http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml new file mode 100644 index 0000000..fd41817 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml @@ -0,0 +1,217 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <!-- These configs were inherited from HDP 2.3 --> + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description>Is Audit enabled?</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db</name> + <value>false</value> + <display-name>Audit to DB</display-name> + <description>Is Audit to DB enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <value>{{audit_jdbc_url}}</value> + <description>Audit DB JDBC URL</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.user</name> + <value>{{xa_audit_db_user}}</value> + <description>Audit DB JDBC User</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.password</name> + <value>crypted</value> + <property-type>PASSWORD</property-type> + <description>Audit DB JDBC Password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <value>{{jdbc_driver}}</value> + <description>Audit DB JDBC Driver</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file{{credential_file}}</value> + <description>Credential file store</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <value>/var/log/hadoop/hdfs/audit/db/spool</value> + <description>/var/log/hadoop/hdfs/audit/db/spool</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs</name> + <value>true</value> + <display-name>Audit to HDFS</display-name> + <description>Is Audit to HDFS enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.dir</name> + <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> + <value>/var/log/hadoop/hdfs/audit/hdfs/spool</value> + <description>/var/log/hadoop/hdfs/audit/hdfs/spool</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr</name> + <value>false</value> + <display-name>Audit to SOLR</display-name> + <description>Is Solr audit enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.urls</name> + <value/> + <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.zookeepers</name> + <value>NONE</value> + <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr.batch.filespool.dir</name> + <value>/var/log/hadoop/hdfs/audit/solr/spool</value> + <description>/var/log/hadoop/hdfs/audit/solr/spool</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.provider.summary.enabled</name> + <value>false</value> + <display-name>Audit provider summary enabled</display-name> + <description>Enable Summary audit?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <!-- These configs are deleted in HDP 2.5. --> + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + +</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml new file mode 100644 index 0000000..b31742c --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + <!-- These configs were inherited from HDP 2.2 --> + <property> + <name>policy_user</name> + <value>ambari-qa</value> + <display-name>Policy user for HDFS</display-name> + <description>This user must be system user and also present at Ranger + admin portal</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>hadoop.rpc.protection</name> + <value/> + <description>Used for repository creation on ranger admin + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>common.name.for.certificate</name> + <value/> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-hdfs-plugin-enabled</name> + <value>No</value> + <display-name>Enable Ranger for HDFS</display-name> + <description>Enable ranger hdfs plugin</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>ranger-hdfs-plugin-enabled</name> + </property> + </depends-on> + <value-attributes> + <type>boolean</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>REPOSITORY_CONFIG_USERNAME</name> + <value>hadoop</value> + <display-name>Ranger repository config user</display-name> + <description>Used for repository creation on ranger admin + </description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>REPOSITORY_CONFIG_PASSWORD</name> + <value>hadoop</value> + <display-name>Ranger repository config password</display-name> + <property-type>PASSWORD</property-type> + <description>Used for repository creation on ranger admin + </description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <!-- These configs were inherited from HDP 2.5 --> + <property> + <name>hadoop.rpc.protection</name> + <value>authentication</value> + <description>Used for repository creation on ranger admin</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false" /> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml new file mode 100644 index 0000000..de3fcd6 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml @@ -0,0 +1,67 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <!-- These configs were inherited from HDP 2.3 --> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>{{stack_root}}/current/hadoop-client/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description>password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>{{stack_root}}/current/hadoop-client/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description>java truststore password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java keystore credential file</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java truststore credential file</description> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml new file mode 100644 index 0000000..1b0a821 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml @@ -0,0 +1,65 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <!