Repository: ambari Updated Branches: refs/heads/trunk c2b9a1a72 -> 02b034bea
AMBARI-8790. Fix HBase Kerberos Descriptor, HBASE_CLIENT is incorrect. (robert levas via jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/02b034be Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/02b034be Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/02b034be Branch: refs/heads/trunk Commit: 02b034bea2af3ab4d85d4f9d5def249291929186 Parents: c2b9a1a Author: Jaimin Jetly <[email protected]> Authored: Thu Dec 18 13:21:41 2014 -0800 Committer: Jaimin Jetly <[email protected]> Committed: Thu Dec 18 13:21:49 2014 -0800 ---------------------------------------------------------------------- .../main/resources/stacks/HDP/2.2/kerberos.json | 19 ----- .../stacks/HDP/2.2/services/HBASE/kerberos.json | 72 +++++++----------- .../server/stack/KerberosDescriptorTest.java | 77 ++++++++++++++++++++ 3 files changed, 103 insertions(+), 65 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json index be766ed..92370a3 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json @@ -41,25 +41,6 @@ } }, { - "name": "hbase", - "principal": { - "value": "hbase@${realm}", - "configuration": "hbase-env/hbase_principal_name" - }, - "keytab": { - "file": "${keytab_dir}/hbase.headless.keytab", - "owner": { - "name": "root", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "r" - }, - "configuration": "hbase-env/hbase_user_keytab" - } - }, - { "name": "smokeuser", "principal": { "value": "ambari-qa@${realm}", http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json index d9e1c25..2807aaa 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json @@ -10,12 +10,36 @@ "name": "/hdfs" }, { - "name": "/hbase" + "name": "hbase", + "principal": { + "value": "hbase@${realm}", + "configuration": "hbase-env/hbase_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/hbase.headless.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "hbase-env/hbase_user_keytab" + } }, { "name": "/smokeuser" } ], + "configurations": [ + { + "hbase-site": { + "hbase.security.authentication": "kerberos", + "hbase.security.authorization": "true" + } + } + ], "components": [ { "name": "HBASE_MASTER", @@ -66,51 +90,7 @@ ] }, { - "name": "HBASE_CLIENT", - "identities": [ - { - "name": "secondary_namenode_nn", - "principal": { - "value": "nn/_HOST@${realm}", - "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal" - }, - "keytab": { - "file": "${keytab_dir}/snn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file" - } - }, - { - "name": "secondary_namenode_host", - "principal": { - "value": "host/_HOST@${realm}" - }, - "keytab": { - "file": "${keytab_dir}/snn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - } - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal" - } - } - ] + "name": "HBASE_CLIENT" } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java new file mode 100644 index 0000000..0abb2f3 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.stack; + +import org.apache.ambari.server.state.kerberos.KerberosDescriptor; +import org.junit.BeforeClass; +import org.junit.Test; +import org.springframework.util.Assert; + +import java.io.File; +import java.io.IOException; +import java.net.URL; + +/** + * KerberosDescriptorTest tests the stack- and service-level descriptors for certain stacks + * and services + */ +public class KerberosDescriptorTest { + private static File stacksDirectory; + private static File hdpStackDirectory; + private static File hdp22StackDirectory; + private static File hdp22ServicesDirectory; + private static File commonServicesDirectory; + + + @BeforeClass + public static void beforeClass() { + URL rootDirectoryURL = KerberosDescriptorTest.class.getResource("/"); + Assert.notNull(rootDirectoryURL); + + stacksDirectory = new File(new File(rootDirectoryURL.getFile()).getParent(), "classes/stacks"); + Assert.notNull(stacksDirectory); + Assert.isTrue(stacksDirectory.canRead()); + + hdpStackDirectory = new File(stacksDirectory, "HDP"); + Assert.notNull(hdpStackDirectory); + Assert.isTrue(hdpStackDirectory.canRead()); + + hdp22StackDirectory = new File(hdpStackDirectory, "2.2"); + Assert.notNull(hdp22StackDirectory); + Assert.isTrue(hdp22StackDirectory.canRead()); + + hdp22ServicesDirectory = new File(hdp22StackDirectory, "services"); + Assert.notNull(hdp22ServicesDirectory); + Assert.isTrue(hdp22ServicesDirectory.canRead()); + + commonServicesDirectory = new File(new File(rootDirectoryURL.getFile()).getParent(), "classes/common-services"); + Assert.notNull(commonServicesDirectory); + Assert.isTrue(commonServicesDirectory.canRead()); + + } + + @Test + public void testHDP22HBASEServiceDescriptor() throws IOException { + File hbaseDirectory = new File(hdp22ServicesDirectory, "HBASE"); + KerberosDescriptor descriptor = KerberosDescriptor.fromFile(new File(hbaseDirectory, "kerberos.json")); + Assert.notNull(descriptor); + Assert.notNull(descriptor.getServices()); + Assert.notNull(descriptor.getService("HBASE")); + } +}
