Repository: ambari Updated Branches: refs/heads/trunk 19f251150 -> 4d4fc0cbb
AMBARI-8776. Create Kerberos Descriptors for ZooKeeper, Storm, Oozie and Falcon services. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4d4fc0cb Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4d4fc0cb Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4d4fc0cb Branch: refs/heads/trunk Commit: 4d4fc0cbb5929655080ba79604244a7a0eba862c Parents: 19f2511 Author: Jaimin Jetly <[email protected]> Authored: Wed Dec 17 17:50:03 2014 -0800 Committer: Jaimin Jetly <[email protected]> Committed: Wed Dec 17 17:50:20 2014 -0800 ---------------------------------------------------------------------- .../main/resources/stacks/HDP/2.2/kerberos.json | 2 +- .../HDP/2.2/services/FALCON/kerberos.json | 63 +++++++++++++ .../stacks/HDP/2.2/services/HBASE/kerberos.json | 3 + .../stacks/HDP/2.2/services/HIVE/kerberos.json | 21 +++++ .../stacks/HDP/2.2/services/OOZIE/kerberos.json | 64 +++++++++++++ .../stacks/HDP/2.2/services/STORM/kerberos.json | 98 ++++++++++++++++++++ .../stacks/HDP/2.2/services/YARN/kerberos.json | 12 +-- .../HDP/2.2/services/ZOOKEEPER/kerberos.json | 38 ++++++++ 8 files changed, 294 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json index b9031d0..be766ed 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json @@ -43,7 +43,7 @@ { "name": "hbase", "principal": { - "value": "hdfs@${realm}", + "value": "hbase@${realm}", "configuration": "hbase-env/hbase_principal_name" }, "keytab": { http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json new file mode 100644 index 0000000..98e917a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json @@ -0,0 +1,63 @@ +{ + "services": [ + { + "name": "FALCON", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + }, + { + "name": "/hdfs" + } + ], + "configurations": [ + { + "falcon-startup.properties": { + "*.falcon.authentication.type": "kerberos", + "*.falcon.http.authentication.type": "kerberos", + "*.dfs.namenode.kerberos.principal": "nn/_HOST@${realm}" + } + } + ], + "components": [ + { + "name": "FALCON_SERVER", + "identities": [ + { + "name": "falcon_server", + "principal": { + "value": "falcon/${host}@${realm}", + "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal" + }, + "keytab": { + "file": "${keytab_dir}/falcon.service.keytab", + "owner": { + "name": "${falcon-env/falcon_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab" + } + }, + { + "name": "/spnego", + "principal": { + "value": "HTTP/${host}@${realm}", + "configuration": "falcon-startup.properties/oozie.authentication.kerberos.principal" + }, + "keytab": { + "configuration": "falcon-startup.properties/oozie.authentication.kerberos.keytab" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json index 2d321a7..d9e1c25 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json @@ -10,6 +10,9 @@ "name": "/hdfs" }, { + "name": "/hbase" + }, + { "name": "/smokeuser" } ], http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json index 216aad7..de5d733 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json @@ -17,6 +17,12 @@ "hive.security.authorization.enabled": "true", "hive.server2.authentication": "KERBEROS" } + }, + { + "webhcat-site": { + "templeton.kerberos.secret": "secret", + "templeton.hive.properties": "hive.metastore.local=false,hive.metastore.uris=thrift://${host}:9083,hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,hive.metastore.warehouse.dir=/apps/hive/warehouse,hive.exec.mode.local.auto=false,hive.metastore.kerberos.principal=hive/_HOST@${realm}" + } } ], "components": [ @@ -76,6 +82,21 @@ } } ] + }, + { + "name": "WEBHCAT_SERVER", + "identities": [ + { + "name": "/spnego", + "principal": { + "value": "HTTP/${host}@${realm}", + "configuration": "webhcat-site/templeton.kerberos.principal" + }, + "keytab": { + "configuration": "webhcat-site/templeton.kerberos.keytab" + } + } + ] } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json new file mode 100644 index 0000000..9cb24ca --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json @@ -0,0 +1,64 @@ +{ + "services": [ + { + "name": "OOZIE", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + }, + { + "name": "/hdfs" + } + ], + "configurations": [ + { + "oozie-site": { + "oozie.authentication.type": "kerberos", + "oozie.service.AuthorizationService.authorization.enabled": "true", + "oozie.service.HadoopAccessorService.kerberos.enabled": "true", + "local.realm": "${realm}", + "oozie.authentication.kerberos.name.rules": "RULE:[2:$1@$0]([jt]t@.