Repository: ambari Updated Branches: refs/heads/trunk 2d6cb436a -> def14ebd6
AMBARI-17763. Create seperate Identity for Atlas Jaas Kafka client. (Addendum patch) (Mugdha via Jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/def14ebd Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/def14ebd Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/def14ebd Branch: refs/heads/trunk Commit: def14ebd67df58849ef055815d03f2d3358ba260 Parents: 2d6cb43 Author: Jaimin Jetly <[email protected]> Authored: Mon Jul 18 13:06:42 2016 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Mon Jul 18 13:06:42 2016 -0700 ---------------------------------------------------------------------- .../common-services/RANGER/0.6.0/kerberos.json | 11 +++++-- .../stacks/HDP/2.5/services/stack_advisor.py | 32 -------------------- 2 files changed, 9 insertions(+), 34 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/def14ebd/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json index 564c57b..94c681d 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json @@ -106,6 +106,15 @@ }, "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab" } + }, + { + "name": "/RANGER/RANGER_TAGSYNC/rangertagsync", + "principal": { + "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal" + }, + "keytab": { + "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab" + } } ], "configurations": [ @@ -116,8 +125,6 @@ "atlas.jaas.KafkaClient.option.useKeyTab": "true", "atlas.jaas.KafkaClient.option.storeKey": "true", "atlas.jaas.KafkaClient.option.serviceName": "kafka", - "atlas.jaas.KafkaClient.option.keyTab": "${ranger-tagsync-site/ranger.tagsync.kerberos.keytab}", - "atlas.jaas.KafkaClient.option.principal": "${ranger-tagsync-site/ranger.tagsync.kerberos.principal}", "atlas.kafka.sasl.kerberos.service.name": "kafka", "atlas.kafka.security.protocol": "PLAINTEXTSASL" } http://git-wip-us.apache.org/repos/asf/ambari/blob/def14ebd/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py index db3614f..0d12ffc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py @@ -1508,11 +1508,8 @@ class HDP25StackAdvisor(HDP24StackAdvisor): super(HDP25StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts) servicesList = [service["StackServices"]["service_name"] for service in services["services"]] has_ranger_tagsync = False - security_enabled = self.isSecurityEnabled(services) - ranger_tagsync_site = getServicesSiteProperties(services, "ranger-tagsync-site") putTagsyncAppProperty = self.putProperty(configurations, "tagsync-application-properties", services) - putTagsyncAppPropertyAttributes = self.putPropertyAttribute(configurations, "tagsync-application-properties") putTagsyncSiteProperty = self.putProperty(configurations, "ranger-tagsync-site", services) putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services) putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) @@ -1520,35 +1517,6 @@ class HDP25StackAdvisor(HDP24StackAdvisor): ranger_tagsync_host = self.__getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC") has_ranger_tagsync = len(ranger_tagsync_host) > 0 - if has_ranger_tagsync: - tagsync_keytab_path = '' - tagsync_principal = '' - if ranger_tagsync_site is not None: - tagsync_keytab_path = ranger_tagsync_site.get('ranger.tagsync.kerberos.keytab') - tagsync_principal = ranger_tagsync_site.get('ranger.tagsync.kerberos.principal') - tagsync_principal = tagsync_principal.replace('_HOST', ranger_tagsync_host[0].lower()) - - if security_enabled: - putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleName', 'com.sun.security.auth.module.Krb5LoginModule') - putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleControlFlag', 'required') - putTagsyncAppProperty('atlas.jaas.KafkaClient.option.useKeyTab', 'true') - putTagsyncAppProperty('atlas.jaas.KafkaClient.option.storeKey', 'true') - putTagsyncAppProperty('atlas.jaas.KafkaClient.option.serviceName', 'kafka') - putTagsyncAppProperty('atlas.jaas.KafkaClient.option.keyTab', tagsync_keytab_path) - putTagsyncAppProperty('atlas.jaas.KafkaClient.option.principal', tagsync_principal) - putTagsyncAppProperty('atlas.kafka.sasl.kerberos.service.name', 'kafka') - putTagsyncAppProperty('atlas.kafka.security.protocol', 'PLAINTEXTSASL') - else: - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleName', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleControlFlag', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.useKeyTab', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.storeKey', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.serviceName', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.keyTab', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.principal', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.kafka.sasl.kerberos.service.name', 'delete', 'true') - putTagsyncAppPropertyAttributes('atlas.kafka.security.protocol', 'delete', 'true') - if 'ATLAS' in servicesList and has_ranger_tagsync: atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", services) atlas_host = 'localhost' if len(atlas_hosts) == 0 else atlas_hosts[0]
