http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/utils.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/utils.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/utils.py new file mode 100644 index 0000000..199e6d7 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/utils.py @@ -0,0 +1,105 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +def get_property_value(dictionary, property_name, default_value=None, trim_string=False, + empty_value=""): + """ + Get a property value from a dictionary, applying applying rules as necessary. + + If dictionary does not contain a value for property_name or the value for property_name is None, + null_value is used as the value to return. Then, if trim_string is True and the value is None + or the value is an empty string, empty_value will be return else the (current) value is returned. + + Note: the property value will most likely be a string or a unicode string, however in the event + it is not (for example a number), this method will behave properly and return the value as is. + + :param dictionary: a dictionary of values + :param property_name: the name of a dictionary item to retrieve + :param default_value: the value to use if the item is not in the dictionary or the value of the item is None + :param trim_string: a Boolean value indicating whether to strip whitespace from the value (True) or not (False) + :param empty_value: the value to use if the (current) value is None or an empty string, if trim_string is True + :return: the requested property value with rules applied + """ + # If property_name is not in the dictionary, set value to null_value + if property_name in dictionary: + value = dictionary[property_name] + if value is None: + value = default_value + else: + value = default_value + + if trim_string: + # If the value is none, consider it empty... + if value is None: + value = empty_value + elif (type(value) == str) or (type(value) == unicode): + value = value.strip() + + if len(value) == 0: + value = empty_value + + return value + +def get_unstructured_data(dictionary, property_name): + prefix = property_name + '/' + prefix_len = len(prefix) + return dict((k[prefix_len:], v) for k, v in dictionary.iteritems() if k.startswith(prefix)) + +def split_host_and_port(host): + """ + Splits a string into its host and port components + + :param host: a string matching the following pattern: <host name | ip address>[:port] + :return: a Dictionary containing 'host' and 'port' entries for the input value + """ + + if host is None: + host_and_port = None + else: + host_and_port = {} + parts = host.split(":") + + if parts is not None: + length = len(parts) + + if length > 0: + host_and_port['host'] = parts[0] + + if length > 1: + host_and_port['port'] = int(parts[1]) + + return host_and_port + +def set_port(host, port): + """ + Sets the port for a host specification, potentially replacing an existing port declaration + + :param host: a string matching the following pattern: <host name | ip address>[:port] + :param port: a string or integer declaring the (new) port + :return: a string declaring the new host/port specification + """ + if port is None: + return host + else: + host_and_port = split_host_and_port(host) + + if (host_and_port is not None) and ('host' in host_and_port): + return "%s:%s" % (host_and_port['host'], port) + else: + return host
http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 new file mode 100644 index 0000000..0191953 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 @@ -0,0 +1,54 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +[libdefaults] + renew_lifetime = 7d + forwardable = true + default_realm = {{realm}} + ticket_lifetime = 24h + dns_lookup_realm = false + dns_lookup_kdc = false + default_ccache_name = /tmp/krb5cc_%{uid} + #default_tgs_enctypes = {{encryption_types}} + #default_tkt_enctypes = {{encryption_types}} +{% if domains %} +[domain_realm] +{%- for domain in domains.split(',') %} + {{domain|trim()}} = {{realm}} +{%- endfor %} +{% endif %} +[logging] + default = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + kdc = FILE:/var/log/krb5kdc.log + +[realms] + {{realm}} = { +{%- if kdc_hosts > 0 -%} +{%- set kdc_host_list = kdc_hosts.split(',') -%} +{%- if kdc_host_list and kdc_host_list|length > 0 %} + admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} +{%- if kdc_host_list -%} +{% for kdc_host in kdc_host_list %} + kdc = {{kdc_host|trim()}} +{%- endfor -%} +{% endif %} +{%- endif %} +{%- endif %} + } + +{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/configuration/sleepy-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/configuration/sleepy-site.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/configuration/sleepy-site.xml index 67762a5..5b6f2f6 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/configuration/sleepy-site.xml +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/configuration/sleepy-site.xml @@ -33,4 +33,16 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>sleepy_user</name> + <display-name>sleepy User</display-name> + <value>sleepy</value> + <property-type>USER</property-type> + <description>sleepy Username.