http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml deleted file mode 100644 index fd41817..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml +++ /dev/null @@ -1,217 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- These configs were inherited from HDP 2.3 --> - <property> - <name>xasecure.audit.is.enabled</name> - <value>true</value> - <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db</name> - <value>false</value> - <display-name>Audit to DB</display-name> - <description>Is Audit to DB enabled?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.db</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.jdbc.url</name> - <value>{{audit_jdbc_url}}</value> - <description>Audit DB JDBC URL</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.user</name> - <value>{{xa_audit_db_user}}</value> - <description>Audit DB JDBC User</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.password</name> - <value>crypted</value> - <property-type>PASSWORD</property-type> - <description>Audit DB JDBC Password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.jdbc.driver</name> - <value>{{jdbc_driver}}</value> - <description>Audit DB JDBC Driver</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.credential.provider.file</name> - <value>jceks://file{{credential_file}}</value> - <description>Credential file store</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.batch.filespool.dir</name> - <value>/var/log/hadoop/hdfs/audit/db/spool</value> - <description>/var/log/hadoop/hdfs/audit/db/spool</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs</name> - <value>true</value> - <display-name>Audit to HDFS</display-name> - <description>Is Audit to HDFS enabled?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.hdfs</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs.dir</name> - <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.hdfs.dir</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> - <value>/var/log/hadoop/hdfs/audit/hdfs/spool</value> - <description>/var/log/hadoop/hdfs/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr</name> - <value>false</value> - <display-name>Audit to SOLR</display-name> - <description>Is Solr audit enabled?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.solr</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.urls</name> - <value/> - <description>Solr URL</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.audit.solr.urls</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.zookeepers</name> - <value>NONE</value> - <description>Solr Zookeeper string</description> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.audit.solr.zookeepers</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.batch.filespool.dir</name> - <value>/var/log/hadoop/hdfs/audit/solr/spool</value> - <description>/var/log/hadoop/hdfs/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.provider.summary.enabled</name> - <value>false</value> - <display-name>Audit provider summary enabled</display-name> - <description>Enable Summary audit?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <!-- These configs are deleted in HDP 2.5. --> - <property> - <name>xasecure.audit.destination.db</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.jdbc.url</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.user</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.password</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.jdbc.driver</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.credential.provider.file</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.db.batch.filespool.dir</name> - <deleted>true</deleted> - <on-ambari-upgrade add="false"/> - </property> - -</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml deleted file mode 100644 index b31742c..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-plugin-properties.xml +++ /dev/null @@ -1,98 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="true"> - <!-- These configs were inherited from HDP 2.2 --> - <property> - <name>policy_user</name> - <value>ambari-qa</value> - <display-name>Policy user for HDFS</display-name> - <description>This user must be system user and also present at Ranger - admin portal</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hadoop.rpc.protection</name> - <value/> - <description>Used for repository creation on ranger admin - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>common.name.for.certificate</name> - <value/> - <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-hdfs-plugin-enabled</name> - <value>No</value> - <display-name>Enable Ranger for HDFS</display-name> - <description>Enable ranger hdfs plugin</description> - <depends-on> - <property> - <type>ranger-env</type> - <name>ranger-hdfs-plugin-enabled</name> - </property> - </depends-on> - <value-attributes> - <type>boolean</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>REPOSITORY_CONFIG_USERNAME</name> - <value>hadoop</value> - <display-name>Ranger repository config user</display-name> - <description>Used for repository creation on ranger admin - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>REPOSITORY_CONFIG_PASSWORD</name> - <value>hadoop</value> - <display-name>Ranger repository config password</display-name> - <property-type>PASSWORD</property-type> - <description>Used for repository creation on ranger admin - </description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <!