Updated Branches: refs/heads/trunk 7d968d392 -> 6028540df
AMBARI-3049: Define spnego configs in yarn-site.xml for secure cluster. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/6028540d Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/6028540d Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/6028540d Branch: refs/heads/trunk Commit: 6028540dfbe54e9b113cac3b0f91325901a037a9 Parents: 7d968d3 Author: Jaimin Jetly <[email protected]> Authored: Wed Aug 28 11:52:13 2013 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Wed Aug 28 11:52:40 2013 -0700 ---------------------------------------------------------------------- .../app/assets/data/clusters/HDP2/cluster.json | 2 +- ambari-web/app/assets/data/clusters/info.json | 2 +- .../main/admin/security/add/step3.js | 23 +++++ ambari-web/app/data/HDP2/secure_mapping.js | 48 +++++++++ ambari-web/app/data/HDP2/secure_properties.js | 100 +++++++++++++++++-- ambari-web/app/messages.js | 3 + 6 files changed, 167 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/assets/data/clusters/HDP2/cluster.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/clusters/HDP2/cluster.json b/ambari-web/app/assets/data/clusters/HDP2/cluster.json index 510a596..e355e40 100644 --- a/ambari-web/app/assets/data/clusters/HDP2/cluster.json +++ b/ambari-web/app/assets/data/clusters/HDP2/cluster.json @@ -3,7 +3,7 @@ "Clusters" : { "cluster_id" : 2, "cluster_name" : "c1", - "version" : "HDP-2.0.3", + "version" : "HDP-2.0.5", "desired_configs" : { "capacity-scheduler" : { "user" : "admin", http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/assets/data/clusters/info.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/clusters/info.json b/ambari-web/app/assets/data/clusters/info.json index 927589a..30f5c7f 100644 --- a/ambari-web/app/assets/data/clusters/info.json +++ b/ambari-web/app/assets/data/clusters/info.json @@ -5,7 +5,7 @@ "href" : "http://ec2-23-20-184-220.compute-1.amazonaws.com:8080/api/v1/clusters/tdk";, "Clusters" : { "cluster_name" : "tdk", - "version" : "HDP-1.3.0" + "version" : "HDP-2.0.5" } } ] http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/controllers/main/admin/security/add/step3.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/admin/security/add/step3.js b/ambari-web/app/controllers/main/admin/security/add/step3.js index 38eac09..50678cc 100644 --- a/ambari-web/app/controllers/main/admin/security/add/step3.js +++ b/ambari-web/app/controllers/main/admin/security/add/step3.js @@ -170,6 +170,10 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({ acl: '440' }); } + this.setComponentConfig(result,host,'HISTORYSERVER','MAPREDUCE2','jobhistory_http_principal_name','jobhistory_http_keytab',Em.I18n.t('admin.addSecurity.historyServer.user.httpUser'),hadoopGroupId); + this.setComponentConfig(result,host,'RESOURCEMANAGER','YARN','resourcemanager_http_principal_name','resourcemanager_http_keytab',Em.I18n.t('admin.addSecurity.rm.user.httpUser'),hadoopGroupId); + this.setComponentConfig(result,host,'NODEMANAGER','YARN','nodemanager_http_principal_name','nodemanager_http_keytab',Em.I18n.t('admin.addSecurity.nm.user.httpUser'),hadoopGroupId); + host.get('hostComponents').forEach(function(hostComponent){ if(componentsToDisplay.contains(hostComponent.get('componentName'))){ var serviceConfigs = configs.filterProperty('serviceName', hostComponent.get('service.serviceName')); @@ -234,6 +238,25 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({ return securityUsers; }, + setComponentConfig: function(hostComponents,host,componentName,serviceName,principal,keytab,displayName,groupId) { + if (host.get('hostComponents').someProperty('componentName', componentName)) { + var result = {}; + var configs = this.get('content.serviceConfigProperties'); + var serviceConfigs = configs.filterProperty('serviceName', serviceName); + var servicePrincipal = serviceConfigs.findProperty('name', principal); + var serviceKeytabPath = serviceConfigs.findProperty('name', keytab).value; + result.host = host.get('hostName'); + result.component = displayName; + result.principal = servicePrincipal.value.replace('_HOST', host.get('hostName').toLowerCase()) + servicePrincipal.unit; + result.keytabfile = stringUtils.getFileFromPath(serviceKeytabPath); + result.keytab = stringUtils.getPath(serviceKeytabPath); + result.owner = 'root'; + result.group = groupId; + result.acl = '440'; + hostComponents.push(result); + } + }, + changeDisplayName: function (name) { if (name === 'HiveServer2') { return 'Hive Metastore and HiveServer2'; http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/data/HDP2/secure_mapping.