AMBARI-18928. Perf: Add Hadoop Core services to PERF stack (alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6e8d3458 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6e8d3458 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6e8d3458 Branch: refs/heads/branch-2.5 Commit: 6e8d34587f69062a34b55f46166dec52be4b661a Parents: f1a2594 Author: Alejandro Fernandez <[email protected]> Authored: Fri Nov 18 14:50:15 2016 -0800 Committer: Alejandro Fernandez <[email protected]> Committed: Fri Nov 18 14:50:15 2016 -0800 ---------------------------------------------------------------------- .../GRUMPY/configuration/grumpy-site.xml | 36 + .../PERF/1.0/services/GRUMPY/metainfo.xml | 57 + .../services/GRUMPY/package/scripts/dwarf.py | 38 + .../GRUMPY/package/scripts/service_check.py | 30 + .../PERF/1.0/services/GRUMPY/themes/theme.json | 65 + .../stacks/PERF/1.0/services/HBASE/alerts.json | 127 + .../services/HBASE/configuration/hbase-env.xml | 292 + .../HBASE/configuration/hbase-log4j.xml | 146 + .../configuration/hbase-logsearch-conf.xml | 111 + .../HBASE/configuration/hbase-policy.xml | 53 + .../services/HBASE/configuration/hbase-site.xml | 573 ++ .../HBASE/configuration/ranger-hbase-audit.xml | 122 + .../ranger-hbase-policymgr-ssl.xml | 66 + .../configuration/ranger-hbase-security.xml | 68 + .../PERF/1.0/services/HBASE/kerberos.json | 159 + .../stacks/PERF/1.0/services/HBASE/metainfo.xml | 196 + .../stacks/PERF/1.0/services/HBASE/metrics.json | 9374 ++++++++++++++++++ .../HBASE/package/scripts/hbase_client.py | 38 + .../HBASE/package/scripts/hbase_master.py | 41 + .../HBASE/package/scripts/hbase_regionserver.py | 41 + .../package/scripts/phoenix_queryserver.py | 38 + .../HBASE/package/scripts/service_check.py | 30 + .../services/HBASE/quicklinks/quicklinks.json | 97 + .../PERF/1.0/services/HBASE/themes/theme.json | 411 + .../stacks/PERF/1.0/services/HBASE/widgets.json | 510 + .../stacks/PERF/1.0/services/HDFS/alerts.json | 1786 ++++ .../services/HDFS/configuration/core-site.xml | 225 + .../services/HDFS/configuration/hadoop-env.xml | 419 + .../hadoop-metrics2.properties.xml | 125 + .../HDFS/configuration/hadoop-policy.xml | 130 + .../services/HDFS/configuration/hdfs-log4j.xml | 225 + .../HDFS/configuration/hdfs-logsearch-conf.xml | 248 + .../services/HDFS/configuration/hdfs-site.xml | 633 ++ .../HDFS/configuration/ranger-hdfs-audit.xml | 124 + .../ranger-hdfs-plugin-properties.xml | 88 + .../configuration/ranger-hdfs-policymgr-ssl.xml | 67 + .../HDFS/configuration/ranger-hdfs-security.xml | 65 + .../services/HDFS/configuration/ssl-client.xml | 70 + .../services/HDFS/configuration/ssl-server.xml | 80 + .../stacks/PERF/1.0/services/HDFS/kerberos.json | 246 + .../stacks/PERF/1.0/services/HDFS/metainfo.xml | 265 + .../stacks/PERF/1.0/services/HDFS/metrics.json | 7905 +++++++++++++++ .../package/alerts/alert_checkpoint_time.py | 69 + .../alerts/alert_datanode_unmounted_data_dir.py | 74 + .../package/alerts/alert_ha_namenode_health.py | 75 + .../package/alerts/alert_metrics_deviation.py | 85 + .../package/alerts/alert_upgrade_finalized.py | 74 + .../services/HDFS/package/scripts/datanode.py | 38 + .../HDFS/package/scripts/hdfs_client.py | 38 + .../HDFS/package/scripts/journalnode.py | 38 + .../services/HDFS/package/scripts/namenode.py | 54 + .../services/HDFS/package/scripts/nfsgateway.py | 38 + .../HDFS/package/scripts/service_check.py | 30 + .../services/HDFS/package/scripts/snamenode.py | 38 + .../services/HDFS/package/scripts/zkfc_slave.py | 38 + .../services/HDFS/quicklinks/quicklinks.json | 76 + .../PERF/1.0/services/HDFS/themes/theme.json | 179 + .../stacks/PERF/1.0/services/HDFS/widgets.json | 649 ++ .../SLEEPY/configuration/sleepy-site.xml | 36 + .../PERF/1.0/services/SLEEPY/metainfo.xml | 57 + .../services/SLEEPY/package/scripts/dwarf.py | 38 + .../SLEEPY/package/scripts/service_check.py | 30 + .../PERF/1.0/services/SLEEPY/themes/theme.json | 65 + .../PERF/1.0/services/YARN/YARN_metrics.json | 3486 +++++++ .../PERF/1.0/services/YARN/YARN_widgets.json | 611 ++ .../stacks/PERF/1.0/services/YARN/alerts.json | 392 + .../YARN/configuration-mapred/mapred-env.xml | 50 + .../YARN/configuration-mapred/mapred-site.xml | 134 + .../YARN/configuration/capacity-scheduler.xml | 69 + .../YARN/configuration/ranger-yarn-audit.xml | 121 + .../ranger-yarn-plugin-properties.xml | 82 + .../configuration/ranger-yarn-policymgr-ssl.xml | 66 + .../YARN/configuration/ranger-yarn-security.xml | 58 + .../services/YARN/configuration/yarn-env.xml | 201 + .../services/YARN/configuration/yarn-log4j.xml | 103 + .../services/YARN/configuration/yarn-site.xml | 796 ++ .../stacks/PERF/1.0/services/YARN/kerberos.json | 279 + .../stacks/PERF/1.0/services/YARN/metainfo.xml | 352 + .../package/alerts/alert_nodemanager_health.py | 67 + .../alerts/alert_nodemanagers_summary.py | 68 + .../scripts/application_timeline_server.py | 38 + .../YARN/package/scripts/historyserver.py | 38 + .../package/scripts/mapred_service_check.py | 30 + .../YARN/package/scripts/mapreduce2_client.py | 38 + .../YARN/package/scripts/nodemanager.py | 38 + .../YARN/package/scripts/resourcemanager.py | 44 + .../YARN/package/scripts/service_check.py | 30 + .../YARN/package/scripts/yarn_client.py | 38 + .../YARN/quicklinks-mapred/quicklinks.json | 76 + .../services/YARN/quicklinks/quicklinks.json | 76 + .../1.0/services/YARN/themes-mapred/theme.json | 132 + .../PERF/1.0/services/YARN/themes/theme.json | 250 + .../PERF/1.0/services/ZOOKEEPER/metainfo.xml | 50 + .../ZOOKEEPER/package/scripts/service_check.py | 30 + .../package/scripts/zookeeper_client.py | 38 + .../package/scripts/zookeeper_server.py | 38 + 96 files changed, 35158 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/configuration/grumpy-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/configuration/grumpy-site.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/configuration/grumpy-site.xml new file mode 100644 index 0000000..2d4c442 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/configuration/grumpy-site.xml @@ -0,0 +1,36 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>success.percentage</name> + <value>50</value> + <description>The success percentage of any operation.</description> + <display-name>Success percentage</display-name> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + <maximum>100</maximum> + <increment-step>10</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/metainfo.