-- These configs were inherited from HDP 2.5 --> - <property> - <name>hadoop.rpc.protection</name> - <value>authentication</value> - <description>Used for repository creation on ranger admin</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false" /> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml deleted file mode 100644 index de3fcd6..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-policymgr-ssl.xml +++ /dev/null @@ -1,67 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- These configs were inherited from HDP 2.3 --> - <property> - <name>xasecure.policymgr.clientssl.keystore</name> - <value>{{stack_root}}/current/hadoop-client/conf/ranger-plugin-keystore.jks</value> - <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.keystore.password</name> - <value>myKeyFilePassword</value> - <property-type>PASSWORD</property-type> - <description>password for keystore</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore</name> - <value>{{stack_root}}/current/hadoop-client/conf/ranger-plugin-truststore.jks</value> - <description>java truststore file</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description>java truststore password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.keystore.credential.file</name> - <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore.credential.file</name> - <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml deleted file mode 100644 index 1b0a821..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-security.xml +++ /dev/null @@ -1,65 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- These configs were inherited from HDP 2.3 --> - <property> - <name>ranger.plugin.hdfs.service.name</name> - <value>{{repo_name}}</value> - <description>Name of the Ranger service containing Hdfs policies</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hdfs.policy.source.impl</name> - <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> - <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hdfs.policy.rest.url</name> - <value>{{policymgr_mgr_url}}</value> - <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name> - <value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value> - <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hdfs.policy.pollIntervalMs</name> - <value>30000</value> - <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hdfs.policy.cache.dir</name> - <value>/etc/ranger/{{repo_name}}/policycache</value> - <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.add-hadoop-authorization</name> - <value>true</value> - <description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml deleted file mode 100644 index 6ec064a..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-client.xml +++ /dev/null @@ -1,70 +0,0 @@ -<?xml version="1.0"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<configuration> - <property> - <name>ssl.client.truststore.location</name> - <value>/etc/security/clientKeys/all.jks</value> - <description>Location of the trust store file.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.truststore.type</name> - <value>jks</value> - <description>Optional. Default value is "jks".</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.truststore.password</name> - <value>bigdata</value> - <property-type>PASSWORD</property-type> - <description>Password to open the trust store file.</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.truststore.reload.interval</name> - <value>10000</value> - <description>Truststore reload interval, in milliseconds.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.keystore.type</name> - <value>jks</value> - <description>Optional. Default value is "jks".</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.keystore.location</name> - <value>/etc/security/clientKeys/keystore.jks</value> - <description>Location of the keystore file.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.client.keystore.password</name> - <value>bigdata</value> - <property-type>PASSWORD</property-type> - <description>Password to open the keystore file.</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml deleted file mode 100644 index 5d2745f..