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2/secure_mapping.js b/ambari-web/app/data/HDP2/secure_mapping.js index 0376f35..e674b91 100644 --- a/ambari-web/app/data/HDP2/secure_mapping.js +++ b/ambari-web/app/data/HDP2/secure_mapping.js @@ -178,6 +178,22 @@ module.exports = [ "serviceName": "MAPREDUCE2" }, { + "name": "jobhistoryserver.webapp.spnego-principal", + "templateName": ["jobhistory_http_principal_name", "kerberos_domain"], + "foreignKey": null, + "value": "<templateName[0]>@<templateName[1]>", + "filename": "mapred-site.xml", + "serviceName": "MAPREDUCE2" + }, + { + "name": "jobhistoryserver.webapp.spnego-keytab-file", + "templateName": ["jobhistory_http_keytab"], + "foreignKey": null, + "value": "<templateName[0]>", + "filename": "mapred-site.xml", + "serviceName": "MAPREDUCE2" + }, + { "name": "yarn.resourcemanager.principal", "templateName": ["resourcemanager_principal_name", "kerberos_domain"], "foreignKey": null, @@ -210,6 +226,38 @@ module.exports = [ "serviceName": "YARN" }, { + "name": "yarn.resourcemanager.webapp.spnego-principal", + "templateName": ["resourcemanager_http_principal_name", "kerberos_domain"], + "foreignKey": null, + "value": "<templateName[0]>@<templateName[1]>", + "filename": "yarn-site.xml", + "serviceName": "YARN" + }, + { + "name": "yarn.resourcemanager.webapp.spnego-keytab-file", + "templateName": ["resourcemanager_http_keytab"], + "foreignKey": null, + "value": "<templateName[0]>", + "filename": "yarn-site.xml", + "serviceName": "YARN" + }, + { + "name": "yarn.nodemanager.webapp.spnego-principal", + "templateName": ["nodemanager_http_principal_name", "kerberos_domain"], + "foreignKey": null, + "value": "<templateName[0]>@<templateName[1]>", + "filename": "yarn-site.xml", + "serviceName": "YARN" + }, + { + "name": "yarn.nodemanager.webapp.spnego-keytab-file", + "templateName": ["nodemanager_http_keytab"], + "foreignKey": null, + "value": "<templateName[0]>", + "filename": "yarn-site.xml", + "serviceName": "YARN" + }, + { "name": "yarn.nodemanager.container-executor.class", "templateName": ["yarn_nodemanager_container-executor_class"], "foreignKey": null, http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/data/HDP2/secure_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2/secure_properties.js b/ambari-web/app/data/HDP2/secure_properties.js index 024fe75..6b41fd7 100644 --- a/ambari-web/app/data/HDP2/secure_properties.js +++ b/ambari-web/app/data/HDP2/secure_properties.js @@ -163,7 +163,7 @@ module.exports = "category": "AMBARI" }, - //HDFS + /**********************************************HDFS***************************************/ { "id": "puppet var", "name": "namenode_host", @@ -393,7 +393,8 @@ module.exports = "serviceName": "HDFS", "category": "General" }, - //MAPREDUCE 2 + + /**********************************************MAPREDUCE2***************************************/ { "id": "puppet var", "name": "jobhistoryserver_host", @@ -435,7 +436,34 @@ module.exports = "category": "JobHistoryServer", "component": "HISTORYSERVER" }, - //YARN + { + "id": "puppet var", + "name": "jobhistory_http_principal_name", + "displayName": "Web principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access to Job History Server. _HOST will get automatically replaced with actual hostname at an instance of Job History Server", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "MAPREDUCE2", + "category": "JobHistoryServer" + }, + { + "id": "puppet var", + "name": "jobhistory_http_keytab", + "displayName": "Path to spnego keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for Job History Server", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "MAPREDUCE2", + "category": "JobHistoryServer" + }, + + /**********************************************YARN***************************************/ { "id": "puppet var", "name": "resourcemanager_host", @@ -479,6 +507,32 @@ module.exports = }, { "id": "puppet var", + "name": "resourcemanager_http_principal_name", + "displayName": "Web principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access to ResourceManager. _HOST will get automatically replaced with actual hostname at an instance of ResourceManager", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "YARN", + "category": "ResourceManager" + }, + { + "id": "puppet var", + "name": "resourcemanager_http_keytab", + "displayName": "Path to spnego keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for ResourceManager", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "YARN", + "category": "ResourceManager" + }, + { + "id": "puppet var", "name": "nodemanager_host", "displayName": "NodeManager", "value": "", @@ -520,6 +574,32 @@ module.exports = }, { "id": "puppet var", + "name": "nodemanager_http_principal_name", + "displayName": "Web principal name", + "value": "", + "defaultValue": "HTTP/_HOST", + "description": "Principal name for spnego access to NodeManager. _HOST will get automatically replaced with actual hostname at all instances of NodeManager", + "displayType": "principal", + "isVisible": true, + "isOverridable": false, + "serviceName": "YARN", + "category": "NodeManager" + }, + { + "id": "puppet var", + "name": "nodemanager_http_keytab", + "displayName": "Path to keytab file", + "value": "", + "defaultValue": "/etc/security/keytabs/spnego.service.keytab", + "description": "Path to spnego keytab file for NodeManager", + "displayType": "directory", + "isVisible": true, + "isOverridable": false, + "serviceName": "YARN", + "category": "NodeManager" + }, + { + "id": "puppet var", "name": "yarn_nodemanager_container-executor_class", "displayName": "yarn.nodemanager.container-executor.class", "value": "", @@ -532,7 +612,7 @@ module.exports = "category": "NodeManager" }, - //WEBHCAT + /**********************************************WEBHCAT***************************************/ { "id": "puppet var", "name": "webhcatserver_host", @@ -572,7 +652,8 @@ module.exports = "serviceName": "WEBHCAT", "category": "WebHCat Server" }, - //HBASE + + /**********************************************HBASE***************************************/ { "id": "puppet var", "name": "hbasemaster_host", @@ -656,7 +737,7 @@ module.exports = "components": ["HBASE_REGIONSERVER"] }, - //HIVE + /**********************************************HIVE***************************************/ { "id": "puppet var", "name": "hive_metastore", @@ -699,7 +780,7 @@ module.exports = "component": "HIVE_SERVER" }, - //OOZIE + /**********************************************OOZIE***************************************/ { "id": "puppet var", "name": "oozie_servername", @@ -768,7 +849,7 @@ module.exports = "category": "Oozie Server" }, - //ZooKeeper + /**********************************************ZOOKEEPER***************************************/ { "id": "puppet var", "name": "zookeeperserver_hosts", @@ -810,7 +891,8 @@ module.exports = "category": "ZooKeeper Server", "component": "ZOOKEEPER_SERVER" }, - //NAGIOS + + /**********************************************NAGIOS***************************************/ { "id": "puppet var", "name": "nagios_server", http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/messages.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js index 8c93fef..54ddc2f 100644 --- a/ambari-web/app/messages.js +++ b/ambari-web/app/messages.js @@ -767,6 +767,9 @@ Em.I18n.translations = { 'admin.addSecurity.user.hdfsUser': 'HDFS User', 'admin.addSecurity.user.hbaseUser': 'HBase User', 'admin.addSecurity.hdfs.user.httpUser': 'HDFS SPNEGO User', + 'admin.addSecurity.rm.user.httpUser': 'ResourceManager SPNEGO User', + 'admin.addSecurity.nm.user.httpUser': 'NodeManager SPNEGO User', + 'admin.addSecurity.historyServer.user.httpUser': 'History server SPNEGO User', 'admin.addSecurity.webhcat.user.httpUser': 'WebHCat SPNEGO User', 'admin.addSecurity.oozie.user.httpUser': 'Oozie SPNEGO User', 'admin.addSecurity.enable.onClose': 'You are in the process of enabling security on your cluster. ' +