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/metainfo.xml new file mode 100644 index 0000000..15c5cfd --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/metainfo.xml @@ -0,0 +1,57 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<metainfo> + <schemaVersion>2.0</schemaVersion> + <services> + <service> + <name>GRUMPY</name> + <displayName>Grumpy</displayName> + <comment>Fails with a high percentage</comment> + <version>1.0</version> + <components> + + <component> + <name>GRUMPY</name> + <displayName>Grumpy</displayName> + <category>SLAVE</category> + <cardinality>0+</cardinality> + <commandScript> + <script>scripts/dwarf.py</script> + <scriptType>PYTHON</scriptType> + <timeout>600</timeout> + </commandScript> + </component> + </components> + + <commandScript> + <script>scripts/service_check.py</script> + <scriptType>PYTHON</scriptType> + <timeout>300</timeout> + </commandScript> + + <restartRequiredAfterChange>true</restartRequiredAfterChange> + + <themes> + <theme> + <fileName>theme.json</fileName> + <default>true</default> + </theme> + </themes> + </service> + </services> +</metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/dwarf.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/dwarf.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/dwarf.py new file mode 100644 index 0000000..cf4206c --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/dwarf.py @@ -0,0 +1,38 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Ambari Agent + +""" + +# Python Imports + +# Local Imports +from resource_management.libraries.script.dummy import Dummy + + +class Grumpy(Dummy): + """ + Dummy script that simulates a slave component. + """ + + def __init__(self): + super(Grumpy, self).__init__() + self.component_name = "GRUMPY" + +if __name__ == "__main__": + Grumpy().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/service_check.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/service_check.py new file mode 100644 index 0000000..270b082 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/package/scripts/service_check.py @@ -0,0 +1,30 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Ambari Agent + +""" + +from resource_management.libraries.script.script import Script + +class ServiceCheck(Script): + + def service_check(self, env): + print "Service Check" + +if __name__ == "__main__": + ServiceCheck().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/themes/theme.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/themes/theme.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/themes/theme.json new file mode 100644 index 0000000..08f834a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/themes/theme.json @@ -0,0 +1,65 @@ +{ + "name": "default", + "description": "Default theme", + "configuration": { + "layouts": [ + { + "name": "default", + "tabs": [ + { + "name": "settings", + "display-name": "Settings", + "layout": { + "tab-columns": "1", + "tab-rows": "1", + "sections": [ + { + "name": "section-general", + "display-name": "General", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "1", + "section-columns": "1", + "section-rows": "1", + "subsections": [ + { + "name": "subsection-general", + "display-name": "Features", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "1" + } + ] + } + ] + } + } + ] + } + ], + "placement": { + "configuration-layout": "default", + "configs": [ + { + "config": "grumpy-site/success.percentage", + "subsection-name": "subsection-general" + } + ] + }, + "widgets": [ + { + "config": "grumpy-site/success.percentage", + "widget": { + "type": "slider", + "units": [ + { + "unit-name": "percent" + } + ] + } + } + ] + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/alerts.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/alerts.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/alerts.json new file mode 100644 index 0000000..1b3ae25 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/alerts.json @@ -0,0 +1,127 @@ +{ + "HBASE": { + "service": [ + { + "name": "hbase_regionserver_process_percent", + "label": "Percent RegionServers Available", + "description": "This service-level alert is triggered if the configured percentage of RegionServer processes cannot be determined to be up and listening on the network for the configured warning and critical thresholds. It aggregates the results of RegionServer process down checks.", + "interval": 1, + "scope": "SERVICE", + "enabled": true, + "source": { + "type": "AGGREGATE", + "alert_name": "hbase_regionserver_process", + "reporting": { + "ok": { + "text": "affected: [{1}], total: [{0}]" + }, + "warning": { + "text": "affected: [{1}], total: [{0}]", + "value": 10 + }, + "critical": { + "text": "affected: [{1}], total: [{0}]", + "value": 30 + }, + "units" : "%", + "type": "PERCENT" + } + } + } + ], + "HBASE_MASTER": [ + { + "name": "hbase_master_process", + "label": "HBase Master Process", + "description": "This alert is triggered if the HBase master processes cannot be confirmed to be up and listening on the network for the configured critical threshold, given in seconds.", + "interval": 1, + "scope": "ANY", + "source": { + "type": "PORT", + "uri": "{{hbase-site/hbase.master.port}}", + "default_port": 60000, + "reporting": { + "ok": { + "text": "TCP OK - {0:.3f}s response on port {1}" + }, + "warning": { + "text": "TCP OK - {0:.3f}s response on port {1}", + "value": 1.5 + }, + "critical": { + "text": "Connection failed: {0} to {1}:{2}", + "value": 5.0 + } + } + } + }, + { + "name": "hbase_master_cpu", + "label": "HBase Master CPU Utilization", + "description": "This host-level alert is triggered if CPU utilization of the HBase Master exceeds certain warning and critical thresholds. It checks the HBase Master JMX Servlet for the SystemCPULoad property. The threshold values are in percent.", + "interval": 5, + "scope": "ANY", + "enabled": true, + "source": { + "type": "METRIC", + "uri": { + "http": "{{hbase-site/hbase.master.info.port}}", + "default_port": 60010, + "connection_timeout": 5.0, + "kerberos_keytab": "{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}", + "kerberos_principal": "{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}" + }, + "reporting": { + "ok": { + "text": "{1} CPU, load {0:.1%}" + }, + "warning": { + "text": "{1} CPU, load {0:.1%}", + "value": 200 + }, + "critical": { + "text": "{1} CPU, load {0:.1%}", + "value": 250 + }, + "units" : "%", + "type": "PERCENT" + }, + "jmx": { + "property_list": [ + "java.lang:type=OperatingSystem/SystemCpuLoad", + "java.lang:type=OperatingSystem/AvailableProcessors" + ], + "value": "{0} * 100" + } + } + } + ], + "HBASE_REGIONSERVER": [ + { + "name": "hbase_regionserver_process", + "label": "HBase RegionServer Process", + "description": "This host-level alert is triggered if the RegionServer processes cannot be confirmed to be up and listening on the network for the configured critical threshold, given in seconds.", + "interval": 1, + "scope": "HOST", + "source": { + "type": "PORT", + "uri": "{{hbase-site/hbase.regionserver.info.port}}", + "default_port": 60030, + "reporting": { + "ok": { + "text": "TCP OK - {0:.3f}s response on port {1}" + }, + "warning": { + "text": "TCP OK - {0:.3f}s response on port {1}", + "value": 1.5 + }, + "critical": { + "text": "Connection failed: {0} to {1}:{2}", + "value": 5.0 + } + } + } + } + ] + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-env.