AMBARI-18829. Allow Ambari to manage Kafka's Custom JAAS Config (smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5a32eda8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5a32eda8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5a32eda8 Branch: refs/heads/branch-dev-patch-upgrade Commit: 5a32eda86a01c558dc191d5516d4d7b4e8051d57 Parents: ce46060 Author: Sumit Mohanty <[email protected]> Authored: Mon Nov 14 21:04:41 2016 -0800 Committer: Sumit Mohanty <[email protected]> Committed: Mon Nov 14 21:05:32 2016 -0800 ---------------------------------------------------------------------- .../configuration/kafka_client_jaas_conf.xml | 41 ++++++++++++++ .../0.8.1/configuration/kafka_jaas_conf.xml | 59 ++++++++++++++++++++ .../common-services/KAFKA/0.8.1/metainfo.xml | 2 + .../KAFKA/0.8.1/package/scripts/kafka.py | 12 ++++ .../KAFKA/0.8.1/package/scripts/params.py | 2 + 5 files changed, 116 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml new file mode 100644 index 0000000..164d91e --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml @@ -0,0 +1,41 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_adding_forbidden="true"> + <property> + <name>content</name> + <display-name>kafka_client_jaas template</display-name> + <description>Kafka client jaas config</description> + <value> +KafkaClient { +com.sun.security.auth.module.Krb5LoginModule required +useTicketCache=true +renewTicket=true +serviceName="{{kafka_bare_jaas_principal}}"; +}; + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml new file mode 100644 index 0000000..fdde8f2 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_adding_forbidden="true"> + <property> + <name>content</name> + <display-name>kafka_jaas template</display-name> + <description>Kafka jaas config</description> + <value> +KafkaServer { +com.sun.security.auth.module.Krb5LoginModule required +useKeyTab=true +keyTab="{{kafka_keytab_path}}" +storeKey=true +useTicketCache=false +serviceName="{{kafka_bare_jaas_principal}}" +principal="{{kafka_jaas_principal}}"; +}; +KafkaClient { +com.sun.security.auth.module.Krb5LoginModule required +useTicketCache=true +renewTicket=true +serviceName="{{kafka_bare_jaas_principal}}"; +}; +Client { +com.sun.security.auth.module.Krb5LoginModule required +useKeyTab=true +keyTab="{{kafka_keytab_path}}" +storeKey=true +useTicketCache=false +serviceName="zookeeper" +principal="{{kafka_jaas_principal}}"; +}; + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml index 8630c87..049705d 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml @@ -83,6 +83,8 @@ <config-type>zookeeper-env</config-type> <config-type>zoo.cfg</config-type> <config-type>ams-ssl-client</config-type> + <config-type>kafka_jaas_conf</config-type> + <config-type>kafka_client_jaas_conf</config-type> </configuration-dependencies> <osSpecifics> <osSpecific> http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py index a53a547..3f7104a 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py @@ -133,9 +133,21 @@ def kafka(upgrade_type=None): ) if params.security_enabled and params.kafka_kerberos_enabled: + if params.kafka_jaas_conf_template: + File(format("{conf_dir}/kafka_jaas.conf"), + owner=params.kafka_user, + content=InlineTemplate(params.kafka_jaas_conf_template) + ) + else: TemplateConfig(format("{conf_dir}/kafka_jaas.conf"), owner=params.kafka_user) + if params.kafka_client_jaas_conf_template: + File(format("{conf_dir}/kafka_client_jaas.conf"), + owner=params.kafka_user, + content=InlineTemplate(params.kafka_client_jaas_conf_template) + ) + else: TemplateConfig(format("{conf_dir}/kafka_client_jaas.conf"), owner=params.kafka_user) http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py index 107bf6e..0cb88fe 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py @@ -93,6 +93,8 @@ kafka_managed_log_dir = "/var/log/kafka" user_group = config['configurations']['cluster-env']['user_group'] java64_home = config['hostLevelParams']['java_home'] kafka_env_sh_template = config['configurations']['kafka-env']['content'] +kafka_jaas_conf_template = default("/configurations/kafka_jaas_conf/content", None) +kafka_client_jaas_conf_template = default("/configurations/kafka_client_jaas_conf/content", None) kafka_hosts = config['clusterHostInfo']['kafka_broker_hosts'] kafka_hosts.sort()
