AMBARI-7465. Ambari kinits with basic user for hbase instead of using principal name (alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/738d8b1a Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/738d8b1a Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/738d8b1a Branch: refs/heads/branch-alerts-dev Commit: 738d8b1acea8606c5fdf06b9e785e3cb2fd48d14 Parents: 6c6e4fc Author: Alejandro Fernandez <[email protected]> Authored: Tue Sep 23 17:38:51 2014 -0700 Committer: Alejandro Fernandez <[email protected]> Committed: Wed Sep 24 10:56:20 2014 -0700 ---------------------------------------------------------------------- .../stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py | 3 ++- .../HDP/1.3.2/services/HBASE/package/scripts/service_check.py | 4 ++-- .../stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py | 3 ++- ambari-server/src/test/python/stacks/1.3.2/configs/secured.json | 5 +++-- ambari-server/src/test/python/stacks/2.0.6/configs/secured.json | 3 ++- ambari-web/app/data/HDP2/secure_properties.js | 1 + ambari-web/app/data/secure_properties.js | 1 + 7 files changed, 13 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py index ae85c8b..8ab8aff 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/params.py @@ -36,6 +36,7 @@ hbase_drain_only = config['commandParams']['mark_draining_only'] hbase_included_hosts = config['commandParams']['included_hosts'] hbase_user = status_params.hbase_user +hbase_principal_name = config['configurations']['hbase-env']['hbase_principal_name'] smokeuser = config['configurations']['cluster-env']['smokeuser'] security_enabled = config['configurations']['cluster-env']['security_enabled'] user_group = config['configurations']['cluster-env']['user_group'] @@ -82,7 +83,7 @@ smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] hbase_user_keytab = config['configurations']['hbase-env']['hbase_user_keytab'] kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]) if security_enabled: - kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_user};") + kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_principal_name};") else: kinit_cmd = "" http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/service_check.py b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/service_check.py index 3f3ca0b..9ab7f2d 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/service_check.py +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HBASE/package/scripts/service_check.py @@ -41,8 +41,8 @@ class HbaseServiceCheck(Script): mode = 0755, content = Template('hbase-smoke.sh.j2') ) - - if params.security_enabled: + + if params.security_enabled: hbase_grant_premissions_file = format("{exec_tmp_dir}/hbase_grant_permissions.sh") grantprivelegecmd = format("{kinit_cmd} hbase shell {hbase_grant_premissions_file}") http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py index c31caf2..ed086dc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HBASE/package/scripts/params.py @@ -55,6 +55,7 @@ hbase_drain_only = config['commandParams']['mark_draining_only'] hbase_included_hosts = config['commandParams']['included_hosts'] hbase_user = status_params.hbase_user +hbase_principal_name = config['configurations']['hbase-env']['hbase_principal_name'] smokeuser = config['configurations']['cluster-env']['smokeuser'] _authentication = config['configurations']['core-site']['hadoop.security.authentication'] security_enabled = config['configurations']['cluster-env']['security_enabled'] @@ -108,7 +109,7 @@ smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] hbase_user_keytab = config['configurations']['hbase-env']['hbase_user_keytab'] kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]) if security_enabled: - kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_user};") + kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_principal_name};") else: kinit_cmd = "" http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-server/src/test/python/stacks/1.3.2/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/1.3.2/configs/secured.json b/ambari-server/src/test/python/stacks/1.3.2/configs/secured.json index a49d623..b04f6e1 100644 --- a/ambari-server/src/test/python/stacks/1.3.2/configs/secured.json +++ b/ambari-server/src/test/python/stacks/1.3.2/configs/secured.json @@ -179,7 +179,7 @@ "namenode_principal_name": "nn/_HOST", "namenode_keytab": "/etc/security/keytabs/nn.service.keytab", "nagios_principal_name": "nagios/[email protected]", - "dfs_datanode_http_address": "1022", + "dfs_datanode_http_address": "1022", "hbase_user_keytab": "/etc/security/keytabs/hbase.headless.keytab", "jobtracker_primary_name": "jt", "hbase_pid_dir": "/var/run/hbase", @@ -561,7 +561,8 @@ }, "hbase-env": { "hbase_pid_dir": "/var/run/hbase", - "hbase_user": "hbase", + "hbase_user": "hbase", + "hbase_principal_name": "hbase", "hbase_master_heapsize": "1024m", "hbase_regionserver_xmn_max": "512m", "hbase_regionserver_xmn_ratio": "0.2", http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json index a484853..8db2df2 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json +++ b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json @@ -512,7 +512,8 @@ "hbase-env": { "hbase_pid_dir": "/var/run/hbase", "hbase_user": "hbase", - "hbase_master_heapsize": "1024m", + "hbase_master_heapsize": "1024m", + "hbase_principal_name": "hbase", "content": "\n# Set environment variables here.