ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)

rlevas Wed, 01 Feb 2017 10:47:06 -0800

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 8092b362d -> 7131b3dd6



AMBARI-19331. Setup correct authentication and authorization mechanism between 
Yarn and Zookeeper (Attila Magyar via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7131b3dd
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7131b3dd
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7131b3dd

Branch: refs/heads/branch-2.5
Commit: 7131b3dd6c7e939da09b7696285f58499ab17f19
Parents: 8092b36
Author: Attila Magyar <[email protected]>
Authored: Wed Feb 1 13:46:15 2017 -0500
Committer: Robert Levas <[email protected]>
Committed: Wed Feb 1 13:46:32 2017 -0500

----------------------------------------------------------------------
 .../YARN/2.1.0.2.0/package/scripts/params_linux.py             | 2 ++
 .../YARN/2.1.0.2.0/package/scripts/resourcemanager.py          | 2 ++
 .../main/resources/stacks/HDP/2.6/services/YARN/kerberos.json  | 6 +++++-
 3 files changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index c56e72f..5a47e03 100644
--- 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -250,6 +250,8 @@ rm_zk_address = 
config['configurations']['yarn-site']['yarn.resourcemanager.zk-a
 rm_zk_znode = 
config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
 rm_zk_store_class = 
config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
 stack_supports_zk_security = 
check_stack_feature(StackFeature.SECURE_ZOOKEEPER, 
version_for_stack_feature_checks)
+rm_zk_failover_znode = 
default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path',
 '/yarn-leader-election')
+hadoop_registry_zk_root = 
default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
 
 if security_enabled:
   rm_principal_name = 
config['configurations']['yarn-site']['yarn.resourcemanager.principal']

http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index 79b5810..5522fbc 100644
--- 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++ 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -241,6 +241,8 @@ class ResourcemanagerDefault(Resourcemanager):
       params.yarn_jaas_file, \
       params.yarn_user)
     zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
 
   def wait_for_dfs_directories_created(self, *dirs):
     import params

http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json 
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
index eaffec6..ae4db4f 100644
--- 
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
+++ 
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
@@ -32,7 +32,11 @@
             "yarn.resourcemanager.proxyuser.*.hosts": "",
             "yarn.resourcemanager.proxyuser.*.users": "",
             "yarn.resourcemanager.proxy-user-privileges.enabled": "true",
-            "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda"
+            "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+            "hadoop.registry.secure" : "true",
+            "hadoop.registry.system.accounts" : 
"sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+            "hadoop.registry.client.auth" : "kerberos",
+            "hadoop.registry.jaas.context" : "Client"
           }
         },
         {

ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)

Reply via email to