Repository: ambari Updated Branches: refs/heads/trunk 532477127 -> 96a29c816
AMBARI-17808. Kerberos Client fails to install (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/96a29c81 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/96a29c81 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/96a29c81 Branch: refs/heads/trunk Commit: 96a29c816e1a9b3a6096f5f24c94f5a3552b4a67 Parents: 5324771 Author: Robert Levas <[email protected]> Authored: Wed Jul 20 15:05:04 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Wed Jul 20 15:05:04 2016 -0400 ---------------------------------------------------------------------- .../libraries/functions/package_conditions.py | 4 - .../KERBEROS/1.10.3-10/metainfo.xml | 30 ---- .../package/scripts/kerberos_server.py | 142 ------------------- .../1.10.3-10/package/templates/kadm5_acl.j2 | 20 --- .../1.10.3-10/package/templates/kdc_conf.j2 | 30 ---- 5 files changed, 226 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/96a29c81/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py b/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py index d5aaae6..35758fa 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py @@ -88,10 +88,6 @@ def should_install_hive_atlas(): has_atlas = len(atlas_hosts) > 0 return has_atlas -def should_install_kerberos_server(): - config = Script.get_config() - return 'role' in config and not _has_applicable_local_component("KERBEROS_CLIENT") - def should_install_ranger_tagsync(): config = Script.get_config() ranger_tagsync_hosts = default("/clusterHostInfo/ranger_tagsync_hosts", []) http://git-wip-us.apache.org/repos/asf/ambari/blob/96a29c81/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml index d7cd641..6a2dd09 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml @@ -76,16 +76,6 @@ <osFamily>redhat7,amazon2015,redhat6</osFamily> <packages> <package> - <name>krb5-server</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> - <package> - <name>krb5-libs</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> - <package> <name>krb5-workstation</name> <skipUpgrade>true</skipUpgrade> </package> @@ -96,16 +86,6 @@ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily> <packages> <package> - <name>krb5-kdc</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> - <package> - <name>krb5-admin-server</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> - <package> <name>krb5-user</name> <skipUpgrade>true</skipUpgrade> </package> @@ -120,19 +100,9 @@ <osFamily>suse11,suse12</osFamily> <packages> <package> - <name>krb5</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> - <package> <name>krb5-client</name> <skipUpgrade>true</skipUpgrade> </package> - <package> - <name>krb5-server</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_kerberos_server</condition> - </package> </packages> </osSpecific> </osSpecifics> http://git-wip-us.apache.org/repos/asf/ambari/blob/96a29c81/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_server.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_server.py deleted file mode 100644 index fb43cb8..0000000 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_server.py +++ /dev/null @@ -1,142 +0,0 @@ -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -""" - -from kerberos_common import * -from resource_management.libraries.functions.check_process_status import check_process_status -from ambari_commons.os_check import OSCheck - -class KerberosServer(KerberosScript): - @staticmethod - def write_kadm5_acl(): - import params - - Directory(params.kadm5_acl_dir, - owner='root', - create_parents = True, - group='root', - mode=0700 - ) - - if (params.kadm5_acl_template is None) or not params.kadm5_acl_template.strip(): - content = Template('kadm5_acl.j2') - else: - content = InlineTemplate(params.kadm5_acl_template) - - File(params.kadm5_acl_path, - content=content, - owner='root', - group='root', - mode=0600 - ) - - @staticmethod - def write_kdc_conf(): - import params - - Directory(params.kdc_conf_dir, - owner='root', - create_parents = True, - group='root', - mode=0700 - ) - - if (params.kdc_conf_template is None) or not params.kdc_conf_template.strip(): - content = Template('kdc_conf.j2') - else: - content = InlineTemplate(params.kdc_conf_template) - - File(params.kdc_conf_path, - content=content, - owner='root', - group='root', - mode=0600 - ) - - def install(self, env): - import params - - self.install_packages(env) - self.configure(env) - - # Create the Kerberos database (only on install, for now) - Execute( - "%s create -s -P '%s'" % (params.kdb5_util_path, KerberosScript.create_random_password())) - - # Create or update the administrator account - KerberosScript.create_or_update_administrator_identity() - - - def start(self, env): - # Attempt to reconfigure the service before starting - self.configure(env) - - # Create or update the administrator account - KerberosScript.create_or_update_administrator_identity() - - if OSCheck.is_suse_family(): - Execute('rckadmind start') - Execute('rckrb5kdc start') - elif OSCheck.is_ubuntu_family(): - Execute('service krb5-kdc start') - Execute('service krb5-admin-server start') - else: - Execute('service krb5kdc start') - Execute('service kadmin start') - - def stop(self, env): - if OSCheck.is_suse_family(): - Execute('rckadmind stop') - Execute('rckrb5kdc stop') - elif OSCheck.is_ubuntu_family(): - Execute('service krb5-kdc stop') - Execute('service krb5-admin-server stop') - else: - Execute('service krb5kdc stop') - Execute('service kadmin stop') - - - def configure(self, env): - import params - env.set_params(params) - - KerberosServer.write_krb5_conf() - KerberosServer.write_kdc_conf() - KerberosServer.write_kadm5_acl() - - def status(self, env): - import params - - if OSCheck.is_suse_family(): - try: - Execute('checkproc `which krb5kdc`') - Execute('checkproc `which kadmind`') - except Fail as ex: - raise ComponentIsNotRunning() - - elif OSCheck.is_ubuntu_family(): - check_process_status(params.kdamin_pid_path) - check_process_status(params.krb5kdc_pid_path) - - else: - check_process_status(params.kdamin_pid_path) - check_process_status(params.krb5kdc_pid_path) - - -if __name__ == "__main__": - KerberosServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/96a29c81/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kadm5_acl.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kadm5_acl.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kadm5_acl.j2 deleted file mode 100644 index d82ae23..0000000 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kadm5_acl.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#} -*/admin@{{realm}} * - -{# Append additional realm declarations should be placed below #} http://git-wip-us.apache.org/repos/asf/ambari/blob/96a29c81/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kdc_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kdc_conf.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kdc_conf.j2 deleted file mode 100644 index f78adc7..0000000 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/kdc_conf.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#} -[kdcdefaults] - kdc_ports = {{kdcdefaults_kdc_ports}} - kdc_tcp_ports = {{kdcdefaults_kdc_tcp_ports}} - -[realms] - {{realm}} = { - acl_file = {{kadm5_acl_path}} - dict_file = /usr/share/dict/words - admin_keytab = {{kadm5_acl_dir}}/kadm5.keytab - supported_enctypes = {{encryption_types}} - } - -{# Append additional realm declarations should be placed below #} \ No newline at end of file
