Repository: ambari Updated Branches: refs/heads/trunk a3ddc89a1 -> 674765b6f
AMBARI-4919. Storm Security Integration: Add sasl configs for zookeeper authentication. (aonishuk) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/674765b6 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/674765b6 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/674765b6 Branch: refs/heads/trunk Commit: 674765b6f1287c162c17cdce71d8a7f846844bad Parents: a3ddc89 Author: Andrew Onischuk <[email protected]> Authored: Mon Mar 3 08:46:38 2014 -0800 Committer: Andrew Onischuk <[email protected]> Committed: Mon Mar 3 08:46:38 2014 -0800 ---------------------------------------------------------------------- .../2.1.1/services/STORM/configuration/storm-site.xml | 6 +++--- .../HDP/2.1.1/services/STORM/package/scripts/params.py | 12 +++++++++++- .../HDP/2.1.1/services/STORM/package/scripts/storm.py | 7 ++++++- .../services/STORM/package/templates/storm_jaas.conf.j2 | 9 +++++++++ 4 files changed, 29 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/674765b6/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml index f49d6ce..6eca8f9 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml @@ -118,7 +118,7 @@ </property> <property> <name>nimbus.childopts</name> - <value>-Xmx1024m -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8649,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value> + <value>-Xmx1024m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8649,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value> <description>This parameter is used by the storm-deploy project to configure the jvm options for the nimbus daemon.</description> </property> <property> @@ -188,7 +188,7 @@ </property> <property> <name>ui.childopts</name> - <value>-Xmx768m</value> + <value>-Xmx768m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf</value> <description>Childopts for Storm UI Java process.</description> </property> <property> @@ -264,7 +264,7 @@ </property> <property> <name>supervisor.childopts</name> - <value>-Xmx256m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value> + <value>-Xmx256m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value> <description>This parameter is used by the storm-deploy project to configure the jvm options for the supervisor daemon.</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/674765b6/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py index 057a053..c8f71ee 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py @@ -46,5 +46,15 @@ if 'ganglia_server_host' in config['clusterHostInfo'] and \ ganglia_report_interval = 60 else: ganglia_installed = False - + +_authentication = config['configurations']['core-site']['hadoop.security.authentication'] +security_enabled = ( not is_empty(_authentication) and _authentication == 'kerberos') + +if security_enabled: + _hostname_lowercase = config['hostname'].lower() + _kerberos_domain = config['configurations']['global']['kerberos_domain'] + _storm_principal_name = "storm" # config['configurations']['global']['hbase_master_principal_name'] + + storm_jaas_principal = format("{_storm_principal_name}/{_hostname_lowercase}@{_kerberos_domain}") + storm_keytab_path = "/etc/security/keytabs/storm.service.keytab" # config['configurations']['global']['storm_keytab'] http://git-wip-us.apache.org/repos/asf/ambari/blob/674765b6/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py index 5e21325..bce272b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py @@ -42,4 +42,9 @@ def storm(): configurations = params.config['configurations']['storm-site'], owner = params.storm_user, group = params.user_group - ) \ No newline at end of file + ) + + if params.security_enabled: + TemplateConfig( format("{conf_dir}/storm_jaas.conf"), + owner = params.storm_user + ) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/674765b6/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2 b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2 new file mode 100644 index 0000000..8f756ed --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2 @@ -0,0 +1,9 @@ +Client { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="{{storm_keytab_path}}" + storeKey=true + useTicketCache=false + serviceName="zookeeper" + principal="{{storm_jaas_principal}}"; +}; \ No newline at end of file