</description> + <value-attributes> + <type>user</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/kerberos.json new file mode 100644 index 0000000..45e33f5 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/kerberos.json @@ -0,0 +1,78 @@ +{ + "services": [ + { + "name": "SLEEPY", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "sleepy", + "principal": { + "value": "${sleepy-site/sleepy_user}-${cluster_name|toLower()}@${realm}", + "type" : "user", + "configuration": "sleepy-site/sleepy_principal_name", + "local_username": "${sleepy-site/sleepy_user}" + }, + "keytab": { + "file": "${keytab_dir}/sleepy.headless.keytab", + "owner": { + "name": "${sleepy-site/sleepy_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "sleepy-site/sleepy_user_keytab" + } + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + ], + "components": [ + { + "name": "SLEEPY", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "sleepy_sleepy", + "principal": { + "value": "sleepy/_HOST@${realm}", + "type" : "service", + "configuration": "sleepy-site/sleepy.sleepy.kerberos.principal", + "local_username": "${sleepy-site/sleepy_user}" + }, + "keytab": { + "file": "${keytab_dir}/sleepy.service.keytab", + "owner": { + "name": "${sleepy-site/sleepy_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "sleepy-site/sleepy.sleepy.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "sleepy-site/sleepy.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "sleepy-site/sleepy.security.authentication.spnego.kerberos.keytab" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/package/scripts/dwarf.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/package/scripts/dwarf.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/package/scripts/dwarf.py index 370d03d..699e35b 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/package/scripts/dwarf.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/package/scripts/dwarf.py @@ -33,6 +33,10 @@ class Sleepy(Dummy): def __init__(self): super(Sleepy, self).__init__() self.component_name = "SLEEPY" + self.principal_conf_name = "sleepy-site" + self.principal_name = "sleepy.sleepy.kerberos.principal" + self.keytab_conf_name = "sleepy-site" + self.keytab_name = "sleepy.sleepy.keytab.file" if __name__ == "__main__": Sleepy().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/configuration/snow-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/configuration/snow-site.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/configuration/snow-site.xml index 67762a5..dfad0ac 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/configuration/snow-site.xml +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/configuration/snow-site.xml @@ -33,4 +33,16 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>snow_user</name> + <display-name>snow User</display-name> + <value>snow</value> + <property-type>USER</property-type> + <description>snow Username.</description> + <value-attributes> + <type>user</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/kerberos.json new file mode 100644 index 0000000..47a979a8 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/kerberos.json @@ -0,0 +1,78 @@ +{ + "services": [ + { + "name": "SNOW", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "snow", + "principal": { + "value": "${snow-site/snow_user}-${cluster_name|toLower()}@${realm}", + "type" : "user", + "configuration": "snow-site/snow_principal_name", + "local_username": "${snow-site/snow_user}" + }, + "keytab": { + "file": "${keytab_dir}/snow.headless.keytab", + "owner": { + "name": "${snow-site/snow_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "r" + }, + "configuration": "snow-site/snow_user_keytab" + } + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + ], + "components": [ + { + "name": "SNOW_WHITE", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "snow_white_snow", + "principal": { + "value": "snow/_HOST@${realm}", + "type" : "service", + "configuration": "snow-site/snow.white.kerberos.principal", + "local_username": "${snow-site/snow_user}" + }, + "keytab": { + "file": "${keytab_dir}/snow.service.keytab", + "owner": { + "name": "${snow-site/snow_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "snow-site/snow.white.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "snow-site/snow.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "snow-site/snow.security.authentication.spnego.kerberos.keytab" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/package/scripts/snow_white.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/package/scripts/snow_white.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/package/scripts/snow_white.py index 41bfa8a..df2b81d 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/package/scripts/snow_white.