-- These configs were inherited from HDP 2.3 --> + <property> + <name>ranger.plugin.hdfs.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing Hdfs policies</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hdfs.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hdfs.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name> + <value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hdfs.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.plugin.hdfs.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.add-hadoop-authorization</name> + <value>true</value> + <description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml new file mode 100644 index 0000000..6ec064a --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml @@ -0,0 +1,70 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.client.truststore.location</name> + <value>/etc/security/clientKeys/all.jks</value> + <description>Location of the trust store file.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.truststore.password</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Password to open the trust store file.</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.truststore.reload.interval</name> + <value>10000</value> + <description>Truststore reload interval, in milliseconds.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.keystore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.keystore.location</name> + <value>/etc/security/clientKeys/keystore.jks</value> + <description>Location of the keystore file.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.client.keystore.password</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Password to open the keystore file.</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml new file mode 100644 index 0000000..5d2745f --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>ssl.server.truststore.location</name> + <value>/etc/security/serverKeys/all.jks</value> + <description>Location of the trust store file.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.truststore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.truststore.password</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Password to open the trust store file.</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.truststore.reload.interval</name> + <value>10000</value> + <description>Truststore reload interval, in milliseconds.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.keystore.type</name> + <value>jks</value> + <description>Optional. Default value is "jks".</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.keystore.location</name> + <value>/etc/security/serverKeys/keystore.jks</value> + <description>Location of the keystore file.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.keystore.password</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Password to open the keystore file.</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ssl.server.keystore.keypassword</name> + <value>bigdata</value> + <property-type>PASSWORD</property-type> + <description>Password for private key in keystore file.</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json new file mode 100644 index 0000000..1dd801b --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json @@ -0,0 +1,246 @@ +{ + "services": [ + { + "name": "HDFS", + "identities": [ + { + "name": "/spnego", + "principal": { + "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal" + }, + "keytab": { + "configuration": "hdfs-site/dfs.web.authentication.kerberos.keytab" + } + }, + { + "name": "/smokeuser" + } + ], + "auth_to_local_properties" : [ + "core-site/hadoop.security.auth_to_local" + ], + "configurations": [ + { + "core-site": { + "hadoop.security.authentication": "kerberos", + "hadoop.security.authorization": "true", + "hadoop.proxyuser.HTTP.groups": "${hadoop-env/proxyuser_group}" + } + }, + { + "ranger-hdfs-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "HDFS_CLIENT", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + } + ] + }, + { + "name": "NAMENODE", + "identities": [ + { + "name": "hdfs", + "principal": { + "value": "${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}", + "type" : "user" , + "configuration": "hadoop-env/hdfs_principal_name", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/hdfs.headless.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hadoop-env/hdfs_user_keytab" + } + }, + { + "name": "namenode_nn", + "principal": { + "value": "nn/_HOST@${realm}", + "type" : "service", + "configuration": "hdfs-site/dfs.namenode.kerberos.principal", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/nn.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hdfs-site/dfs.namenode.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal" + } + }, + { + "name": "/HDFS/NAMENODE/namenode_nn", + "principal": { + "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ], + "configurations": [ + { + "hdfs-site": { + "dfs.block.access.token.enable": "true" + } + } + ] + }, + { + "name": "DATANODE", + "identities": [ + { + "name": "datanode_dn", + "principal": { + "value": "dn/_HOST@${realm}", + "type" : "service", + "configuration": "hdfs-site/dfs.datanode.kerberos.principal", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/dn.