Repository: ambari Updated Branches: refs/heads/branch-2.1 5097def77 -> adb3e9b39
AMBARI-11919. After wire encryption, KMS client config (hdfs-site.xml and core-site.xml) should be updated to include https in URI Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/adb3e9b3 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/adb3e9b3 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/adb3e9b3 Branch: refs/heads/branch-2.1 Commit: adb3e9b39a2e53f4ac044a5e4649e34cba5a67eb Parents: 5097def Author: Srimanth Gunturi <[email protected]> Authored: Mon Jun 15 10:43:33 2015 -0700 Committer: Srimanth Gunturi <[email protected]> Committed: Mon Jun 15 13:58:45 2015 -0700 ---------------------------------------------------------------------- .../RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml | 9 ++++++++- .../HDP/2.2/services/HDFS/configuration/core-site.xml | 4 ++++ .../HDP/2.2/services/HDFS/configuration/hdfs-site.xml | 4 ++++ .../main/resources/stacks/HDP/2.2/services/stack_advisor.py | 8 +++++++- .../src/test/python/stacks/2.2/common/test_stack_advisor.py | 5 +++++ .../app/mappers/configs/stack_config_properties_mapper.js | 3 +++ 6 files changed, 31 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml index 647e2a4..be387ff 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml @@ -49,4 +49,11 @@ <name>xa.webapp.dir</name> <value>./webapp</value> </property> -</configuration> \ No newline at end of file + + <property> + <name>ranger.service.https.attrib.ssl.enabled</name> + <value>false</value> + <description></description> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/core-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/core-site.xml index 12d2789..80a1944 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/core-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/core-site.xml @@ -40,6 +40,10 @@ <type>hadoop-env</type> <name>keyserver_port</name> </property> + <property> + <type>ranger-kms-site</type> + <name>ranger.service.https.attrib.ssl.enabled</name> + </property> </depends-on> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hdfs-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hdfs-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hdfs-site.xml index 35cab99..e42b3f8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hdfs-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hdfs-site.xml @@ -52,6 +52,10 @@ <type>hadoop-env</type> <name>keyserver_port</name> </property> + <property> + <type>ranger-kms-site</type> + <name>ranger.service.https.attrib.ssl.enabled</name> + </property> </depends-on> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index 2380f2e..5b15d76 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -217,12 +217,18 @@ class HDP22StackAdvisor(HDP21StackAdvisor): keyserverPortString = services["configurations"]["kms-env"]["properties"]["kms_port"] if keyserverHostsString is not None and len(keyserverHostsString.strip()) > 0: + urlScheme = "http" + if "ranger-kms-site" in services["configurations"] and \ + "ranger.service.https.attrib.ssl.enabled" in services["configurations"]["ranger-kms-site"]["properties"] and \ + services["configurations"]["ranger-kms-site"]["properties"]["ranger.service.https.attrib.ssl.enabled"].lower() == "true": + urlScheme = "https" + if keyserverPortString is None or len(keyserverPortString.strip()) < 1: keyserverPortString = ":9292" else: keyserverPortString = ":" + keyserverPortString.strip() putCoreSiteProperty = self.putProperty(configurations, "core-site", services) - kmsPath = "kms://http@" + keyserverHostsString.strip() + keyserverPortString + "/kms" + kmsPath = "kms://" + urlScheme + "@" + keyserverHostsString.strip() + keyserverPortString + "/kms" putCoreSiteProperty("hadoop.security.key.provider.path", kmsPath) putHdfsSiteProperty("dfs.encryption.key.provider.uri", kmsPath) http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py index 9e5a3c0..ab0aa17 100644 --- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py @@ -2216,6 +2216,11 @@ class TestHDP22StackAdvisor(TestCase): self.stackAdvisor.recommendHDFSConfigurations(configurations, clusterData, services, hosts) self.assertEqual("kms://http@myhost1:2222/kms", configurations["hdfs-site"]["properties"]["dfs.encryption.key.provider.uri"]) + # Test - 'https' in KMS URL + configurations["ranger-kms-site"] = {"properties": {"ranger.service.https.attrib.ssl.enabled": "true"}} + self.stackAdvisor.recommendHDFSConfigurations(configurations, clusterData, services, hosts) + self.assertEqual("kms://https@myhost1:2222/kms", configurations["hdfs-site"]["properties"]["dfs.encryption.key.provider.uri"]) + # Test 8 - Dynamic maximum for 'dfs.namenode.handler.count' hosts['items'][1]['Hosts']['cpu_count'] = 9 self.stackAdvisor.recommendHDFSConfigurations(configurations, clusterData, services, hosts) http://git-wip-us.apache.org/repos/asf/ambari/blob/adb3e9b3/ambari-web/app/mappers/configs/stack_config_properties_mapper.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/mappers/configs/stack_config_properties_mapper.js b/ambari-web/app/mappers/configs/stack_config_properties_mapper.js index 1f09343..5913943 100644 --- a/ambari-web/app/mappers/configs/stack_config_properties_mapper.js +++ b/ambari-web/app/mappers/configs/stack_config_properties_mapper.js @@ -123,6 +123,9 @@ App.stackConfigPropertiesMapper = App.QuickDataMapper.create({ if (stackProperty.get('propertyDependedBy.length')) { this._setDependentServices(stackProperty, 'propertyDependedBy', service); } + if (stackProperty.get('propertyDependsOn.length')) { + this._setDependentServices(stackProperty, 'propertyDependsOn', service); + } }, this); }, /**
