Repository: ambari Updated Branches: refs/heads/trunk 23893cc99 -> 89452768c
AMBARI-19390 : AMS Collector works in HTTP mode after setting ams-site/timeline.metrics.service.http.policy=HTTPS_ONLY to HTTPS_ONLY. (avijayan) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/89452768 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/89452768 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/89452768 Branch: refs/heads/trunk Commit: 89452768c062b9d77b0f660845ebdb7d750694b5 Parents: 23893cc Author: Aravindan Vijayan <[email protected]> Authored: Fri Jan 13 14:38:08 2017 -0800 Committer: Aravindan Vijayan <[email protected]> Committed: Fri Jan 13 14:38:08 2017 -0800 ---------------------------------------------------------------------- .../AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml | 9 +++++++++ .../AMBARI_METRICS/0.1.0/package/scripts/ams.py | 2 +- .../AMBARI_METRICS/0.1.0/package/scripts/params.py | 1 + .../stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py | 2 +- .../stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py | 2 +- 5 files changed, 13 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/89452768/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml index 3f28f9f..9543bbe 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml @@ -36,4 +36,13 @@ <description>Password to open the trust store file.</description> <on-ambari-upgrade add="true"/> </property> + <property> + <name>ssl.client.truststore.alias</name> + <value></value> + <description>Alias used to create certificate for AMS. (Default is hostname)</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/89452768/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py index 8bb8a27..c3bc600 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py @@ -464,7 +464,7 @@ def export_ca_certs(dir_path): if (params.metric_truststore_type.lower() == 'jks'): # Convert truststore from JKS to PKCS12 - cmd = format("{sudo} {java64_home}/bin/keytool -importkeystore -srckeystore {metric_truststore_path} -destkeystore {truststore_p12} -deststoretype PKCS12 -srcstorepass {metric_truststore_password} -deststorepass {metric_truststore_password}") + cmd = format("{sudo} {java64_home}/bin/keytool -importkeystore -srckeystore {metric_truststore_path} -destkeystore {truststore_p12} -srcalias {metric_truststore_alias} -deststoretype PKCS12 -srcstorepass {metric_truststore_password} -deststorepass {metric_truststore_password}") Execute(cmd, ) truststore = truststore_p12 http://git-wip-us.apache.org/repos/asf/ambari/blob/89452768/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py index f979abb..433870f 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py @@ -76,6 +76,7 @@ else: metric_truststore_path= default("/configurations/ams-ssl-client/ssl.client.truststore.location", "") metric_truststore_type= default("/configurations/ams-ssl-client/ssl.client.truststore.type", "") metric_truststore_password= default("/configurations/ams-ssl-client/ssl.client.truststore.password", "") +metric_truststore_alias = default("/configurations/ams-ssl-client/ssl.client.truststore.alias", config["hostname"]) metric_truststore_ca_certs='ca.pem' agent_cache_dir = config['hostLevelParams']['agentCacheDir'] http://git-wip-us.apache.org/repos/asf/ambari/blob/89452768/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py b/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py index 6a754e3..6f48eec 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py +++ b/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_collector.py @@ -41,7 +41,7 @@ class TestMetricsCollector(RMFTestCase): self.assert_hbase_configure('master', distributed=True) self.assert_hbase_configure('regionserver', distributed=True) self.assert_ams('collector', distributed=True) - self.assertResourceCalled('Execute', 'ambari-sudo.sh /usr/jdk64/jdk1.7.0_45/bin/keytool -importkeystore -srckeystore /etc/security/clientKeys/all.jks -destkeystore /some_tmp_dir/truststore.p12 -deststoretype PKCS12 -srcstorepass bigdata -deststorepass bigdata', + self.assertResourceCalled('Execute', 'ambari-sudo.sh /usr/jdk64/jdk1.7.0_45/bin/keytool -importkeystore -srckeystore /etc/security/clientKeys/all.jks -destkeystore /some_tmp_dir/truststore.p12 -srcalias c6401.ambari.apache.org -deststoretype PKCS12 -srcstorepass bigdata -deststorepass bigdata', ) self.assertResourceCalled('Execute', 'ambari-sudo.sh openssl pkcs12 -in /some_tmp_dir/truststore.p12 -out /etc/ambari-metrics-collector/conf/ca.pem -cacerts -nokeys -passin pass:bigdata', ) http://git-wip-us.apache.org/repos/asf/ambari/blob/89452768/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py b/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py index 9ac14c4..07b27a6 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py +++ b/ambari-server/src/test/python/stacks/2.0.6/AMBARI_METRICS/test_metrics_grafana.py @@ -60,7 +60,7 @@ class TestMetricsGrafana(RMFTestCase): self.assertResourceCalled('Execute', ('chown', u'-R', u'ams', '/var/run/ambari-metrics-grafana'), sudo = True ) - self.assertResourceCalled('Execute', 'ambari-sudo.sh /usr/jdk64/jdk1.7.0_45/bin/keytool -importkeystore -srckeystore /etc/security/clientKeys/all.jks -destkeystore /some_tmp_dir/truststore.p12 -deststoretype PKCS12 -srcstorepass bigdata -deststorepass bigdata', + self.assertResourceCalled('Execute', 'ambari-sudo.sh /usr/jdk64/jdk1.7.0_45/bin/keytool -importkeystore -srckeystore /etc/security/clientKeys/all.jks -destkeystore /some_tmp_dir/truststore.p12 -srcalias c6401.ambari.apache.org -deststoretype PKCS12 -srcstorepass bigdata -deststorepass bigdata', ) self.assertResourceCalled('Execute', 'ambari-sudo.sh openssl pkcs12 -in /some_tmp_dir/truststore.p12 -out /etc/ambari-metrics-grafana/conf/ca.pem -cacerts -nokeys -passin pass:bigdata', )
