Repository: ambari Updated Branches: refs/heads/trunk 0fa71ff92 -> 126626857
AMBARI-16085. Modify Ambari stacks for Ranger (for enabling plugins) to use service keytab for creating repositories and policies - Part2 (gautam) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/12662685 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/12662685 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/12662685 Branch: refs/heads/trunk Commit: 126626857ffdabfb61788ff72a83023262bd58da Parents: 0fa71ff Author: Gautam Borad <[email protected]> Authored: Thu Apr 28 19:10:49 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Thu Apr 28 19:47:57 2016 +0530 ---------------------------------------------------------------------- .../libraries/functions/ranger_functions_v2.py | 2 ++ .../HBASE/0.96.0.2.0/package/scripts/params_linux.py | 6 +++--- .../HDFS/2.1.0.2.0/package/scripts/params_linux.py | 2 +- .../HIVE/0.12.0.2.0/package/scripts/params_linux.py | 2 +- .../common-services/KAFKA/0.8.1.2.2/package/scripts/params.py | 2 +- .../KNOX/0.5.0.2.2/package/scripts/params_linux.py | 2 +- .../STORM/0.9.1.2.1/package/scripts/params_linux.py | 6 +++--- .../YARN/2.1.0.2.0/package/scripts/params_linux.py | 2 +- 8 files changed, 13 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py index f081505..9709713 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py @@ -389,6 +389,8 @@ class RangeradminV2: if len(policy_list) == policy_update_count: Logger.info("Ranger Repository created successfully and policies updated successfully providing ambari-qa user all permissions") return response_json + else: + return response_json else: Logger.info('Repository creation failed') return None http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index 18283c4..d3fc173 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -338,7 +338,7 @@ if has_ranger_admin: } if stack_supports_ranger_kerberos and security_enabled: - hbase_ranger_plugin_config['policydownload.auth.users'] = hbase_user + hbase_ranger_plugin_config['policy.download.auth.users'] = hbase_user hbase_ranger_plugin_config['tag.download.auth.users'] = hbase_user hbase_ranger_plugin_config['policy.grant.revoke.auth.users'] = hbase_user @@ -351,10 +351,10 @@ if has_ranger_admin: 'type': 'hbase' } - if 'hbase-master' in component_directory.lower(): + if stack_supports_ranger_kerberos and security_enabled and 'hbase-master' in component_directory.lower(): ranger_hbase_principal = master_jaas_princ ranger_hbase_keytab = master_keytab_path - else: + elif stack_supports_ranger_kerberos and security_enabled and 'hbase-regionserver' in component_directory.lower(): ranger_hbase_principal = regionserver_jaas_princ ranger_hbase_keytab = regionserver_keytab_path http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index a066dbd..f42185e 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -486,7 +486,7 @@ if has_ranger_admin: 'assetType': '1' } if stack_supports_ranger_kerberos and security_enabled: - hdfs_ranger_plugin_config['policydownload.auth.users'] = hdfs_user + hdfs_ranger_plugin_config['policy.download.auth.users'] = hdfs_user hdfs_ranger_plugin_config['tag.download.auth.users'] = hdfs_user hdfs_ranger_plugin_repo = { http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py index a4f5378..2e1a2af 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py @@ -644,7 +644,7 @@ if has_ranger_admin: } if stack_supports_ranger_kerberos and security_enabled: - hive_ranger_plugin_config['policydownload.auth.users'] = hive_user + hive_ranger_plugin_config['policy.download.auth.users'] = hive_user hive_ranger_plugin_config['tag.download.auth.users'] = hive_user hive_ranger_plugin_config['policy.grant.revoke.auth.users'] = hive_user http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py index 0a2796b..12ccef6 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py @@ -212,7 +212,7 @@ if has_ranger_admin and is_supported_kafka_ranger: } if stack_supports_ranger_kerberos and security_enabled: - ranger_plugin_config['policydownload.auth.users'] = kafka_user + ranger_plugin_config['policy.download.auth.users'] = kafka_user ranger_plugin_config['tag.download.auth.users'] = kafka_user http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 1aea9bf..1dd25ce 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -321,7 +321,7 @@ if has_ranger_admin: } if stack_supports_ranger_kerberos and security_enabled: - knox_ranger_plugin_config['policydownload.auth.users'] = knox_user + knox_ranger_plugin_config['policy.download.auth.users'] = knox_user knox_ranger_plugin_config['tag.download.auth.users'] = knox_user knox_ranger_plugin_repo = { http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py index 22da38f..d715a25 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py @@ -289,7 +289,7 @@ if has_ranger_admin: } if stack_supports_ranger_kerberos and security_enabled: - storm_ranger_plugin_config['policydownload.auth.users'] = storm_user + storm_ranger_plugin_config['policy.download.auth.users'] = storm_user storm_ranger_plugin_config['tag.download.auth.users'] = storm_user storm_ranger_plugin_repo = { @@ -300,10 +300,10 @@ if has_ranger_admin: 'type': 'storm' } - if 'storm-nimbus' in status_params.component_directory.lower(): + if stack_supports_ranger_kerberos and security_enabled and 'storm-nimbus' in status_params.component_directory.lower(): ranger_storm_principal = nimbus_jaas_principal ranger_storm_keytab = nimbus_keytab_path - else: + elif stack_supports_ranger_kerberos and security_enabled and 'storm-client' in status_params.component_directory.lower(): ranger_storm_principal = storm_ui_jaas_principal ranger_storm_keytab = storm_ui_keytab_path http://git-wip-us.apache.org/repos/asf/ambari/blob/12662685/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py index efa303c..cf01965 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py @@ -416,7 +416,7 @@ if has_ranger_admin: } if stack_supports_ranger_kerberos and security_enabled: - ranger_plugin_config['policydownload.auth.users'] = yarn_user + ranger_plugin_config['policy.download.auth.users'] = yarn_user ranger_plugin_config['tag.download.auth.users'] = yarn_user #For curl command in ranger plugin to get db connector