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-env.xml new file mode 100644 index 0000000..cb14a86 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-env.xml @@ -0,0 +1,292 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_adding_forbidden="true"> + <!-- These properties exist in common services. --> + <property> + <name>hbase_log_dir</name> + <value>/var/log/hbase</value> + <display-name>HBase Log Dir Prefix</display-name> + <description>Log Directories for HBase.</description> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_regionserver_heapsize</name> + <value>4096</value> + <description>Maximum amount of memory each HBase RegionServer can use.</description> + <display-name>HBase RegionServer Maximum Memory</display-name> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + <maximum>6554</maximum> + <unit>MB</unit> + <increment-step>256</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_master_heapsize</name> + <value>4096</value> + <description>Maximum amount of memory each HBase Master can use.</description> + <display-name>HBase Master Maximum Memory</display-name> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + <maximum>16384</maximum> + <unit>MB</unit> + <increment-step>256</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_user_nofile_limit</name> + <value>32000</value> + <description>Max open files limit setting for HBASE user.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_user_nproc_limit</name> + <value>16000</value> + <description>Max number of processes limit setting for HBASE user.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_java_io_tmpdir</name> + <value>/tmp</value> + <description>Used in hbase-env.sh as HBASE_OPTS=-Djava.io.tmpdir=java_io_tmpdir</description> + <value-attributes> + <type>directory</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_principal_name</name> + <description>HBase principal name</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_user_keytab</name> + <description>HBase keytab path</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_regionserver_shutdown_timeout</name> + <value>30</value> + <display-name>HBase RegionServer shutdown timeout</display-name> + <description> + After this number of seconds waiting for graceful stop of HBase Master it will be forced to exit with SIGKILL. + The timeout is introduced because there is a known bug when from time to time HBase RegionServer hangs forever on stop if NN safemode is on. + </description> + <value-attributes> + <type>int</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <!-- These properties exist in HDP 2.2 and higher. --> + <property> + <name>hbase_log_dir</name> + <value>/var/log/hbase</value> + <display-name>HBase Log Dir Prefix</display-name> + <description>Log Directories for HBase.</description> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_pid_dir</name> + <value>/var/run/hbase</value> + <display-name>HBase PID Dir</display-name> + <description>Pid Directory for HBase.</description> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_regionserver_xmn_max</name> + <value>512</value> + <description> + Sets the upper bound on HBase RegionServers' young generation size. + This value is used in case the young generation size (-Xmn) calculated based on the max heapsize (hbase_regionserver_heapsize) + and the -Xmn ratio (hbase_regionserver_xmn_ratio) exceeds this value. + </description> + <display-name>RegionServers maximum value for -Xmn</display-name> + <value-attributes> + <type>int</type> + <unit>MB</unit> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_regionserver_xmn_ratio</name> + <value>0.2</value> + <display-name>RegionServers -Xmn in -Xmx ratio</display-name> + <description>Percentage of max heap size (-Xmx) which used for young generation heap (-Xmn).</description> + <value-attributes> + <type>float</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_user</name> + <display-name>HBase User</display-name> + <value>hbase</value> + <property-type>USER</property-type> + <description>HBase User Name.</description> + <value-attributes> + <type>user</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase_max_direct_memory_size</name> + <value/> + <display-name>HBase off-heap MaxDirectMemorySize</display-name> + <description>If not empty, adds '-XX:MaxDirectMemorySize={{hbase_max_direct_memory_size}}m' to HBASE_REGIONSERVER_OPTS.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>phoenix_sql_enabled</name> + <value>false</value> + <description>Enable Phoenix SQL</description> + <display-name>Enable Phoenix</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>Enabled</label> + </entry> + <entry> + <value>false</value> + <label>Disabled</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <!-- These properties exist in HDP 2.3 and higher. --> + <!-- hbase-env.sh --> + <property> + <name>content</name> + <display-name>hbase-env template</display-name> + <description>This is the jinja template for hbase-env.sh file</description> + <value> +# Set environment variables here. + +# The java implementation to use. Java 1.6 required. +export JAVA_HOME={{java64_home}} + +# HBase Configuration directory +export HBASE_CONF_DIR=${HBASE_CONF_DIR:-{{hbase_conf_dir}}} + +# Extra Java CLASSPATH elements. Optional. +export HBASE_CLASSPATH=${HBASE_CLASSPATH} + + +# The maximum amount of heap to use, in MB. Default is 1000. +# export HBASE_HEAPSIZE=1000 + +# Extra Java runtime options. +# Below are what we set by default. May only work with SUN JVM. +# For more on why as well as other possible settings, +# see http://wiki.apache.org/hadoop/PerformanceTuning +export SERVER_GC_OPTS="-verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:{{log_dir}}/gc.log-`date +'%Y%m%d%H%M'`" +# Uncomment below to enable java garbage collection logging. +# export HBASE_OPTS="$HBASE_OPTS -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:$HBASE_HOME/logs/gc-hbase.log" + +# Uncomment and adjust to enable JMX exporting +# See jmxremote.password and jmxremote.access in $JRE_HOME/lib/management to configure remote password access. +# More details