\n\n# The java implementation to use. Java 1.6 required.\nexport JAVA_HOME={{java64_home}}\n\n# HBase Configuration directory\nexport HBASE_CONF_DIR=${HBASE_CONF_DIR:-{{hbase_conf_dir}}}\n\n# Extra Java CLASSPATH elements. Optional.\nexport HBASE_CLASSPATH=${HBASE_CLASSPATH}\n\n# The maximum amount of heap to use, in MB. Default is 1000.\n# export HBASE_HEAPSIZE=1000\n\n# Extra Java runtime options.\n# Below are what we set by default. May only work with SUN JVM.\n# For more on why as well as other possible settings,\n# see http://wiki.apache.org/hadoop/PerformanceTuning\nexport HBASE_OPTS=\"-XX:+UseConcMarkSweepGC -XX:ErrorFile={{log_dir}}/hs_err_pid%p.log\"\nexport SERVER_GC_OPTS=\"-verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:{{log_dir}}/gc.log-`date +'%Y%m%d%H%M'`\"\n# Uncomment below to enable java garbage collection logging.\n# export HBASE_OPTS=\"$HBASE_OPTS -verbose:gc -XX:+PrintGCDetails -XX:+PrintG CDateStamps -Xloggc:$HBASE_HOME/logs/gc-hbase.log\"\n\n# Uncomment and adjust to enable JMX exporting\n# See jmxremote.password and jmxremote.access in $JRE_HOME/lib/management to configure remote password access.\n# More details at: http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html\n#\n# export HBASE_JMX_BASE=\"-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false\"\nexport HBASE_MASTER_OPTS=\"-Xmx{{master_heapsize}}\"\nexport HBASE_REGIONSERVER_OPTS=\"-Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 -Xms{{regionserver_heapsize}} -Xmx{{regionserver_heapsize}}\"\n# export HBASE_THRIFT_OPTS=\"$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=10103\"\n# export HBASE_ZOOKEEPER_OPTS=\"$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=10104\"\n\n# File naming hosts on which HRegionServers will run. $HBASE_HOME/conf/regionservers by default.\nexport HBASE_REGIONSERVERS=${HBASE_CONF_DIR}/regionservers\n\n# Extra ssh options. Empty by default.\n# export HBASE_SSH_OPTS=\"-o ConnectTimeout=1 -o SendEnv=HBASE_CONF_DIR\"\n\n# Where log files are stored. $HBASE_HOME/logs by default.\nexport HBASE_LOG_DIR={{log_dir}}\n\n# A string representing this instance of hbase. $USER by default.\n# export HBASE_IDENT_STRING=$USER\n\n# The scheduling priority for daemon processes. See 'man nice'.\n# export HBASE_NICENESS=10\n\n# The directory where pid files are stored. /tmp by default.\nexport HBASE_PID_DIR={{pid_dir}}\n\n# Seconds to sleep between slave commands. Unset by default. This\n# can be useful in large clusters, where, e.g., slave rsyncs can\n# otherwise arrive faster than the master can service them.\n# export HBASE_SLAVE_SLEEP=0.1\n\n# Tell HBase whether it should manage it's own instance of Zookeeper or not.\nexport HBASE_MANAGES_ZK=false\n\n{% if security_enabled %}\nexport HBASE_OPTS=\"$HBASE_OPTS -Djava.security.auth.login.config={{client_jaas_config_file}}\"\nexport HBASE_MASTER_OPTS=\ "$HBASE_MASTER_OPTS -Djava.security.auth.login.config={{master_jaas_config_file}}\"\nexport HBASE_REGIONSERVER_OPTS=\"$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config={{regionserver_jaas_config_file}}\"\n{% endif %}", "hbase_regionserver_heapsize": "1024m", "hbase_regionserver_xmn_max": "512", http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-web/app/data/HDP2/secure_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2/secure_properties.js b/ambari-web/app/data/HDP2/secure_properties.js index 95d17cd..f3d8d92 100644 --- a/ambari-web/app/data/HDP2/secure_properties.js +++ b/ambari-web/app/data/HDP2/secure_properties.js @@ -152,6 +152,7 @@ module.exports = "isOverridable": false, "isReconfigurable": false, "serviceName": "GENERAL", + "filename": "hbase-env.xml", "category": "AMBARI" }, { http://git-wip-us.apache.org/repos/asf/ambari/blob/738d8b1a/ambari-web/app/data/secure_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/secure_properties.js b/ambari-web/app/data/secure_properties.js index 0fe0ca8..5d01943 100644 --- a/ambari-web/app/data/secure_properties.js +++ b/ambari-web/app/data/secure_properties.js @@ -154,6 +154,7 @@ module.exports = "isOverridable": false, "isReconfigurable": false, "serviceName": "GENERAL", + "filename": "hbase-env.xml", "category": "AMBARI" }, {
