Repository: ambari Updated Branches: refs/heads/trunk f4fbab135 -> f42b25804
AMBARI-17144 - Atlas Integration : Required changes for atlas-application.properties Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f42b2580 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f42b2580 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f42b2580 Branch: refs/heads/trunk Commit: f42b258042dd51b030dcb7d21815234c37da9474 Parents: f4fbab1 Author: tbeerbower <tbeerbo...@hortonworks.com> Authored: Thu Jun 9 15:31:04 2016 -0400 Committer: tbeerbower <tbeerbo...@hortonworks.com> Committed: Thu Jun 9 15:31:04 2016 -0400 ---------------------------------------------------------------------- .../configuration/application-properties.xml | 35 +++++++++-- .../stacks/HDP/2.5/services/ATLAS/kerberos.json | 62 ++++++++++++++++++++ 2 files changed, 93 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f42b2580/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml index 97c3e6a..985b4cf 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml @@ -83,18 +83,45 @@ <on-ambari-upgrade add="true"/> </property> <property> - <name>atlas.login.method</name> - <value>file</value> - <description>Atlas login method (e.g. file).</description> + <name>atlas.authentication.method.kerberos</name> + <value>false</value> + <description>Indicates whether or not Kerberos is enabled.</description> <on-ambari-upgrade add="true"/> </property> <property> - <name>atlas.login.credentials.file</name> + <name>atlas.authentication.method.file</name> + <value>true</value> + <description>Indicates whether or not file based authentication is enabled.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap</name> + <value>false</value> + <description>Indicates whether or not LDAP authentication is enabled.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.file.filename</name> <value>{{conf_dir}}/users-credentials.properties</value> <description>File path for file based login.</description> <on-ambari-upgrade add="true"/> </property> <property> + <name>atlas.authentication.method.ldap.type</name> + <value>ldap</value> + <description>The LDAP type (ldap or ad).</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.url</name> + <value/> + <description>The LDAP URL.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> <name>atlas.auth.policy.file</name> <value>{{conf_dir}}/policy-store.txt</value> <description>Path for the Atlas policy file.</description> http://git-wip-us.apache.org/repos/asf/ambari/blob/f42b2580/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json new file mode 100644 index 0000000..78ad6ea --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json @@ -0,0 +1,62 @@ +{ + "services": [ + { + "name": "ATLAS", + "configurations": [ + { + "application-properties": { + "atlas.authentication.method.kerberos": "true", + "atlas.kafka.sasl.kerberos.service.name": "${kafka-env/kafka_user}", + "atlas.kafka.security.protocol": "SASL_PLAINTEXT", + "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "atlas.jaas.KafkaClient.loginModuleControlFlag": "required", + "atlas.jaas.KafkaClient.option.useKeyTab": "true", + "atlas.jaas.KafkaClient.option.storeKey": "true", + "atlas.jaas.KafkaClient.option.serviceName": "${kafka-env/kafka_user}" + } + } + ], + "auth_to_local_properties" : [ + "application-properties/atlas.authentication.method.kerberos.name.rules|new_lines_escaped" + ], + "components": [ + { + "name": "ATLAS_SERVER", + "identities": [ + { + "name": "atlas", + "principal": { + "value": "atlas/_HOST@${realm}", + "type" : "service", + "configuration": "application-properties/atlas.jaas.KafkaClient.option.principal", + "local_username" : "${atlas-env/metadata_user}" + }, + "keytab": { + "file": "${keytab_dir}/atlas.service.keytab", + "owner": { + "name": "${atlas-env/metadata_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "application-properties/atlas.jaas.KafkaClient.option.keyTab" + } + }, + { + "name": "/spnego", + "principal": { + "value": "HTTP/_HOST@${realm}", + "configuration": "application-properties/atlas.authentication.method.kerberos.principal" + }, + "keytab": { + "configuration": "application-properties/atlas.authentication.method.kerberos.keytab" + } + } + ] + } + ] + } + ] +}