ambari git commit: AMBARI-17763. Create seperate Identity for Atlas Jaas Kafka client. (Addendum patch) (Mugdha via Jaimin)

jaimin Mon, 18 Jul 2016 13:04:11 -0700

Repository: ambari
Updated Branches:
  refs/heads/branch-2.4 e1b36d466 -> 7f697effa



AMBARI-17763. Create seperate Identity for Atlas Jaas Kafka client. (Addendum 
patch) (Mugdha via Jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7f697eff
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7f697eff
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7f697eff

Branch: refs/heads/branch-2.4
Commit: 7f697effa5e1ba81d8fc664b3f2708a906126a6c
Parents: e1b36d4
Author: Jaimin Jetly <[email protected]>
Authored: Mon Jul 18 13:06:42 2016 -0700
Committer: Jaimin Jetly <[email protected]>
Committed: Mon Jul 18 13:07:24 2016 -0700

----------------------------------------------------------------------
 .../common-services/RANGER/0.6.0/kerberos.json  | 11 +++++--
 .../stacks/HDP/2.5/services/stack_advisor.py    | 32 --------------------
 2 files changed, 9 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/7f697eff/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index 564c57b..94c681d 100644
--- 
a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ 
b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -106,6 +106,15 @@
                 },
                 "configuration": 
"ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
               }
+            },
+            {
+              "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+              "principal": {
+                "configuration": 
"tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
+              },
+              "keytab": {
+                "configuration": 
"tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab"
+              }
             }
           ],
           "configurations": [
@@ -116,8 +125,6 @@
                 "atlas.jaas.KafkaClient.option.useKeyTab": "true",
                 "atlas.jaas.KafkaClient.option.storeKey": "true",
                 "atlas.jaas.KafkaClient.option.serviceName": "kafka",
-                "atlas.jaas.KafkaClient.option.keyTab": 
"${ranger-tagsync-site/ranger.tagsync.kerberos.keytab}",
-                "atlas.jaas.KafkaClient.option.principal": 
"${ranger-tagsync-site/ranger.tagsync.kerberos.principal}",
                 "atlas.kafka.sasl.kerberos.service.name": "kafka",
                 "atlas.kafka.security.protocol": "PLAINTEXTSASL"
               }

http://git-wip-us.apache.org/repos/asf/ambari/blob/7f697eff/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index db3614f..0d12ffc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -1508,11 +1508,8 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
     super(HDP25StackAdvisor, 
self).recommendRangerConfigurations(configurations, clusterData, services, 
hosts)
     servicesList = [service["StackServices"]["service_name"] for service in 
services["services"]]
     has_ranger_tagsync = False
-    security_enabled = self.isSecurityEnabled(services)
-    ranger_tagsync_site = getServicesSiteProperties(services, 
"ranger-tagsync-site")
 
     putTagsyncAppProperty = self.putProperty(configurations, 
"tagsync-application-properties", services)
-    putTagsyncAppPropertyAttributes = 
self.putPropertyAttribute(configurations, "tagsync-application-properties")
     putTagsyncSiteProperty = self.putProperty(configurations, 
"ranger-tagsync-site", services)
     putRangerAdminProperty = self.putProperty(configurations, 
"ranger-admin-site", services)
     putRangerEnvProperty = self.putProperty(configurations, "ranger-env", 
services)
@@ -1520,35 +1517,6 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
     ranger_tagsync_host = self.__getHostsForComponent(services, "RANGER", 
"RANGER_TAGSYNC")
     has_ranger_tagsync = len(ranger_tagsync_host) > 0
 
-    if has_ranger_tagsync:
-      tagsync_keytab_path = ''
-      tagsync_principal = ''
-      if ranger_tagsync_site is not None:
-        tagsync_keytab_path = 
ranger_tagsync_site.get('ranger.tagsync.kerberos.keytab')
-        tagsync_principal = 
ranger_tagsync_site.get('ranger.tagsync.kerberos.principal')
-        tagsync_principal = tagsync_principal.replace('_HOST', 
ranger_tagsync_host[0].lower())
-
-      if security_enabled:
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleName', 
'com.sun.security.auth.module.Krb5LoginModule')
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleControlFlag', 
'required')
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.useKeyTab', 
'true')
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.storeKey', 'true')
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.serviceName', 
'kafka')
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.keyTab', 
tagsync_keytab_path)
-        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.principal', 
tagsync_principal)
-        putTagsyncAppProperty('atlas.kafka.sasl.kerberos.service.name', 
'kafka')
-        putTagsyncAppProperty('atlas.kafka.security.protocol', 'PLAINTEXTSASL')
-      else:
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleName', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleControlFlag',
 'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.useKeyTab', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.storeKey', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.serviceName', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.keyTab', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.principal', 
'delete', 'true')
-        
putTagsyncAppPropertyAttributes('atlas.kafka.sasl.kerberos.service.name', 
'delete', 'true')
-        putTagsyncAppPropertyAttributes('atlas.kafka.security.protocol', 
'delete', 'true')
-
     if 'ATLAS' in servicesList and has_ranger_tagsync:
       atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", 
services)
       atlas_host = 'localhost' if len(atlas_hosts) == 0 else atlas_hosts[0]

ambari git commit: AMBARI-17763. Create seperate Identity for Atlas Jaas Kafka client. (Addendum patch) (Mugdha via Jaimin)

Reply via email to