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/package/scripts/snow_white.py @@ -33,6 +33,10 @@ class SnowWhite(Dummy): def __init__(self): super(SnowWhite, self).__init__() self.component_name = "SNOW_WHITE" + self.principal_conf_name = "snow-site" + self.principal_name = "snow.white.kerberos.principal" + self.keytab_conf_name = "snow-site" + self.keytab_name = "snow.white.keytab.file" if __name__ == "__main__": SnowWhite().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/application_timeline_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/application_timeline_server.py index 4b32de7..d179b1f 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/application_timeline_server.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/application_timeline_server.py @@ -33,6 +33,10 @@ class ApplicationTimelineServer(Dummy): def __init__(self): super(ApplicationTimelineServer, self).__init__() self.component_name = "APP_TIMELINE_SERVER" + self.principal_conf_name = "yarn-site" + self.principal_name = "yarn.timeline-service.principal" + self.keytab_conf_name = "yarn-site" + self.keytab_name = "yarn.timeline-service.keytab" if __name__ == "__main__": ApplicationTimelineServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/historyserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/historyserver.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/historyserver.py index cba85b5..0570987 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/historyserver.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/historyserver.py @@ -33,6 +33,10 @@ class HistoryServer(Dummy): def __init__(self): super(HistoryServer, self).__init__() self.component_name = "HISTORYSERVER" + self.principal_conf_name = "mapred-site" + self.principal_name = "mapreduce.jobhistory.principal" + self.keytab_conf_name = "mapred-site" + self.keytab_name = "mapreduce.jobhistory.keytab" if __name__ == "__main__": HistoryServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/nodemanager.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/nodemanager.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/nodemanager.py index 883c3ad..21db94f 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/nodemanager.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/nodemanager.py @@ -33,6 +33,10 @@ class Nodemanager(Dummy): def __init__(self): super(Nodemanager, self).__init__() self.component_name = "NODEMANAGER" + self.principal_conf_name = "yarn-site" + self.principal_name = "yarn.nodemanager.principal" + self.keytab_conf_name = "yarn-site" + self.keytab_name = "yarn.nodemanager.keytab" if __name__ == "__main__": Nodemanager().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/resourcemanager.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/resourcemanager.py index 7f80077..5f6c535 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/resourcemanager.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/YARN/package/scripts/resourcemanager.py @@ -33,6 +33,10 @@ class Resourcemanager(Dummy): def __init__(self): super(Resourcemanager, self).__init__() self.component_name = "RESOURCEMANAGER" + self.principal_conf_name = "yarn-site" + self.principal_name = "yarn.resourcemanager.principal" + self.keytab_conf_name = "yarn-site" + self.keytab_name = "yarn.resourcemanager.keytab" def decommission(self, env): print "Decommission" http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/kerberos.json new file mode 100644 index 0000000..0a64ea5 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/kerberos.json @@ -0,0 +1,39 @@ +{ + "services": [ + { + "name": "ZOOKEEPER", + "identities": [ + { + "name": "/smokeuser" + } + ], + "components": [ + { + "name": "ZOOKEEPER_SERVER", + "identities": [ + { + "name": "zookeeper_zk", + "principal": { + "value": "zookeeper/_HOST@${realm}", + "type" : "service", + "configuration": "zookeeper-env/zookeeper_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/zk.service.keytab", + "owner": { + "name": "${zookeeper-env/zk_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "zookeeper-env/zookeeper_keytab_path" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/338c2c5b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/package/scripts/zookeeper_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/package/scripts/zookeeper_server.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/package/scripts/zookeeper_server.py index 92519ba..6ab88bb 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/package/scripts/zookeeper_server.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/ZOOKEEPER/package/scripts/zookeeper_server.py @@ -33,6 +33,10 @@ class ZookeeperServer(Dummy): def __init__(self): super(ZookeeperServer, self).__init__() self.component_name = "ZOOKEEPER_SERVER" + self.principal_conf_name = "zookeeper-env" + self.principal_name = "zookeeper_principal_name" + self.keytab_conf_name = "zookeeper-env" + self.keytab_name = "zookeeper_keytab_path" if __name__ == "__main__": ZookeeperServer().execute()