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ssl-server.xml +++ /dev/null @@ -1,80 +0,0 @@ -<?xml version="1.0"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<configuration> - <property> - <name>ssl.server.truststore.location</name> - <value>/etc/security/serverKeys/all.jks</value> - <description>Location of the trust store file.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.truststore.type</name> - <value>jks</value> - <description>Optional. Default value is "jks".</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.truststore.password</name> - <value>bigdata</value> - <property-type>PASSWORD</property-type> - <description>Password to open the trust store file.</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.truststore.reload.interval</name> - <value>10000</value> - <description>Truststore reload interval, in milliseconds.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.keystore.type</name> - <value>jks</value> - <description>Optional. Default value is "jks".</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.keystore.location</name> - <value>/etc/security/serverKeys/keystore.jks</value> - <description>Location of the keystore file.</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.keystore.password</name> - <value>bigdata</value> - <property-type>PASSWORD</property-type> - <description>Password to open the keystore file.</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ssl.server.keystore.keypassword</name> - <value>bigdata</value> - <property-type>PASSWORD</property-type> - <description>Password for private key in keystore file.</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json deleted file mode 100644 index 1dd801b..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json +++ /dev/null @@ -1,246 +0,0 @@ -{ - "services": [ - { - "name": "HDFS", - "identities": [ - { - "name": "/spnego", - "principal": { - "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal" - }, - "keytab": { - "configuration": "hdfs-site/dfs.web.authentication.kerberos.keytab" - } - }, - { - "name": "/smokeuser" - } - ], - "auth_to_local_properties" : [ - "core-site/hadoop.security.auth_to_local" - ], - "configurations": [ - { - "core-site": { - "hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true", - "hadoop.proxyuser.HTTP.groups": "${hadoop-env/proxyuser_group}" - } - }, - { - "ranger-hdfs-audit": { - "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", - "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", - "xasecure.audit.jaas.Client.option.useKeyTab": "true", - "xasecure.audit.jaas.Client.option.storeKey": "false", - "xasecure.audit.jaas.Client.option.serviceName": "solr", - "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" - } - } - ], - "components": [ - { - "name": "HDFS_CLIENT", - "identities": [ - { - "name": "/HDFS/NAMENODE/hdfs" - } - ] - }, - { - "name": "NAMENODE", - "identities": [ - { - "name": "hdfs", - "principal": { - "value": "${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}", - "type" : "user" , - "configuration": "hadoop-env/hdfs_principal_name", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/hdfs.headless.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hadoop-env/hdfs_user_keytab" - } - }, - { - "name": "namenode_nn", - "principal": { - "value": "nn/_HOST@${realm}", - "type" : "service", - "configuration": "hdfs-site/dfs.namenode.kerberos.principal", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/nn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/dfs.namenode.keytab.file" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal" - } - }, - { - "name": "/HDFS/NAMENODE/namenode_nn", - "principal": { - "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal" - }, - "keytab": { - "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab" - } - } - ], - "configurations": [ - { - "hdfs-site": { - "dfs.block.access.token.enable": "true" - } - } - ] - }, - { - "name": "DATANODE", - "identities": [ - { - "name": "datanode_dn", - "principal": { - "value": "dn/_HOST@${realm}", - "type" : "service", - "configuration": "hdfs-site/dfs.datanode.kerberos.principal", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/dn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/dfs.datanode.keytab.file" - } - } - ], - "configurations" : [ - { - "hdfs-site" : { - "dfs.datanode.address" : "0.0.0.0:1019", - "dfs.datanode.http.address": "0.0.0.0:1022" - } - } - ] - }, - { - "name": "SECONDARY_NAMENODE", - "identities": [ - { - "name": "secondary_namenode_nn", - "principal": { - "value": "nn/_HOST@${realm}", - "type" : "service", - "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/nn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal" - } - } - ] - }, - { - "name": "NFS_GATEWAY", - "identities": [ - { - "name": "nfsgateway", - "principal": { - "value": "nfs/_HOST@${realm}", - "type" : "service", - "configuration": "hdfs-site/nfs.kerberos.principal", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/nfs.