at: http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html +# +# export HBASE_JMX_BASE="-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" +# If you want to configure BucketCache, specify '-XX: MaxDirectMemorySize=' with proper direct memory size +# export HBASE_THRIFT_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=10103" +# export HBASE_ZOOKEEPER_OPTS="$HBASE_JMX_BASE -Dcom.sun.management.jmxremote.port=10104" + +# File naming hosts on which HRegionServers will run. $HBASE_HOME/conf/regionservers by default. +export HBASE_REGIONSERVERS=${HBASE_CONF_DIR}/regionservers + +# Extra ssh options. Empty by default. +# export HBASE_SSH_OPTS="-o ConnectTimeout=1 -o SendEnv=HBASE_CONF_DIR" + +# Where log files are stored. $HBASE_HOME/logs by default. +export HBASE_LOG_DIR={{log_dir}} + +# A string representing this instance of hbase. $USER by default. +# export HBASE_IDENT_STRING=$USER + +# The scheduling priority for daemon processes. See 'man nice'. +# export HBASE_NICENESS=10 + +# The directory where pid files are stored. /tmp by default. +export HBASE_PID_DIR={{pid_dir}} + +# Seconds to sleep between slave commands. Unset by default. This +# can be useful in large clusters, where, e.g., slave rsyncs can +# otherwise arrive faster than the master can service them. +# export HBASE_SLAVE_SLEEP=0.1 + +# Tell HBase whether it should manage it's own instance of Zookeeper or not. +export HBASE_MANAGES_ZK=false + +{% if java_version < 8 %} +JDK_DEPENDED_OPTS="-XX:PermSize=128m -XX:MaxPermSize=128m" +{% endif %} + +{% if security_enabled %} +export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC -XX:ErrorFile={{log_dir}}/hs_err_pid%p.log -Djava.security.auth.login.config={{client_jaas_config_file}} -Djava.io.tmpdir={{java_io_tmpdir}}" +export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}} -Djava.security.auth.login.config={{master_jaas_config_file}} $JDK_DEPENDED_OPTS" +export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 -Xms{{regionserver_heapsize}} -Xmx{{regionserver_heapsize}} -Djava.security.auth.login.config={{regionserver_jaas_config_file}} $JDK_DEPENDED_OPTS" +export PHOENIX_QUERYSERVER_OPTS="$PHOENIX_QUERYSERVER_OPTS -Djava.security.auth.login.config={{queryserver_jaas_config_file}}" +{% else %} +export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC -XX:ErrorFile={{log_dir}}/hs_err_pid%p.log -Djava.io.tmpdir={{java_io_tmpdir}}" +export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}} $JDK_DEPENDED_OPTS" +export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 -Xms{{regionserver_heapsize}} -Xmx{{regionserver_heapsize}} $JDK_DEPENDED_OPTS" +{% endif %} + +# HBase off-heap MaxDirectMemorySize +export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS {% if hbase_max_direct_memory_size %} -XX:MaxDirectMemorySize={{hbase_max_direct_memory_size}}m {% endif %}" +export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS {% if hbase_max_direct_memory_size %} -XX:MaxDirectMemorySize={{hbase_max_direct_memory_size}}m {% endif %}" + </value> + <value-attributes> + <type>content</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-log4j.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-log4j.xml new file mode 100644 index 0000000..8495de1 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-log4j.xml @@ -0,0 +1,146 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_adding_forbidden="true"> + <property> + <name>content</name> + <display-name>hbase-log4j template</display-name> + <description>Custom log4j.properties</description> + <value> +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Define some default values that can be overridden by system properties +hbase.root.logger=INFO,console +hbase.security.logger=INFO,console +hbase.log.dir=. +hbase.log.file=hbase.log + +# Define the root logger to the system property "hbase.root.logger". +log4j.rootLogger=${hbase.root.logger} + +# Logging Threshold +log4j.threshold=ALL + +# +# Daily Rolling File Appender +# +log4j.appender.DRFA=org.apache.log4j.DailyRollingFileAppender +log4j.appender.DRFA.File=${hbase.log.dir}/${hbase.log.file} + +# Rollver at midnight +log4j.appender.DRFA.DatePattern=.yyyy-MM-dd + +# 30-day backup +#log4j.appender.DRFA.MaxBackupIndex=30 +log4j.appender.DRFA.layout=org.apache.log4j.PatternLayout + +# Pattern format: Date LogLevel LoggerName LogMessage +log4j.appender.DRFA.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n + +# Rolling File Appender properties +hbase.log.maxfilesize=256MB +hbase.log.maxbackupindex=20 + +# Rolling File Appender +log4j.appender.RFA=org.apache.log4j.RollingFileAppender +log4j.appender.RFA.File=${hbase.log.dir}/${hbase.log.file} + +log4j.appender.RFA.MaxFileSize=${hbase.log.maxfilesize} +log4j.appender.RFA.MaxBackupIndex=${hbase.log.maxbackupindex} + +log4j.appender.RFA.layout=org.apache.log4j.PatternLayout +log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n + +# +# Security audit appender +# +hbase.security.log.file=SecurityAuth.audit +hbase.security.log.maxfilesize=256MB +hbase.security.log.maxbackupindex=20 +log4j.appender.RFAS=org.apache.log4j.RollingFileAppender +log4j.appender.RFAS.File=${hbase.log.dir}/${hbase.security.log.file} +log4j.appender.RFAS.MaxFileSize=${hbase.security.log.maxfilesize} +log4j.appender.RFAS.MaxBackupIndex=${hbase.security.log.maxbackupindex} +log4j.appender.RFAS.layout=org.apache.log4j.PatternLayout +log4j.appender.RFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n +log4j.category.SecurityLogger=${hbase.security.logger} +log4j.additivity.SecurityLogger=false +#log4j.logger.SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController=TRACE + +# +# Null Appender +# +log4j.appender.NullAppender=org.apache.log4j.varia.NullAppender + +# +# console +# Add "console" to rootlogger above if you want to use this +# +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.target=System.err +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n + +# Custom Logging levels + +log4j.logger.org.apache.zookeeper=INFO +#log4j.logger.org.apache.hadoop.fs.FSNamesystem=DEBUG +log4j.logger.org.apache.hadoop.hbase=INFO +# Make these two classes INFO-level. Make them DEBUG to see more zk debug. +log4j.logger.org.apache.hadoop.hbase.zookeeper.ZKUtil=INFO +log4j.logger.org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher=INFO +#log4j.logger.org.apache.hadoop.dfs=DEBUG +# Set this class to log INFO only otherwise its OTT +# Enable this to get detailed connection error/retry logging. +# log4j.logger.org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation=TRACE + + +# Uncomment this line to enable tracing on _every_ RPC call (this can be a lot of output) +#log4j.logger.org.apache.hadoop.ipc.HBaseServer.trace=DEBUG + +# Uncomment the below if you want to remove logging of client region caching' +# and scan of .META. messages +# log4j.logger.org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation=INFO +# log4j.logger.org.apache.hadoop.hbase.client.MetaScanner=INFO + + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-logsearch-conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-logsearch-conf.