AMBARI-13324 automate creating Flume Keytab and principal (Shi Wang via dili)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d77f3a54 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d77f3a54 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d77f3a54 Branch: refs/heads/branch-dev-patch-upgrade Commit: d77f3a54fcbb79e9a2518a56bb78b0468a8a8b4f Parents: ad0f4ec Author: Di Li <[email protected]> Authored: Tue Jan 24 15:19:41 2017 -0500 Committer: Di Li <[email protected]> Committed: Tue Jan 24 15:19:41 2017 -0500 ---------------------------------------------------------------------- .../FLUME/1.4.0.2.0/kerberos.json | 44 ++++++++++++++++++++ .../1.4.0.2.0/package/scripts/flume_check.py | 6 +-- .../FLUME/1.4.0.2.0/package/scripts/params.py | 12 +++++- .../stacks/2.0.6/FLUME/test_service_check.py | 1 + 4 files changed, 59 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json new file mode 100644 index 0000000..ab46912 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json @@ -0,0 +1,44 @@ +{ + "services": [ + { + "name": "FLUME", + "components": [ + { + "name": "FLUME_HANDLER", + "identities": [ + { + "name": "flume_principal", + "principal": { + "value": "${flume-env/flume_user}/_HOST@${realm}", + "type" : "service", + "configuration": "flume-env/flume_principal_name", + "local_username": "${flume-env/flume_user}" + + }, + "keytab": { + "file": "${keytab_dir}/flume.service.keytab", + "owner": { + "name": "${flume-env/flume_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "flume-env/flume_keytab_path" + } + } + ], + "configurations": [ + { + "core-site": { + "hadoop.proxyuser.flume.groups": "${hadoop-env/proxyuser_group}", + "hadoop.proxyuser.flume.hosts": "*" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py index c5450bb..80f4de2 100644 --- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py +++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py @@ -38,11 +38,11 @@ class FlumeServiceCheck(Script): import params env.set_params(params) if params.security_enabled: - principal_replaced = params.http_principal.replace("_HOST", params.hostname) - Execute(format("{kinit_path_local} -kt {http_keytab} {principal_replaced}"), - user=params.smoke_user) + Execute(format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal}"), + user=params.smokeuser) Execute(format('env JAVA_HOME={java_home} {flume_bin} version'), + user=params.smokeuser, logoutput=True, tries = 3, try_sleep = 20) http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py index a44b461..b143941 100644 --- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py @@ -22,6 +22,7 @@ from resource_management.libraries.functions import format from resource_management.libraries.functions.version import format_stack_version from resource_management.libraries.functions.default import default from resource_management.libraries.script.script import Script +from resource_management.libraries.functions import get_kinit_path from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames if OSCheck.is_windows_family(): @@ -40,7 +41,11 @@ version = default("/commandParams/version", None) user_group = config['configurations']['cluster-env']['user_group'] proxyuser_group = config['configurations']['hadoop-env']['proxyuser_group'] -security_enabled = False +security_enabled = config['configurations']['cluster-env']['security_enabled'] +if security_enabled : + _hostname_lowercase = config['hostname'].lower() + flume_jaas_princ = config['configurations']['flume-env']['flume_principal_name'] + flume_keytab_path = config['configurations']['flume-env']['flume_keytab_path'] stack_version_unformatted = config['hostLevelParams']['stack_version'] stack_version_formatted = format_stack_version(stack_version_unformatted) @@ -125,3 +130,8 @@ if not len(default("/clusterHostInfo/zookeeper_hosts", [])) == 0: # last port config zookeeper_quorum += ':' + zookeeper_clientPort +# smokeuser +kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None)) +smokeuser = config['configurations']['cluster-env']['smokeuser'] +smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name'] +smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py index 152d00c..8f59174 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py +++ b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py @@ -35,6 +35,7 @@ class TestFlumeCheck(RMFTestCase): ) self.assertResourceCalled('Execute', 'env JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /usr/bin/flume-ng version', + user = 'ambari-qa', logoutput = True, tries = 3, try_sleep = 20)