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/nfs.keytab.file" - } - } - ] - }, - { - "name": "JOURNALNODE", - "identities": [ - { - "name": "journalnode_jn", - "principal": { - "value": "jn/_HOST@${realm}", - "type" : "service", - "configuration": "hdfs-site/dfs.journalnode.kerberos.principal", - "local_username" : "${hadoop-env/hdfs_user}" - }, - "keytab": { - "file": "${keytab_dir}/jn.service.keytab", - "owner": { - "name": "${hadoop-env/hdfs_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hdfs-site/dfs.journalnode.keytab.file" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal" - } - } - ] - } - ] - } - ] -} http://git-wip-us.apache.org/repos/asf/ambari/blob/c358ae0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml deleted file mode 100644 index 967c974..0000000 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/metainfo.xml +++ /dev/null @@ -1,405 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<metainfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <schemaVersion>2.0</schemaVersion> - <services> - <service> - <name>HDFS</name> - <displayName>HDFS</displayName> - <comment>Apache Hadoop Distributed File System</comment> - <version>3.0.0.3.0</version> - - <components> - <component> - <name>NAMENODE</name> - <displayName>NameNode</displayName> - <category>MASTER</category> - <cardinality>1-2</cardinality> - <versionAdvertised>true</versionAdvertised> - <reassignAllowed>true</reassignAllowed> - <dependencies> - <dependency> - <name>HDFS/ZKFC</name> - <scope>host</scope> - <auto-deploy> - <enabled>false</enabled> - </auto-deploy> - <conditions> - <condition xsi:type="propertyExists"> - <configType>hdfs-site</configType> - <property>dfs.nameservices</property> - </condition> - </conditions> - </dependency> - <dependency> - <name>ZOOKEEPER/ZOOKEEPER_SERVER</name> - <scope>host</scope> - <auto-deploy> - <enabled>false</enabled> - </auto-deploy> - <conditions> - <condition xsi:type="propertyExists"> - <configType>hdfs-site</configType> - <property>dfs.nameservices</property> - </condition> - </conditions> - </dependency> - <dependency> - <name>HDFS/JOURNALNODE</name> - <scope>host</scope> - <auto-deploy> - <enabled>false</enabled> - </auto-deploy> - <conditions> - <condition xsi:type="propertyExists"> - <configType>hdfs-site</configType> - <property>dfs.nameservices</property> - </condition> - </conditions> - </dependency> - </dependencies> - <commandScript> - <script>scripts/namenode.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1800</timeout> - </commandScript> - <logs> - <log> - <logId>hdfs_namenode</logId> - <primary>true</primary> - </log> - <log> - <logId>hdfs_audit</logId> - </log> - </logs> - <customCommands> - <customCommand> - <name>DECOMMISSION</name> - <commandScript> - <script>scripts/namenode.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </customCommand> - <customCommand> - <name>REBALANCEHDFS</name> - <background>true</background> - <commandScript> - <script>scripts/namenode.py</script> - <scriptType>PYTHON</scriptType> - </commandScript> - </customCommand> - </customCommands> - </component> - - <component> - <name>DATANODE</name> - <displayName>DataNode</displayName> - <category>SLAVE</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <decommissionAllowed>true</decommissionAllowed> - <commandScript> - <script>scripts/datanode.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <bulkCommands> - <displayName>DataNodes</displayName> - <!-- Used by decommission and recommission --> - <masterComponent>NAMENODE</masterComponent> - </bulkCommands> - <logs> - <log> - <logId>hdfs_datanode</logId> - <primary>true</primary> - </log> - </logs> - </component> - - <component> - <name>SECONDARY_NAMENODE</name> - <displayName>SNameNode</displayName> - <!-- TODO: cardinality is conditional on HA usage --> - <cardinality>1</cardinality> - <versionAdvertised>true</versionAdvertised> - <reassignAllowed>true</reassignAllowed> - <category>MASTER</category> - <commandScript> - <script>scripts/snamenode.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <logs> - <log> - <logId>hdfs_secondarynamenode</logId> - <primary>true</primary> - </log> - </logs> - </component> - - <component> - <name>HDFS_CLIENT</name> - <displayName>HDFS Client</displayName> - <category>CLIENT</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/hdfs_client.