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-logsearch-conf.xml new file mode 100644 index 0000000..321ea4e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-logsearch-conf.xml @@ -0,0 +1,111 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_adding_forbidden="true"> + <property> + <name>service_name</name> + <display-name>Service name</display-name> + <description>Service name for Logsearch Portal (label)</description> + <value>HBase</value> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>component_mappings</name> + <display-name>Component mapping</display-name> + <description>Logsearch component logid mapping list (e.g.: COMPONENT1:logid1,logid2;COMPONENT2:logid3)</description> + <value>HBASE_MASTER:hbase_master;HBASE_REGIONSERVER:hbase_regionserver;PHOENIX_QUERY_SERVER:hbase_phoenix_server</value> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>content</name> + <display-name>Logfeeder Config</display-name> + <description>Metadata jinja template for Logfeeder which contains grok patterns for reading service specific logs.</description> + <value> +{ + "input":[ + { + "type":"hbase_master", + "rowtype":"service", + "path":"{{default('/configurations/hbase-env/hbase_log_dir', '/var/log/hbase')}}/hbase-*-master-*.log" + }, + { + "type":"hbase_regionserver", + "rowtype":"service", + "path":"{{default('/configurations/hbase-env/hbase_log_dir', '/var/log/hbase')}}/hbase-*-regionserver-*.log" + }, + { + "type":"hbase_phoenix_server", + "rowtype":"service", + "path":"{{default('/configurations/hbase-env/hbase_log_dir', '/var/log/hbase')}}/phoenix-*-server.log" + } + ], + "filter":[ + { + "filter":"grok", + "conditions":{ + "fields":{ + "type":[ + "hbase_master", + "hbase_regionserver" + ] + } + }, + "log4j_format":"%d{ISO8601} %-5p [%t] %c{2}: %m%n", + "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})", + "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}%{JAVACLASS:logger_name}:%{SPACE}%{GREEDYDATA:log_message}", + "post_map_values":{ + "logtime":{ + "map_date":{ + "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS" + } + } + } + }, + { + "filter":"grok", + "conditions":{ + "fields":{ + "type":[ + "hbase_phoenix_server" + ] + } + }, + "log4j_format":"%d{ISO8601} %-5p [%t] %c{2}: %m%n", + "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})", + "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}:%{SPACE}%{GREEDYDATA:log_message}", + "post_map_values":{ + "logtime":{ + "map_date":{ + "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS" + } + } + } + } + ] + } + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-policy.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-policy.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-policy.xml new file mode 100644 index 0000000..c1112bc --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-policy.xml @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + <property> + <name>security.client.protocol.acl</name> + <value>*</value> + <description>ACL for HRegionInterface protocol implementations (ie. + clients talking to HRegionServers) + The ACL is a comma-separated list of user and group names. The user and + group list is separated by a blank. For e.g. "alice,bob users,wheel". + A special value of "*" means all users are allowed.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>security.admin.protocol.acl</name> + <value>*</value> + <description>ACL for HMasterInterface protocol implementation (ie. + clients talking to HMaster for admin operations). + The ACL is a comma-separated list of user and group names. The user and + group list is separated by a blank. For e.g. "alice,bob users,wheel". + A special value of "*" means all users are allowed.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>security.masterregion.protocol.acl</name> + <value>*</value> + <description>ACL for HMasterRegionInterface protocol implementations + (for HRegionServers communicating with HMaster) + The ACL is a comma-separated list of user and group names. The user and + group list is separated by a blank. For e.g. "alice,bob users,wheel". + A special value of "*" means all users are allowed.</description> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml new file mode 100644 index 0000000..99abdde --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml @@ -0,0 +1,573 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <!-- These properties exist in common services. --> + <property> + <name>hbase.rootdir</name> + <value>hdfs://localhost:8020/apps/hbase/data</value> + <description>The directory shared by region servers and into + which HBase persists. The URL should be 'fully-qualified' + to include the filesystem scheme. For example, to specify the + HDFS directory '/hbase' where the HDFS instance's namenode is + running at namenode.example.org on port 9000, set this value to: + hdfs://namenode.example.org:9000/hbase. By default HBase writes + into /tmp. Change this configuration else all data will be lost + on machine restart. + </description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>hbase.cluster.distributed</name> + <value>true</value> + <description>The mode the cluster will be in. Possible values are + false for standalone mode and true for distributed mode. If + false, startup will run all HBase and ZooKeeper daemons together + in the one JVM. + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.tmp.dir</name> + <value>/tmp/hbase-${user.name}</value> + <display-name>HBase tmp directory</display-name> + <description>Temporary directory on the local filesystem. + Change this setting to point to a location more permanent + than '/tmp' (The '/tmp' directory is often cleared on + machine restart). + </description> + <value-attributes> + <type>directory</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.local.dir</name> + <value>${hbase.tmp.dir}/local</value> + <description>Directory on the local filesystem to be used as a local storage + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.master.info.bindAddress</name> + <value>0.0.0.0</value> + <description>The bind address for the HBase Master web UI + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.handler.count</name> + <value>30</value> + <description> + Count of RPC Listener instances spun up on RegionServers. + Same property is used by the Master for count of master handlers. + </description> + <display-name>Number of Handlers per RegionServer</display-name> + <value-attributes> + <type>int</type> + <minimum>5</minimum> + <maximum>240</maximum> + <increment-step>1</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.majorcompaction</name> + <value>604800000</value> + <description> + Time between major compactions. Set to 0 to disable automatic major compactions. + </description> + <display-name>Major Compaction Interval</display-name> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + <maximum>2592000000</maximum> + <unit>milliseconds</unit> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>hbase.hregion.memstore.block.multiplier</name> + <value>4</value> + <description> + Block updates if a memstore's size spikes this many times above the size that would cause it to be flushed. + Useful to prevent runaway memstores during a sudden spike in update traffic. + </description> + <display-name>Per-Column Family Memstore Block Multiplier</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <value>2</value> + </entry> + <entry> + <value>4</value> + </entry> + <entry> + <value>8</value> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.memstore.flush.size</name> + <value>134217728</value> + <description> + The size of an individual memstore. Each column familiy within each region is allocated its own memstore. + </description> + <display-name>Memstore Flush Size</display-name> + <value-attributes> + <type>int</type> + <minimum>33554432</minimum> + <maximum>268435456</maximum> + <increment-step>1048576</increment-step> + <unit>B</unit> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.memstore.mslab.enabled</name> + <value>true</value> + <description> + Enables the MemStore-Local Allocation Buffer, + a feature which works to prevent heap fragmentation under + heavy write loads. This can reduce the frequency of stop-the-world + GC pauses on large heaps. + </description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.max.filesize</name> + <value>10737418240</value> + <description> + Maximum HFile size. If the sum of the sizes of a region's HFiles has grown to exceed this + value, the region is split in two. + </description> + <display-name>Maximum Region File Size</display-name> + <value-attributes> + <type>int</type> + <minimum>1073741824</minimum> + <maximum>107374182400</maximum> + <unit>B</unit> + <increment-step>1073741824</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.client.scanner.caching</name> + <value>100</value> + <description>Number of rows that will be fetched when calling next + on a scanner if it is not served from (local, client) memory. Higher + caching values will enable faster scanners but will eat up more memory + and some calls of next may take longer and longer times when the cache is empty. + Do not set this value such that the time between invocations is greater + than the scanner timeout; i.e. hbase.regionserver.lease.period + </description> + <display-name>Number of Fetched Rows when Scanning from Disk</display-name> + <value-attributes> + <type>int</type> + <minimum>100</minimum> + <maximum>10000</maximum> + <increment-step>100</increment-step> + <unit>rows</unit> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>zookeeper.session.timeout</name> + <value>90000</value> + <description>ZooKeeper session timeout. + ZooKeeper session timeout in milliseconds. It is used in two different ways. + First, this value is used in the ZK client that HBase uses to connect to the ensemble. + It is also used by HBase when it starts a ZK server and it is passed as the 'maxSessionTimeout'. See + http://hadoop.apache.org/zookeeper/docs/current/zookeeperProgrammers.html#ch_zkSessions. + For example, if a HBase region server connects to a ZK ensemble that's also managed by HBase, then the + session timeout will be the one specified by this configuration. But, a region server that connects + to an ensemble managed with a different configuration will be subjected that ensemble's maxSessionTimeout. So, + even though HBase might propose using 90 seconds, the ensemble can have a max timeout lower than this and + it will take precedence. + </description> + <display-name>Zookeeper Session Timeout</display-name> + <value-attributes> + <type>int</type> + <minimum>10000</minimum> + <maximum>180000</maximum> + <unit>milliseconds</unit> + <increment-step>10000</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.client.keyvalue.maxsize</name> + <value>1048576</value> + <description> + Specifies the combined maximum allowed size of a KeyValue + instance. This is to set an upper boundary for a single entry saved in a + storage file. Since they cannot be split it helps avoiding that a region + cannot be split any further because the data is too large. It seems wise + to set this to a fraction of the maximum region size. Setting it to zero + or less disables the check. + </description> + <display-name>Maximum Record Size</display-name> + <value-attributes> + <type>int</type> + <minimum>1048576</minimum> + <maximum>31457280</maximum> + <unit>B</unit> + <increment-step>262144</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hstore.compactionThreshold</name> + <value>3</value> + <description> + The maximum number of StoreFiles which will be selected for a single minor + compaction, regardless of the number of eligible StoreFiles. Effectively, the value of + hbase.hstore.compaction.max controls the length of time it takes a single compaction to + complete. Setting it larger means that more StoreFiles are included in a compaction. For most + cases, the default value is appropriate. + </description> + <display-name>Maximum Store Files before Minor Compaction</display-name> + <value-attributes> + <type>int</type> + <entries> + <entry> + <value>2</value> + </entry> + <entry> + <value>3</value> + </entry> + <entry> + <value>4</value> + </entry> + </entries> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hstore.flush.retries.number</name> + <value>120</value> + <description> + The number of times the region flush operation will be retried. + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hstore.blockingStoreFiles</name> + <display-name>hstore blocking storefiles</display-name> + <value>10</value> + <description> + If more than this number of StoreFiles in any one Store + (one StoreFile is written per flush of MemStore) then updates are + blocked for this HRegion until a compaction is completed, or + until hbase.hstore.blockingWaitTime has been exceeded. + </description> + <value-attributes> + <type>int</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hfile.block.cache.size</name> + <value>0.40</value> + <description>Percentage of RegionServer memory to allocate to read buffers.