[13/19] ambari git commit: AMBARI-17828 : Nimbus, Storm UI server stopped after disabling ranger plugins (Gautam Borad via jluniya)

Thu, 21 Jul 2016 14:03:00 -0700 

AMBARI-17828 : Nimbus, Storm UI server stopped after disabling ranger plugins 
(Gautam Borad via jluniya)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bd7f3222
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bd7f3222
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bd7f3222

Branch: refs/heads/branch-embedded-views
Commit: bd7f32229c604fad400bc7c7d37437d75e79ad98
Parents: b145475
Author: Jayush Luniya <[email protected]>
Authored: Thu Jul 21 10:32:44 2016 -0700
Committer: Jayush Luniya <[email protected]>
Committed: Thu Jul 21 10:32:44 2016 -0700

----------------------------------------------------------------------
 .../stacks/HDP/2.5/services/stack_advisor.py    | 18 +++++
 .../stacks/2.5/common/test_stack_advisor.py     | 82 ++++++++++++++++++++
 2 files changed, 100 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/bd7f3222/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 1bd8206..f7d3e58 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -344,8 +344,10 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
     return parentRecommendConfDict
 
   def recommendStormConfigurations(self, configurations, clusterData, 
services, hosts):
+    super(HDP25StackAdvisor, 
self).recommendStormConfigurations(configurations, clusterData, services, hosts)
     storm_site = getServicesSiteProperties(services, "storm-site")
     putStormSiteProperty = self.putProperty(configurations, "storm-site", 
services)
+    putStormSiteAttributes = self.putPropertyAttribute(configurations, 
"storm-site")
     security_enabled = (storm_site is not None and "storm.zookeeper.superACL" 
in storm_site)
     if security_enabled:
       _storm_principal_name = 
services['configurations']['storm-env']['properties']['storm_principal_name']
@@ -353,6 +355,22 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
       storm_nimbus_impersonation_acl = storm_site["nimbus.impersonation.acl"]
       storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}', 
storm_bare_jaas_principal)
       putStormSiteProperty('nimbus.impersonation.acl', 
storm_nimbus_impersonation_acl)
+    rangerPluginEnabled = ''
+    if 'ranger-storm-plugin-properties' in configurations and 
'ranger-storm-plugin-enabled' in  
configurations['ranger-storm-plugin-properties']['properties']:
+      rangerPluginEnabled = 
configurations['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
+    elif 'ranger-storm-plugin-properties' in services['configurations'] and 
'ranger-storm-plugin-enabled' in 
services['configurations']['ranger-storm-plugin-properties']['properties']:
+      rangerPluginEnabled = 
services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
+
+    storm_authorizer_class = 
'org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer'
+    ranger_authorizer_class = 
'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer'
+    # Cluster is kerberized
+    if security_enabled:
+      if rangerPluginEnabled and (rangerPluginEnabled.lower() == 
'Yes'.lower()):
+        putStormSiteProperty('nimbus.authorizer',ranger_authorizer_class)
+      elif rangerPluginEnabled and (rangerPluginEnabled.lower() == 
'No'.lower()) and 
(services["configurations"]["storm-site"]["properties"]["nimbus.authorizer"] == 
ranger_authorizer_class):
+        putStormSiteProperty('nimbus.authorizer', storm_authorizer_class)
+    else:
+      putStormSiteAttributes('nimbus.authorizer', 'delete', 'true')
 
   def recommendAtlasConfigurations(self, configurations, clusterData, 
services, hosts):
     putAtlasApplicationProperty = self.putProperty(configurations, 
"application-properties", services)

http://git-wip-us.apache.org/repos/asf/ambari/blob/bd7f3222/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 
b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
index f0a1c87..64f63d9 100644
--- a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
@@ -7461,6 +7461,88 @@ class TestHDP25StackAdvisor(TestCase):
     
self.assertEquals(self.stackAdvisor.get_phoenix_query_server_hosts(services, 
hosts),
         phoenix_query_server_hosts)
 
