Repository: ambari Updated Branches: refs/heads/trunk 3156c3ad6 -> 4f7fc3eea
AMBARI-10506. Shore up tactical outages around managing configuration files needed for enabling SSL and RPC encryption (alexantonenko) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4f7fc3ee Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4f7fc3ee Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4f7fc3ee Branch: refs/heads/trunk Commit: 4f7fc3eea26bf178322c38c5a41f30eee45d9a37 Parents: 3156c3a Author: Alex Antonenko <[email protected]> Authored: Mon Apr 20 11:00:05 2015 +0300 Committer: Alex Antonenko <[email protected]> Committed: Mon Apr 20 11:00:15 2015 +0300 ---------------------------------------------------------------------- .../HDFS/2.1.0.2.0/configuration/ssl-client.xml | 31 ++++++++++++ .../HDFS/2.1.0.2.0/configuration/ssl-server.xml | 53 ++++++++++++++++++++ .../common-services/HDFS/2.1.0.2.0/metainfo.xml | 2 + .../HDFS/2.1.0.2.0/package/scripts/hdfs.py | 20 +++++++- .../common-services/YARN/2.1.0.2.0/metainfo.xml | 2 + .../YARN/2.1.0.2.0/package/scripts/yarn.py | 16 ++++++ .../YARN/configuration-mapred/ssl-client.xml | 31 ++++++++++++ .../YARN/configuration-mapred/ssl-server.xml | 53 ++++++++++++++++++++ .../YARN/configuration-mapred/ssl-client.xml | 31 ++++++++++++ .../YARN/configuration-mapred/ssl-server.xml | 53 ++++++++++++++++++++ 10 files changed, 291 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml new file mode 100644 index 0000000..ec8cfac --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml @@ -0,0 +1,31 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.client.truststore.location</name> + <value>/etc/security/clientKeys/all.jks</value> + <description>Truststore to be used by clients. Must be specified.</description> + </property> + <property> + <name>ssl.client.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml new file mode 100644 index 0000000..20b8b1e --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.server.truststore.location</name> + <value>/etc/security/serverKeys/truststore.jks</value> + <description>Truststore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.location</name> + <value>/etc/security/serverKeys/keystore.jks</value> + <description>Keystore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.password</name> + <property-type>PASSWORD</property-type> + <value>bigdata</value> + <description>Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.keypassword</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Must be specified.</description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml index f39e4e7..e5f0114 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml @@ -235,6 +235,8 @@ <config-type>hadoop-policy</config-type> <config-type>hdfs-log4j</config-type> <config-type>ranger-hdfs-plugin-properties</config-type> + <config-type>ssl-client</config-type> + <config-type>ssl-server</config-type> </configuration-dependencies> <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py index b9fb703..a15a486 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py @@ -59,6 +59,24 @@ def hdfs(name=None): group=params.user_group ) + if "ssl-client" in params.config['configurations']: + XmlConfig("ssl-client.xml", + conf_dir=params.hadoop_conf_dir, + configurations=params.config['configurations']['ssl-client'], + configuration_attributes=params.config['configuration_attributes']['ssl-client'], + owner=params.hdfs_user, + group=params.user_group + ) + + if "ssl-server" in params.config['configurations']: + XmlConfig("ssl-server.xml", + conf_dir=params.hadoop_conf_dir, + configurations=params.config['configurations']['ssl-server'], + configuration_attributes=params.config['configuration_attributes']['ssl-server'], + owner=params.hdfs_user, + group=params.user_group + ) + XmlConfig("hdfs-site.xml", conf_dir=params.hadoop_conf_dir, configurations=params.config['configurations']['hdfs-site'], @@ -114,4 +132,4 @@ def hdfs(component=None): owner=params.hdfs_user, mode="f", configuration_attributes=params.config['configuration_attributes']['hdfs-site'] - ) \ No newline at end of file + ) http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml index 30cd902..bfccb4f 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml @@ -240,6 +240,8 @@ <config-type>core-site</config-type> <config-type>mapred-site</config-type> <config-type>mapred-env</config-type> + <config-type>ssl-client</config-type> + <config-type>ssl-server</config-type> </configuration-dependencies> <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py index 1d4b365..22888e2 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py @@ -272,7 +272,23 @@ def yarn(name = None): owner=params.hdfs_user, group=params.user_group ) + if "ssl-client" in params.config['configurations']: + XmlConfig("ssl-client.xml", + conf_dir=params.hadoop_conf_dir, + configurations=params.config['configurations']['ssl-client'], + configuration_attributes=params.config['configuration_attributes']['ssl-client'], + owner=params.hdfs_user, + group=params.user_group + ) + if "ssl-server" in params.config['configurations']: + XmlConfig("ssl-server.xml", + conf_dir=params.hadoop_conf_dir, + configurations=params.config['configurations']['ssl-server'], + configuration_attributes=params.config['configuration_attributes']['ssl-server'], + owner=params.hdfs_user, + group=params.user_group + ) if os.path.exists(os.path.join(params.hadoop_conf_dir, 'fair-scheduler.xml')): File(os.path.join(params.hadoop_conf_dir, 'fair-scheduler.xml'), owner=params.mapred_user, http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml new file mode 100644 index 0000000..ec8cfac --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml @@ -0,0 +1,31 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.client.truststore.location</name> + <value>/etc/security/clientKeys/all.jks</value> + <description>Truststore to be used by clients. Must be specified.</description> + </property> + <property> + <name>ssl.client.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml new file mode 100644 index 0000000..20b8b1e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.server.truststore.location</name> + <value>/etc/security/serverKeys/truststore.jks</value> + <description>Truststore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.location</name> + <value>/etc/security/serverKeys/keystore.jks</value> + <description>Keystore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.password</name> + <property-type>PASSWORD</property-type> + <value>bigdata</value> + <description>Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.keypassword</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Must be specified.</description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml new file mode 100644 index 0000000..ec8cfac --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml @@ -0,0 +1,31 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.client.truststore.location</name> + <value>/etc/security/clientKeys/all.jks</value> + <description>Truststore to be used by clients. Must be specified.</description> + </property> + <property> + <name>ssl.client.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml new file mode 100644 index 0000000..20b8b1e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.server.truststore.location</name> + <value>/etc/security/serverKeys/truststore.jks</value> + <description>Truststore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.location</name> + <value>/etc/security/serverKeys/keystore.jks</value> + <description>Keystore to be used by NN and DN. Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.password</name> + <property-type>PASSWORD</property-type> + <value>bigdata</value> + <description>Must be specified.</description> + </property> + <property> + <name>ssl.server.keystore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + </property> + <property> + <name>ssl.server.keystore.keypassword</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Must be specified.</description> + </property> +</configuration>