</description> + <display-name>% of RegionServer Allocated to Read Buffers</display-name> + <value-attributes> + <type>float</type> + <minimum>0</minimum> + <maximum>0.8</maximum> + <increment-step>0.01</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <!-- Additional configuration specific to HBase security --> + <property> + <name>hbase.superuser</name> + <value>hbase</value> + <description>List of users or groups (comma-separated), who are allowed + full privileges, regardless of stored ACLs, across the cluster. + Only used when HBase security is enabled. + </description> + <depends-on> + <property> + <type>hbase-env</type> + <name>hbase_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.security.authentication</name> + <value>simple</value> + <description> + Select Simple or Kerberos authentication. Note: Kerberos must be set up before the Kerberos option will take effect. + </description> + <display-name>Enable Authentication</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <label>Simple</label> + <value>simple</value> + </entry> + <entry> + <label>Kerberos</label> + <value>kerberos</value> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.security.authorization</name> + <value>false</value> + <description> Set Authorization Method.</description> + <display-name>Enable Authorization</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>Native</label> + </entry> + <entry> + <value>false</value> + <label>Off</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.coprocessor.region.classes</name> + <value>org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint</value> + <description>A comma-separated list of Coprocessors that are loaded by + default on all tables. For any override coprocessor method, these classes + will be called in order. After implementing your own Coprocessor, just put + it in HBase's classpath and add the fully qualified class name here. + A coprocessor can also be loaded on demand by setting HTableDescriptor. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-site</type> + <name>hbase.security.authorization</name> + </property> + <property> + <type>hbase-site</type> + <name>hbase.security.authentication</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.coprocessor.master.classes</name> + <value/> + <description>A comma-separated list of + org.apache.hadoop.hbase.coprocessor.MasterObserver coprocessors that are + loaded by default on the active HMaster process. For any implemented + coprocessor methods, the listed classes will be called in order. After + implementing your own MasterObserver, just put it in HBase's classpath + and add the fully qualified class name here. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-site</type> + <name>hbase.security.authorization</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.zookeeper.property.clientPort</name> + <value>2181</value> + <description>Property from ZooKeeper's config zoo.cfg. + The port at which the clients will connect. + </description> + <on-ambari-upgrade add="true"/> + </property> + <!-- + The following three properties are used together to create the list of + host:peer_port:leader_port quorum servers for ZooKeeper. + --> + <property> + <name>hbase.zookeeper.quorum</name> + <value>localhost</value> + <description>Comma separated list of servers in the ZooKeeper Quorum. + For example, "host1.mydomain.com,host2.mydomain.com,host3.mydomain.com". + By default this is set to localhost for local and pseudo-distributed modes + of operation. For a fully-distributed setup, this should be set to a full + list of ZooKeeper quorum servers. If HBASE_MANAGES_ZK is set in hbase-env.sh + this is the list of servers which we will start/stop ZooKeeper on. + </description> + <value-attributes> + <type>multiLine</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <!-- End of properties used to generate ZooKeeper host:port quorum list. --> + <property> + <name>hbase.zookeeper.useMulti</name> + <value>true</value> + <description>Instructs HBase to make use of ZooKeeper's multi-update functionality. + This allows certain ZooKeeper operations to complete more quickly and prevents some issues + with rare Replication failure scenarios (see the release note of HBASE-2611 for an example).· + IMPORTANT: only set this to true if all ZooKeeper servers in the cluster are on version 3.4+ + and will not be downgraded. ZooKeeper versions before 3.4 do not support multi-update and will + not fail gracefully if multi-update is invoked (see ZOOKEEPER-1495). + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>zookeeper.znode.parent</name> + <value>/hbase-unsecure</value> + <description>Root ZNode for HBase in ZooKeeper. All of HBase's ZooKeeper + files that are configured with a relative path will go under this node. + By default, all of HBase's ZooKeeper file path are configured with a + relative path, so they will all go under this directory unless changed. + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.client.retries.number</name> + <value>35</value> + <description>Maximum retries. Used as maximum for all retryable + operations such as the getting of a cell's value, starting a row update, + etc. Retry interval is a rough function based on hbase.client.pause. At + first we retry at this interval but then with backoff, we pretty quickly reach + retrying every ten seconds. See HConstants#RETRY_BACKOFF for how the backup + ramps up. Change this setting and hbase.client.pause to suit your workload.</description> + <display-name>Maximum Client Retries</display-name> + <value-attributes> + <type>int</type> + <minimum>5</minimum> + <maximum>50</maximum> + <increment-step>1</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.rpc.timeout</name> + <value>90000</value> + <description> + This is for the RPC layer to define how long HBase client applications + take for a remote call to time out. It uses pings to check connections + but will eventually throw a TimeoutException. + </description> + <display-name>HBase RPC Timeout</display-name> + <value-attributes> + <type>int</type> + <minimum>10000</minimum> + <maximum>180000</maximum> + <unit>milliseconds</unit> + <increment-step>10000</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.defaults.for.version.skip</name> + <value>true</value> + <description>Disables version verification.