*${realm})s/.*/mapred/\nRULE:[2:$1@$0]([nd]n@.*${realm})s/.*/hdfs/\nRULE:[2:$1@$0](hm@.*${realm})s/.*/hbase/\nRULE:[2:$1@$0](rs@.*${realm})s/.*/hbase/\nDEFAULT" + } + } + ], + "components": [ + { + "name": "OOZIE_SERVER", + "identities": [ + { + "name": "oozie_server", + "principal": { + "value": "oozie/_HOST@${realm}", + "configuration": "oozie-site/oozie.service.HadoopAccessorService.kerberos.principal" + }, + "keytab": { + "file": "${keytab_dir}/oozie.service.keytab", + "owner": { + "name": "${oozie-env/oozie_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "oozie-site/oozie.service.HadoopAccessorService.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "oozie-site/oozie.authentication.kerberos.principal" + }, + "keytab": { + "configuration": "oozie-site/oozie.authentication.kerberos.keytab" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json new file mode 100644 index 0000000..77f4fe4 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json @@ -0,0 +1,98 @@ +{ + "services": [ + { + "name": "STORM", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "/smokeuser" + }, + { + "name": "storm_components", + "principal": { + "value": "storm/_HOST@${realm}", + "configuration": "storm-env/storm_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/storm.service.keytab", + "owner": { + "name": "${storm-env/storm_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "storm-env/storm_keytab" + } + } + ], + "components": [ + { + "name": "STORM_UI_SERVER", + "identities": [ + { + "name": "/spnego", + "principal": { + "configuration": "storm-env/storm_ui_principal_name" + }, + "keytab": { + "configuration": "storm-env/storm_ui_keytab" + } + } + ] + }, + { + "name": "NIMBUS", + "identities": [ + { + "name": "nimbus_server", + "principal": { + "value": "nimbus/_HOST@${realm}", + "configuration": "storm-env/nimbus_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/nimbus.service.keytab", + "owner": { + "name": "${storm-env/storm_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "storm-env/nimbus_keytab" + } + } + ] + }, + { + "name": "DRPC_SERVER", + "identities": [ + { + "name": "nimbus_server", + "principal": { + "value": "nimbus/_HOST@${realm}", + "configuration": "storm-env/nimbus_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/nimbus.service.keytab", + "owner": { + "name": "${storm-env/storm_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "storm-env/nimbus_keytab" + } + } + ] + } + ] + } + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json index 61117b5..7677a7a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json @@ -65,10 +65,10 @@ { "name": "/spnego", "principal": { - "configuration": "yarn.nodemanager.webapp.spnego-principal" + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal" }, "keytab": { - "configuration": "yarn.nodemanager.webapp.spnego-keytab-file" + "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" } } ], @@ -120,10 +120,10 @@ { "name": "/spnego", "principal": { - "configuration": "yarn.resourcemanager.webapp.spnego-principal" + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal" }, "keytab": { - "configuration": "yarn.resourcemanager.webapp.spnego-keytab-file" + "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" } } ] @@ -170,10 +170,10 @@ { "name": "/spnego", "principal": { - "configuration": "yarn.timeline-service.http-authentication.kerberos.principal" + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" }, "keytab": { - "configuration": "yarn.timeline-service.http-authentication.kerberos.keytab" + "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" } } ] http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json new file mode 100644 index 0000000..ddec01f --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json @@ -0,0 +1,38 @@ +{ + "services": [ + { + "name": "ZOOKEEPER", + "identities": [ + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "ZOOKEEPER_SERVER", + "identities": [ + { + "name": "zookeeper_zk", + "principal": { + "value": "zk/_HOST@${realm}", + "configuration": "zookeeper-env/zookeeper_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/zk.service.keytab", + "owner": { + "name": "${zookeeper-env/zk_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "zookeeper-env/zookeeper_keytab_path" + } + } + ] + } + ] + } + ] +}
