969 100644 --- a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb +++ b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb @@ -19,7 +19,7 @@ export SERVER_JVMFLAGS=<%=scope.function_hdp_template_var("zk_server_heapsize")% export JAVA=$JAVA_HOME/bin/java export CLASSPATH=$CLASSPATH:/usr/share/zookeeper/* -<% if scope.function_hdp_template_var("security_enabled") == true %> +<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %> export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_server_jaas_file")%>" export CLIENT_JVMFLAGS="$CLIENT_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_client_jaas_file")%>" <% end %> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp index 1f91194..d62af04 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp @@ -48,7 +48,13 @@ class hdp::params() $public_hostname = hdp_default("public_hostname") ##### for secure install - $security_enabled = hdp_default("security_enabled",false) + $hadoop_security_authenticatoin = hdp_default("core-site/hadoop.security.authentication", "simple") + + $security_enabled = $hadoop_security_authenticatoin ? { + 'kerberos' => true, + default => false, + } + $kerberos_domain = hdp_default("kerberos_domain","EXAMPLE.COM") $kinit_path_local = hdp_get_kinit_path(hdp_default("kinit_path_local"), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin") $keytab_path = hdp_default("keytab_path", "/etc/security/keytabs") http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml index a312e68..a3f8137 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml @@ -142,7 +142,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml index 81dfc70..acf3e4c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml @@ -142,7 +142,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml index 94ffbbb..fe0bcba 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml @@ -144,7 +144,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml index 94ffbbb..fe0bcba 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml @@ -144,7 +144,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml index a312e68..a3f8137 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml @@ -142,7 +142,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml index 81dfc70..acf3e4c 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml @@ -142,7 +142,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml index 94ffbbb..fe0bcba 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml @@ -144,7 +144,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml index 94ffbbb..fe0bcba 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml @@ -144,7 +144,7 @@ <property> <name>hadoop.security.authentication</name> - <value></value> + <value>simple</value> <description> Set the authentication for the cluster. Valid values are: simple or kerberos.