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>phoenix.query.timeoutMs</name> + <value>60000</value> + <description>Number of milliseconds after which a Phoenix query will timeout on the client.</description> + <display-name>Phoenix Query Timeout</display-name> + <value-attributes> + <type>int</type> + <minimum>30000</minimum> + <maximum>180000</maximum> + <unit>milliseconds</unit> + <increment-step>10000</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>dfs.domain.socket.path</name> + <value>/var/lib/hadoop-hdfs/dn_socket</value> + <description>Path to domain socket.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.rpc.protection</name> + <value>authentication</value> + <on-ambari-upgrade add="true"/> + </property> + + <!-- These properties exist in HDP 2.3 and higher. --> + <property> + <name>hbase.master.port</name> + <value>16000</value> + <display-name>HBase Master Port</display-name> + <description>The port the HBase Master should bind to.</description> + <value-attributes> + <overridable>false</overridable> + <type>int</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.master.info.port</name> + <value>16010</value> + <description>The port for the HBase Master web UI.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.port</name> + <value>16020</value> + <description>The port the HBase RegionServer binds to.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.info.port</name> + <value>16030</value> + <description>The port for the HBase RegionServer web UI.</description> + <on-ambari-upgrade add="true"/> + </property> + + + <!-- These properties exist in HDP 2.5 and higher. --> + <property> + <name>hbase.master.ui.readonly</name> + <value>false</value> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>zookeeper.recovery.retry</name> + <value>6</value> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100644 index 0000000..e518ea0 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,122 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <!-- These properties exist in HDP 2.5 and higher. --> + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description>Is Audit enabled?</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs</name> + <value>true</value> + <display-name>Audit to HDFS</display-name> + <description>Is Audit to HDFS enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.dir</name> + <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> + <value>/var/log/hbase/audit/hdfs/spool</value> + <description>/var/log/hbase/audit/hdfs/spool</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr</name> + <value>false</value> + <display-name>Audit to SOLR</display-name> + <description>Is Solr audit enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.urls</name> + <value/> + <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.zookeepers</name> + <value>NONE</value> + <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.batch.filespool.dir</name> + <value>/var/log/hbase/audit/solr/spool</value> + <description>/var/log/hbase/audit/solr/spool</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.provider.summary.enabled</name> + <value>true</value> + <display-name>Audit provider summary enabled</display-name> + <description>Enable Summary audit?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml new file mode 100644 index 0000000..c761b26 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml @@ -0,0 +1,66 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description>password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description>java truststore password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java keystore credential file</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java truststore credential file</description> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml new file mode 100644 index 0000000..1deb9e5 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml @@ -0,0 +1,68 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>ranger.plugin.hbase.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing HBase policies</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.rest.ssl.config.file</name> + <value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.hbase.update.xapolicies.on.grant.revoke</name> + <value>true</value> + <display-name>Should HBase GRANT/REVOKE update XA policies</display-name> + <description>Should HBase plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/6e8d3458/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json new file mode 100644 index 0000000..9ed40ef --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json @@ -0,0 +1,159 @@ +{ + "services": [ + { + "name": "HBASE", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "hbase", + "principal": { + "value": "${hbase-env/hbase_user}-${cluster_name|toLower()}@${realm}", + "type" : "user", + "configuration": "hbase-env/hbase_principal_name", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.headless.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "hbase-env/hbase_user_keytab" + } + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "hbase-site": { + "hbase.security.authentication": "kerberos", + "hbase.security.authorization": "true", + "zookeeper.znode.parent": "/hbase-secure", + "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}", + "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}", + "hbase.coprocessor.regionserver.classes": "{{hbase_coprocessor_regionserver_classes}}", + "hbase.bulkload.staging.dir": "/apps/hbase/staging", + "hbase.master.ui.readonly": "true" + } + }, + { + "ranger-hbase-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "HBASE_MASTER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "hbase_master_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.master.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.master.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + } + }, + { + "name": "/HBASE/HBASE_MASTER/hbase_master_hbase", + "principal": { + "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ] + }, + { + "name": "HBASE_REGIONSERVER", + "identities": [ + { + "name": "hbase_regionserver_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.regionserver.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.regionserver.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + } + } + ] + }, + { + "name": "PHOENIX_QUERY_SERVER", + "identities": [ + { + "name": "phoenix_spnego", + "reference": "/spnego", + "principal": { + "configuration": "hbase-site/phoenix.queryserver.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/phoenix.queryserver.keytab.file" + } + } + ] + } + ] + } + ] +}