+  def test_recommendStormConfigurations(self):
+    configurations = {}
+    clusterData = {}
+    services = {
+      "services":
+        [
+          {
+            "StackServices": {
+              "service_name" : "STORM",
+              "service_version" : "1.0.1.0.0"
+            }
+          },
+          {
+            "StackServices": {
+              "service_name": "RANGER",
+              "service_version": "0.6.0"
+
+            },
+            "components": [
+              {
+                "StackServiceComponents": {
+                  "component_name": "RANGER_ADMIN",
+                  "hostnames": ["host1"]
+                }
+              }
+            ]
+          }
+        ],
+      "Versions": {
+        "stack_version": "2.5"
+      },
+      "configurations": {
+        "storm-site": {
+          "properties": {
+            "nimbus.authorizer" : 
"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer",
+            "nimbus.impersonation.acl" :"{{{storm_bare_jaas_principal}} : 
{hosts: ['*'], groups: ['*']}}"
+            },
+          "property_attributes": {}
+        },
+        "storm-env": {
+          "properties":{
+            "storm_principal_name": "[email protected]"
+          },
+        },
+        "ranger-storm-plugin-properties": {
+          "properties": {
+            "ranger-storm-plugin-enabled": "No"
+          }
+        }
+      }
+    }
+
+    # Test nimbus.authorizer with Ranger Storm plugin disabled in non-kerberos 
environment
+    self.stackAdvisor.recommendStormConfigurations(configurations, 
clusterData, services, None)
+    
self.assertEquals(configurations['storm-site']['property_attributes']['nimbus.authorizer'],
 {'delete': 'true'}, "Test nimbus.authorizer with Ranger Storm plugin disabled 
in non-kerberos environment")
+
+    # Test nimbus.authorizer with Ranger Storm plugin enabled in non-kerberos 
environment
+    configurations['storm-site']['properties'] = {}
+    configurations['storm-site']['property_attributes'] = {}
+    
services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
 = 'Yes'
+    self.stackAdvisor.recommendStormConfigurations(configurations, 
clusterData, services, None)
+    
self.assertEquals(configurations['storm-site']['property_attributes']['nimbus.authorizer'],
 {'delete': 'true'}, "Test nimbus.authorizer with Ranger Storm plugin enabled 
in non-kerberos environment")
+
+    # Test nimbus.authorizer with Ranger Storm plugin being enabled in 
kerberos environment
+    configurations['storm-site']['properties'] = {}
+    configurations['storm-site']['property_attributes'] = {}
+    
services['configurations']['storm-site']['properties']['nimbus.authorizer'] = ''
+    
services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
 = 'Yes'
+    
services['configurations']['storm-site']['properties']['storm.zookeeper.superACL']
 = 'sasl:{{storm_bare_jaas_principal}}'
+    self.stackAdvisor.recommendStormConfigurations(configurations, 
clusterData, services, None)
+    
self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'],
 'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer', 
"Test nimbus.authorizer with Ranger Storm plugin enabled in kerberos 
environment")
+
+    # Test nimbus.authorizer with Ranger Storm plugin being disabled in 
kerberos environment
+    configurations['storm-site']['properties'] = {}
+    configurations['storm-site']['property_attributes'] = {}
+    
services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
 = 'No'
+    
services['configurations']['storm-site']['properties']['storm.zookeeper.superACL']
 = 'sasl:{{storm_bare_jaas_principal}}'
+    
services['configurations']['storm-site']['properties']['nimbus.authorizer'] = 
'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer'
+    self.stackAdvisor.recommendStormConfigurations(configurations, 
clusterData, services, None)
+    
self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'],
 'org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer', "Test 
nimbus.authorizer with Ranger Storm plugin being disabled in kerberos 
environment")
+
+
 """
 Given a comma-separated string, split the items, sort them, and re-join the 
elements
 back into a comma-separated string

Reply via email to