git commit: AMBARI-6401. Kerberos_setup.sh should use 'set -e' to fail early (aonishuk)

Mon, 07 Jul 2014 08:25:21 -0700 

Repository: ambari
Updated Branches:
  refs/heads/trunk 3ee0088e0 -> 8ddd85b01


AMBARI-6401. Kerberos_setup.sh should use 'set -e' to fail early (aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8ddd85b0
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8ddd85b0
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8ddd85b0

Branch: refs/heads/trunk
Commit: 8ddd85b0194451d55211381098fc5c401a324767
Parents: 3ee0088
Author: Andrew Onishuk <aonis...@hortonworks.com>
Authored: Mon Jul 7 18:24:26 2014 +0300
Committer: Andrew Onishuk <aonis...@hortonworks.com>
Committed: Mon Jul 7 18:24:26 2014 +0300

----------------------------------------------------------------------
 .../main/resources/scripts/kerberos-setup.sh    | 114 +++++++++++++------
 1 file changed, 77 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/8ddd85b0/ambari-server/src/main/resources/scripts/kerberos-setup.sh
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/scripts/kerberos-setup.sh 
b/ambari-server/src/main/resources/scripts/kerberos-setup.sh
index 099b8ea..00f8076 100755
--- a/ambari-server/src/main/resources/scripts/kerberos-setup.sh
+++ b/ambari-server/src/main/resources/scripts/kerberos-setup.sh
@@ -183,38 +183,21 @@ installKDC () {
   scriptDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
   krb5_new_conf=$scriptDir"/krb5.conf"
   krb5_conf="/etc/krb5.conf"
+  #export additional path for suse and centos5
+  PATH=$PATH:/usr/lib/mit/sbin/:/usr/kerberos/sbin/:/usr/sbin/:/sbin/
   # Install rng tools
-  $inst_cmd rng-tools
-  if [ $os == 'debian' ] || [ $os == 'suse' ]; then
-    echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
-    /etc/init.d/rng-tools start
-  else
-    sed -i "s/\(EXTRAOPTIONS *= *\).*/\1\"-r \/dev\/urandom\"/" 
"/etc/sysconfig/rngd"
-    # start rngd
-    /etc/init.d/rngd start
-  fi
+  installRngtools
   # Install kdc server on this host
-  if [ $os == 'debian' ]; then
-    $inst_cmd krb5-kdc krb5-admin-server krb5-user libpam-krb5 libpam-ccreds 
auth-client-config
-  elif [ $os == 'suse' ] ; then
-    $inst_cmd krb5 krb5-server krb5-client
-  else
-    $inst_cmd krb5-server krb5-libs krb5-auth-dialog krb5-workstation
-  fi
+  $inst_cmd $server_packages
   # Configure /etc/krb5.conf
   cp $krb5_conf $krb5_conf".bak"
   cp $krb5_new_conf $krb5_conf
   sed -i "s/\(kdc *= *\).*kerberos.example.com.*/\1$HOSTNAME/" $krb5_conf
   sed -i "s/\(admin_server *= *\).*kerberos.example.com.*/\1$HOSTNAME/" 
$krb5_conf
-  # Install rng tools
-  if [ $os == 'debian' ]; then
-    echo -ne '\n\n' | kdb5_util create -s
-    /usr/sbin/service krb5-admin-server start
-    /usr/sbin/service krb5-kdc start
-  else
+  # Create principal key and start services
+  if [[ ! -f $principal_file ]]; then
     echo -ne '\n\n' | kdb5_util create -s
-    /sbin/service krb5kdc start
-    /sbin/service kadmin start
+    $kdc_services_start
   fi
   # Install pdsh on this host
   $inst_cmd pdsh;
@@ -232,14 +215,15 @@ installKDC () {
       hostNames=$hostNames,$hostName;
     fi
   done < $csvFile
+  # Check all hosts for passwordless ssh
+  OLD_IFS=$IFS
+  IFS=,
+  for host in $hostNames; do
+    checkSSH $host
+  done
+  IFS=$OLD_IFS
   export PDSH_SSH_ARGS_APPEND="-q -o StrictHostKeyChecking=no -o 
UserKnownHostsFile=/dev/null -o PreferredAuthentications=publickey"
-  if [ $os == 'debian' ]; then
-    pdsh -R ssh -w $hostNames "$inst_cmd krb5-user libpam-krb5 libpam-ccreds 
auth-client-config"
-  elif [ $os == 'suse' ] ; then
-    pdsh -R ssh -w $hostNames "$inst_cmd krb5-client"
-  else
-    pdsh -R ssh -w $hostNames "$inst_cmd krb5-workstation"
-  fi
+  pdsh -R ssh -w $hostNames "$inst_cmd $client_packages"
   pdsh -R ssh -w $hostNames "$inst_cmd pdsh"
   pdsh -R ssh -w $hostNames chown root:root -R /usr
   pdcp -R ssh -w $hostNames $krb5_conf $krb5_conf
@@ -265,18 +249,44 @@ distributeKeytabs () {
 ########################
 getEnvironmentCMD () {
   os=`python -c 'import sys; 
sys.path.append("/usr/lib/python2.6/site-packages/"); from ambari_commons 
import OSCheck; print OSCheck.get_os_family()'`
+  version=`python -c 'import sys; 
sys.path.append("/usr/lib/python2.6/site-packages/"); from ambari_commons 
import OSCheck; print OSCheck.get_os_major_version()'`
+  os=$os$version;
   case $os in
-  'debian' )
+  'debian12' )
     pkgmgr='apt-get'
-    inst_cmd="env DEBIAN_FRONTEND=noninteractive /usr/bin/$pkgmgr --force-yes 
--assume-yes install "
+    inst_cmd="env DEBIAN_FRONTEND=noninteractive /usr/bin/$pkgmgr --force-yes 
--assume-yes install -f "
+    client_packages="krb5-user libpam-krb5 libpam-ccreds auth-client-config"
+    server_packages="krb5-kdc krb5-admin-server $client_packages"
+    rng_tools="rng-tools"
+    principal_file="/etc/krb5kdc/principal"
+    kdc_services_start="service krb5-admin-server start; service krb5-kdc 
start"
+    ;;
+  'redhat5' )
+    pkgmgr='yum'
+    inst_cmd="/usr/bin/$pkgmgr -y install "
+    client_packages="krb5-workstation"
+    server_packages="krb5-server krb5-libs krb5-auth-dialog $client_packages"
+    rng_tools="rng-utils"
+    principal_file="/var/kerberos/krb5kdc/principal"
+    kdc_services_start="service kadmin start; service krb5kdc start"
     ;;
-  'redhat' )
+  'redhat6' )
     pkgmgr='yum'
-    inst_cmd="/usr/bin/$pkgmgr -d 0 -e 0 -y install "
+    inst_cmd="/usr/bin/$pkgmgr -y install "
+    client_packages="krb5-workstation"
+    server_packages="krb5-server krb5-libs krb5-auth-dialog $client_packages"
+    rng_tools="rng-tools"
+    principal_file="/var/kerberos/krb5kdc/principal"
+    kdc_services_start="service kadmin start; service krb5kdc start"
     ;;
-  'suse' )
+  'suse11' )
     pkgmgr='zypper'
-    inst_cmd="/usr/bin/$pkgmgr --quiet install --auto-agree-with-licenses 
--no-confirm "
+    inst_cmd="/usr/bin/$pkgmgr install --auto-agree-with-licenses --no-confirm 
"
+    client_packages="krb5-client"
+    server_packages="krb5 krb5-server $client_packages"
+    rng_tools="rng-tools"
+    principal_file="/var/lib/kerberos/krb5kdc/principal"
+    kdc_services_start="krb5kdc"
     ;;
   esac
 }
@@ -292,11 +302,41 @@ checkUser () {
   fi
 }
 