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hdfs-site/dfs.datanode.keytab.file" + } + } + ], + "configurations" : [ + { + "hdfs-site" : { + "dfs.datanode.address" : "0.0.0.0:1019", + "dfs.datanode.http.address": "0.0.0.0:1022" + } + } + ] + }, + { + "name": "SECONDARY_NAMENODE", + "identities": [ + { + "name": "secondary_namenode_nn", + "principal": { + "value": "nn/_HOST@${realm}", + "type" : "service", + "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/nn.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal" + } + } + ] + }, + { + "name": "NFS_GATEWAY", + "identities": [ + { + "name": "nfsgateway", + "principal": { + "value": "nfs/_HOST@${realm}", + "type" : "service", + "configuration": "hdfs-site/nfs.kerberos.principal", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/nfs.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hdfs-site/nfs.keytab.file" + } + } + ] + }, + { + "name": "JOURNALNODE", + "identities": [ + { + "name": "journalnode_jn", + "principal": { + "value": "jn/_HOST@${realm}", + "type" : "service", + "configuration": "hdfs-site/dfs.journalnode.kerberos.principal", + "local_username" : "${hadoop-env/hdfs_user}" + }, + "keytab": { + "file": "${keytab_dir}/jn.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hdfs-site/dfs.journalnode.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/7df6bba4/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml new file mode 100644 index 0000000..967c974 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml @@ -0,0 +1,405 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<metainfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <schemaVersion>2.0</schemaVersion> + <services> + <service> + <name>HDFS</name> + <displayName>HDFS</displayName> + <comment>Apache Hadoop Distributed File System</comment> + <version>3.0.0.3.0</version> + + <components> + <component> + <name>NAMENODE</name> + <displayName>NameNode</displayName> + <category>MASTER</category> + <cardinality>1-2</cardinality> + <versionAdvertised>true</versionAdvertised> + <reassignAllowed>true</reassignAllowed> + <dependencies> + <dependency> + <name>HDFS/ZKFC</name> + <scope>host</scope> + <auto-deploy> + <enabled>false</enabled> + </auto-deploy> + <conditions> + <condition xsi:type="propertyExists"> + <configType>hdfs-site</configType> + <property>dfs.nameservices</property> + </condition> + </conditions> + </dependency> + <dependency> + <name>ZOOKEEPER/ZOOKEEPER_SERVER</name> + <scope>host</scope> + <auto-deploy> + <enabled>false</enabled> + </auto-deploy> + <conditions> + <condition xsi:type="propertyExists"> + <configType>hdfs-site</configType> + <property>dfs.nameservices</property> + </condition> + </conditions> + </dependency> + <dependency> + <name>HDFS/JOURNALNODE</name> + <scope>host</scope> + <auto-deploy> + <enabled>false</enabled> + </auto-deploy> + <conditions> + <condition xsi:type="propertyExists"> + <configType>hdfs-site</configType> + <property>dfs.nameservices</property> + </condition> + </conditions> + </dependency> + </dependencies> + <commandScript> + <script>scripts/namenode.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1800</timeout> + </commandScript> + <logs> + <log> + <logId>hdfs_namenode</logId> + <primary>true</primary> + </log> + <log> + <logId>hdfs_audit</logId> + </log> + </logs> + <customCommands> + <customCommand> + <name>DECOMMISSION</name> + <commandScript> + <script>scripts/namenode.py</script> + <scriptType>PYTHON</scriptType> + <timeout>600</timeout> + </commandScript> + </customCommand> + <customCommand> + <name>REBALANCEHDFS</name> + <background>true</background> + <commandScript> + <script>scripts/namenode.py</script> + <scriptType>PYTHON</scriptType> + </commandScript> + </customCommand> + </customCommands> + </component> + + <component> + <name>DATANODE</name> + <displayName>DataNode</displayName> + <category>SLAVE</category> + <cardinality>1+</cardinality> + <versionAdvertised>true</versionAdvertised> + <decommissionAllowed>true</decommissionAllowed> + <commandScript> + <script>scripts/datanode.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <bulkCommands> + <displayName>DataNodes</displayName> + <!-- Used by decommission and recommission --> + <masterComponent>NAMENODE</masterComponent> + </bulkCommands> + <logs> + <log> + <logId>hdfs_datanode</logId> + <primary>true</primary> + </log> + </logs> + </component> + + <component> + <name>SECONDARY_NAMENODE</name> + <displayName>SNameNode</displayName> + <!-- TODO: cardinality is conditional on HA usage --> + <cardinality>1</cardinality> + <versionAdvertised>true</versionAdvertised> + <reassignAllowed>true</reassignAllowed> + <category>MASTER</category> + <commandScript> + <script>scripts/snamenode.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <logs> + <log> + <logId>hdfs_secondarynamenode</logId> + <primary>true</primary> + </log> + </logs> + </component> + + <component> + <name>HDFS_CLIENT</name> + <displayName>HDFS Client</displayName> + <category>CLIENT</category> + <cardinality>1+</cardinality> + <versionAdvertised>true</versionAdvertised> + <commandScript> + <script>scripts/hdfs_client.