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <configFiles> - <configFile> - <type>xml</type> - <fileName>hdfs-site.xml</fileName> - <dictionaryName>hdfs-site</dictionaryName> - </configFile> - <configFile> - <type>xml</type> - <fileName>core-site.xml</fileName> - <dictionaryName>core-site</dictionaryName> - </configFile> - <configFile> - <type>env</type> - <fileName>log4j.properties</fileName> - <dictionaryName>hdfs-log4j,yarn-log4j</dictionaryName> - </configFile> - <configFile> - <type>env</type> - <fileName>hadoop-env.sh</fileName> - <dictionaryName>hadoop-env</dictionaryName> - </configFile> - </configFiles> - </component> - - <component> - <name>JOURNALNODE</name> - <displayName>JournalNode</displayName> - <category>SLAVE</category> - <cardinality>0+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/journalnode.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <logs> - <log> - <logId>hdfs_journalnode</logId> - <primary>true</primary> - </log> - </logs> - <dependencies> - <dependency> - <name>HDFS/HDFS_CLIENT</name> - <scope>host</scope> - <auto-deploy> - <enabled>true</enabled> - </auto-deploy> - </dependency> - </dependencies> - </component> - - <component> - <name>ZKFC</name> - <displayName>ZKFailoverController</displayName> - <category>SLAVE</category> - <!-- TODO: cardinality is conditional on HA topology --> - <cardinality>0+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/zkfc_slave.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <logs> - <log> - <logId>hdfs_zkfc</logId> - <primary>true</primary> - </log> - </logs> - </component> - - <component> - <name>NFS_GATEWAY</name> - <displayName>NFSGateway</displayName> - <cardinality>0+</cardinality> - <versionAdvertised>true</versionAdvertised> - <category>SLAVE</category> - <commandScript> - <script>scripts/nfsgateway.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <dependencies> - <dependency> - <name>HDFS/HDFS_CLIENT</name> - <scope>host</scope> - <auto-deploy> - <enabled>true</enabled> - </auto-deploy> - </dependency> - </dependencies> - </component> - </components> - - <osSpecifics> - <osSpecific> - <osFamily>any</osFamily> - <packages> - <package> - <name>hadoop</name> - </package> - <package> - <name>hadoop-lzo</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - </packages> - </osSpecific> - - <osSpecific> - <osFamily>amazon2015,redhat6,redhat7,suse11</osFamily> - <packages> - <package> - <name>hadoop-client</name> - </package> - <package> - <name>snappy</name> - </package> - <package> - <name>snappy-devel</name> - </package> - <package> - <name>lzo</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - <package> - <name>hadoop-lzo-native</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - <package> - <name>hadoop-libhdfs</name> - </package> - </packages> - </osSpecific> - - <osSpecific> - <osFamily>suse12</osFamily> - <packages> - <package> - <name>hadoop-client</name> - </package> - <package> - <name>snappy</name> - </package> - <package> - <name>snappy-devel</name> - </package> - <package> - <name>liblzo2-2</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - <package> - <name>hadoop-lzo-native</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - <package> - <name>hadoop-libhdfs</name> - </package> - </packages> - </osSpecific> - - <osSpecific> - <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily> - <packages> - <package> - <name>hadoop-client</name> - </package> - <package> - <name>libsnappy1</name> - </package> - <package> - <name>libsnappy-dev</name> - </package> - <package> - <name>liblzo2-2</name> - <skipUpgrade>true</skipUpgrade> - <condition>should_install_lzo</condition> - </package> - <package> - <name>hadoop-hdfs</name> - </package> - <package> - <name>libhdfs0</name> - </package> - <package> - <name>libhdfs0-dev</name> - </package> - </packages> - </osSpecific> - </osSpecifics> - - <commandScript> - <script>scripts/service_check.py</script> - <scriptType>PYTHON</scriptType> - <timeout>300</timeout> - </commandScript> - - <requiredServices> - <service>ZOOKEEPER</service> - </requiredServices> - - <configuration-dependencies> - <config-type>core-site</config-type> - <config-type>hdfs-site</config-type> - <config-type>hadoop-env</config-type> - <config-type>hadoop-policy</config-type> - <config-type>hdfs-log4j</config-type> - <config-type>ranger-hdfs-plugin-properties</config-type> - <config-type>ssl-client</config-type> - <config-type>ssl-server</config-type> - <config-type>ranger-hdfs-audit</config-type> - <config-type>ranger-hdfs-policymgr-ssl</config-type> - <config-type>ranger-hdfs-security</config-type> - <config-type>ams-ssl-client</config-type> - <config-type>hadoop-metrics2.properties</config-type> - </configuration-dependencies> - <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange> - - <quickLinksConfigurations> - <quickLinksConfiguration> - <fileName>quicklinks.json</fileName> - <default>true</default> - </quickLinksConfiguration> - </quickLinksConfigurations> - - <themes> - <theme> - <fileName>theme.json</fileName> - <default>true</default> - </theme> - </themes> - </service> - </services> -</metainfo>