+########################
+## checkSSH () : If passwordless ssh for root is not configured then exit
+########################
+checkSSH () {
+  host=$1
+  ssh -oPasswordAuthentication=no -o UserKnownHostsFile=/dev/null -o 
StrictHostKeyChecking=no $host "exit 0" && return_value=0 || return_value=$? && 
true
+  if [[ $return_value != 0 ]]; then
+    echo "ERROR: Passwordless ssh for user root is not configured for host 
$host"
+    exit 1;
+  fi
+}
+
+########################
+## installRngtools () : Install and start rng-tools
+########################
+installRngtools () {
+  $inst_cmd $rng_tools
+  echo $inst_cmd $rng_utils
+  if [ $os == 'debian12' ] || [ $os == 'suse11' ]; then
+    echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
+    /etc/init.d/rng-tools start || true
+  elif [ $os == 'redhat5' ]; then
+    /sbin/rngd -r /dev/urandom -o /dev/random -f -t .001 --background
+  else
+    sed -i "s/\(EXTRAOPTIONS *= *\).*/\1\"-r \/dev\/urandom\"/" 
"/etc/sysconfig/rngd"
+    # start rngd
+    /etc/init.d/rngd start
+  fi
+}
 
 if (($# != 2)); then
     usage
 fi
 
+set -e
 checkUser
 getEnvironmentCMD
 installKDC $@

Reply via email to