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <configFiles> + <configFile> + <type>xml</type> + <fileName>hdfs-site.xml</fileName> + <dictionaryName>hdfs-site</dictionaryName> + </configFile> + <configFile> + <type>xml</type> + <fileName>core-site.xml</fileName> + <dictionaryName>core-site</dictionaryName> + </configFile> + <configFile> + <type>env</type> + <fileName>log4j.properties</fileName> + <dictionaryName>hdfs-log4j,yarn-log4j</dictionaryName> + </configFile> + <configFile> + <type>env</type> + <fileName>hadoop-env.sh</fileName> + <dictionaryName>hadoop-env</dictionaryName> + </configFile> + </configFiles> + </component> + + <component> + <name>JOURNALNODE</name> + <displayName>JournalNode</displayName> + <category>SLAVE</category> + <cardinality>0+</cardinality> + <versionAdvertised>true</versionAdvertised> + <commandScript> + <script>scripts/journalnode.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <logs> + <log> + <logId>hdfs_journalnode</logId> + <primary>true</primary> + </log> + </logs> + <dependencies> + <dependency> + <name>HDFS/HDFS_CLIENT</name> + <scope>host</scope> + <auto-deploy> + <enabled>true</enabled> + </auto-deploy> + </dependency> + </dependencies> + </component> + + <component> + <name>ZKFC</name> + <displayName>ZKFailoverController</displayName> + <category>SLAVE</category> + <!-- TODO: cardinality is conditional on HA topology --> + <cardinality>0+</cardinality> + <versionAdvertised>true</versionAdvertised> + <commandScript> + <script>scripts/zkfc_slave.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <logs> + <log> + <logId>hdfs_zkfc</logId> + <primary>true</primary> + </log> + </logs> + </component> + + <component> + <name>NFS_GATEWAY</name> + <displayName>NFSGateway</displayName> + <cardinality>0+</cardinality> + <versionAdvertised>true</versionAdvertised> + <category>SLAVE</category> + <commandScript> + <script>scripts/nfsgateway.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1200</timeout> + </commandScript> + <dependencies> + <dependency> + <name>HDFS/HDFS_CLIENT</name> + <scope>host</scope> + <auto-deploy> + <enabled>true</enabled> + </auto-deploy> + </dependency> + </dependencies> + </component> + </components> + + <osSpecifics> + <osSpecific> + <osFamily>any</osFamily> + <packages> + <package> + <name>hadoop</name> + </package> + <package> + <name>hadoop-lzo</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + </packages> + </osSpecific> + + <osSpecific> + <osFamily>amazon2015,redhat6,redhat7,suse11</osFamily> + <packages> + <package> + <name>hadoop-client</name> + </package> + <package> + <name>snappy</name> + </package> + <package> + <name>snappy-devel</name> + </package> + <package> + <name>lzo</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + <package> + <name>hadoop-lzo-native</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + <package> + <name>hadoop-libhdfs</name> + </package> + </packages> + </osSpecific> + + <osSpecific> + <osFamily>suse12</osFamily> + <packages> + <package> + <name>hadoop-client</name> + </package> + <package> + <name>snappy</name> + </package> + <package> + <name>snappy-devel</name> + </package> + <package> + <name>liblzo2-2</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + <package> + <name>hadoop-lzo-native</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + <package> + <name>hadoop-libhdfs</name> + </package> + </packages> + </osSpecific> + + <osSpecific> + <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily> + <packages> + <package> + <name>hadoop-client</name> + </package> + <package> + <name>libsnappy1</name> + </package> + <package> + <name>libsnappy-dev</name> + </package> + <package> + <name>liblzo2-2</name> + <skipUpgrade>true</skipUpgrade> + <condition>should_install_lzo</condition> + </package> + <package> + <name>hadoop-hdfs</name> + </package> + <package> + <name>libhdfs0</name> + </package> + <package> + <name>libhdfs0-dev</name> + </package> + </packages> + </osSpecific> + </osSpecifics> + + <commandScript> + <script>scripts/service_check.py</script> + <scriptType>PYTHON</scriptType> + <timeout>300</timeout> + </commandScript> + + <requiredServices> + <service>ZOOKEEPER</service> + </requiredServices> + + <configuration-dependencies> + <config-type>core-site</config-type> + <config-type>hdfs-site</config-type> + <config-type>hadoop-env</config-type> + <config-type>hadoop-policy</config-type> + <config-type>hdfs-log4j</config-type> + <config-type>ranger-hdfs-plugin-properties</config-type> + <config-type>ssl-client</config-type> + <config-type>ssl-server</config-type> + <config-type>ranger-hdfs-audit</config-type> + <config-type>ranger-hdfs-policymgr-ssl</config-type> + <config-type>ranger-hdfs-security</config-type> + <config-type>ams-ssl-client</config-type> + <config-type>hadoop-metrics2.properties</config-type> + </configuration-dependencies> + <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange> + + <quickLinksConfigurations> + <quickLinksConfiguration> + <fileName>quicklinks.json</fileName> + <default>true</default> + </quickLinksConfiguration> + </quickLinksConfigurations> + + <themes> + <theme> + <fileName>theme.json</fileName> + <default>true</default> + </theme> + </themes> + </service> + </services> +</metainfo>
