Updated Branches: refs/heads/trunk 2339fa99c -> 41d6de75d
AMBARI-3461. In Oracle6 cannot start services after enabling security. (Andrew Onischuk via mahadev) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/41d6de75 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/41d6de75 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/41d6de75 Branch: refs/heads/trunk Commit: 41d6de75df76323b00c5b94ddcf174a0dcde0de6 Parents: 2339fa9 Author: Mahadev Konar <[email protected]> Authored: Fri Oct 4 15:38:32 2013 -0700 Committer: Mahadev Konar <[email protected]> Committed: Fri Oct 4 15:38:37 2013 -0700 ---------------------------------------------------------------------- .../modules/hdp/manifests/java/jce/package.pp | 6 ++-- ambari-server/src/main/python/ambari-server.py | 33 +++++++++++--------- .../src/test/python/TestAmbariServer.py | 10 ++---- 3 files changed, 24 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp index 5b2815a..41b8bc9 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp @@ -39,7 +39,7 @@ define hdp::java::jce::package( # may be check the file sizes for local_policy and export_US policy jars? # UNLESS => "test -e ${java_exec}" # curl -k - ignoring unverified server ssl sertificate, - $curl_cmd = "mkdir -p ${artifact_dir}; curl -kf --retry 10 ${jce_location}/${jce_policy_zip} -o ${jce_curl_target}" + $curl_cmd = "mkdir -p ${artifact_dir}; curl -kf --retry 10 ${jce_location}/${jce_policy_zip} -o ${jce_curl_target}; echo 0" exec{ "jce-download ${name}": command => $curl_cmd, creates => $jce_curl_target, @@ -48,10 +48,10 @@ define hdp::java::jce::package( } $security_dir = "${java_home_dir}/jre/lib/security" - $cmd = "rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q ${jce_curl_target}" + $cmd = "rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q ${jce_curl_target}" exec { "jce-install ${name}": command => $cmd, - onlyif => "test -e ${security_dir}", + onlyif => "test -e ${security_dir} && test -f ${jce_curl_target}", cwd => $security_dir, path => ['/bin/','/usr/bin'] } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-server/src/main/python/ambari-server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index 18545df..1e98985 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -1620,11 +1620,11 @@ def install_jce_manualy(args): raise FatalException(-1, err) else: return 1 + # # Downloads the JDK # def download_jdk(args): - jce_installed = install_jce_manualy(args) properties = get_ambari_properties() if properties == -1: err = "Error getting ambari properties" @@ -1637,6 +1637,12 @@ def download_jdk(args): print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") write_property(JAVA_HOME_PROPERTY, args.java_home) + + warn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ + "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." + print_warning_msg(warn) + + return 0 else: try: jdk_url = properties[JDK_URL_PROPERTY] @@ -1739,16 +1745,15 @@ def download_jdk(args): write_property(JAVA_HOME_PROPERTY, "{0}/{1}". format(JDK_INSTALL_DIR, jdk_version)) - if jce_installed != 0: - try: - download_jce_policy(properties, ok) - except FatalException as e: - print "JCE Policy files are required for configuring Kerberos security. Please ensure " \ - " all hosts have the JCE Unlimited Strength Jurisdiction Policy Files." - print_error_msg("Failed to download JCE Policy files:") - if e.reason is not None: - print_error_msg("Reason: {0}".format(e.reason)) - # TODO: We don't fail installation if download_jce_policy fails. Is it OK? + try: + download_jce_policy(properties, ok) + except FatalException as e: + print "JCE Policy files are required for secure HDP setup. Please ensure " \ + " all hosts have the JCE unlimited strength policy 6, files." + print_error_msg("Failed to download JCE policy files:") + if e.reason is not None: + print_error_msg("Reason: {0}".format(e.reason)) + # TODO: We don't fail installation if download_jce_policy fails. Is it OK? return 0 @@ -1878,6 +1883,7 @@ def get_JAVA_HOME(): return None java_home = properties[JAVA_HOME_PROPERTY] + if (not 0 == len(java_home)) and (os.path.exists(java_home)): return java_home @@ -3718,9 +3724,8 @@ def main(): help="Use specified java_home. Must be valid on all hosts") parser.add_option('-i', '--jdk-location', dest="jdk_location", default=None, help="Use specified JDK file in local filesystem instead of downloading") - parser.add_option('-c', '--jce-policy', default=None, - help="Use specified jce_policy. Must be valid on " - "ambari server host", dest="jce_policy") + #parser.add_option('-c', '--jce-policy', default=None, + # help="Use specified jce_policy. Must be valid on all hosts", dest="jce_policy") parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False, help="Print verbose status messages") http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-server/src/test/python/TestAmbariServer.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py index 7be36c2..8be692a 100644 --- a/ambari-server/src/test/python/TestAmbariServer.py +++ b/ambari-server/src/test/python/TestAmbariServer.py @@ -1041,8 +1041,7 @@ class TestAmbariServer(TestCase): self.assertTrue(f.flush.called) self.assertTrue(f.close.called) self.assertEqual(2, len(dlprogress_mock.call_args_list)) - - + @patch("shutil.copy") @patch("os.path.join") @patch("os.path.exists") @@ -1100,7 +1099,6 @@ class TestAmbariServer(TestCase): args.jce_policy = None ambari_server.install_jce_manualy(args) - @patch.object(ambari_server, 'read_ambari_user') @patch.object(ambari_server, "get_validated_string_input") @patch.object(ambari_server, "find_properties_file") @@ -1620,7 +1618,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV self.assertTrue(failed) - @patch.object(ambari_server, "install_jce_manualy") @patch("os.stat") @patch("os.path.isfile") @patch("os.path.exists") @@ -1636,8 +1633,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV def test_download_jdk(self, exit_mock, copyfile_mock, get_ambari_properties_mock, get_JAVA_HOME_mock, \ print_info_msg_mock, write_property_mock, \ run_os_command_mock, get_YN_input_mock, track_jdk_mock, - path_existsMock, path_isfileMock, statMock, \ - install_jce_manualy_mock): + path_existsMock, path_isfileMock, statMock): args = MagicMock() args.java_home = "somewhere" path_existsMock.return_value = False @@ -1739,7 +1735,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV p.__getitem__.return_value = "somewhere" get_JAVA_HOME_mock.return_value = True path_existsMock.return_value = True - install_jce_manualy_mock.return_value = 1 with patch.object(ambari_server, "download_jce_policy") as download_jce_policy_mock: rcode = ambari_server.download_jdk(args) self.assertTrue(download_jce_policy_mock.called) @@ -1750,7 +1745,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV path_existsMock.return_value = True path_existsMock.side_effect = None get_JAVA_HOME_mock.return_value = True - install_jce_manualy_mock.return_value = 0 rcode = ambari_server.download_jdk(args) self.assertTrue(write_property_mock.called)
