Repository: ambari Updated Branches: refs/heads/trunk db7f9b6ad -> 6826ef4c3
AMBARI-5949. Kerberos setup script should not be allowed to be run as non-root user. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6826ef4c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6826ef4c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6826ef4c Branch: refs/heads/trunk Commit: 6826ef4c373179b1f5fa5550cd639d5c224239f9 Parents: db7f9b6 Author: Jaimin Jetly <[email protected]> Authored: Thu May 29 15:51:48 2014 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Thu May 29 15:51:55 2014 -0700 ---------------------------------------------------------------------- .../main/resources/scripts/kerberos-setup.sh | 53 ++++++++++++++------ 1 file changed, 37 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6826ef4c/ambari-server/src/main/resources/scripts/kerberos-setup.sh ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/scripts/kerberos-setup.sh b/ambari-server/src/main/resources/scripts/kerberos-setup.sh index c4940d9..4ca8e31 100755 --- a/ambari-server/src/main/resources/scripts/kerberos-setup.sh +++ b/ambari-server/src/main/resources/scripts/kerberos-setup.sh @@ -173,6 +173,9 @@ processCSVFile () { sh ./generate_keytabs.sh } +######################## +## installKDC () : Install rng tools,pdsh on KDC host and KDC packages on all host. Modify krb5 file +######################## installKDC () { csvFile=$1; sshLoginKey=$2; @@ -249,6 +252,9 @@ installKDC () { fi } +######################## +## distributeKeytabs () : Distribute the tar on all respective hosts root directory and untar it +######################## distributeKeytabs () { shopt -s nullglob filearray=(keytabs_*tar) @@ -261,29 +267,44 @@ distributeKeytabs () { done } +######################## +## getEnvironmentCMD () : get linux distribution type and package manager +######################## getEnvironmentCMD () { -#get linux distribution type and package manager - os=`python -c 'import sys; sys.path.append("/usr/lib/python2.6/site-packages/"); from common_functions import OSCheck; print OSCheck.get_os_family()'` - case $os in - 'debian' ) - pkgmgr='apt-get' - inst_cmd="/usr/bin/$pkgmgr --force-yes --assume-yes install " - ;; - 'redhat' ) - pkgmgr='yum' - inst_cmd="/usr/bin/$pkgmgr -d 0 -e 0 -y install " - ;; - 'suse' ) - pkgmgr='zypper' - inst_cmd="/usr/bin/$pkgmgr --quiet install --auto-agree-with-licenses --no-confirm " - ;; - esac + os=`python -c 'import sys; sys.path.append("/usr/lib/python2.6/site-packages/"); from common_functions import OSCheck; print OSCheck.get_os_family()'` + case $os in + 'debian' ) + pkgmgr='apt-get' + inst_cmd="/usr/bin/$pkgmgr --force-yes --assume-yes install " + ;; + 'redhat' ) + pkgmgr='yum' + inst_cmd="/usr/bin/$pkgmgr -d 0 -e 0 -y install " + ;; + 'suse' ) + pkgmgr='zypper' + inst_cmd="/usr/bin/$pkgmgr --quiet install --auto-agree-with-licenses --no-confirm " + ;; + esac } +######################## +## checkUser () : If the user executing the script is not "root" then exit +######################## +checkUser () { + userid=`id -u`; + if (($userid != 0)); then + echo "ERROR: The script needs to be executed by root user" + exit 1; + fi +} + + if (($# != 2)); then usage fi +checkUser getEnvironmentCMD installKDC $@ processCSVFile $@
