Repository: ambari Updated Branches: refs/heads/trunk 4d8006502 -> dca9135af
AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/dca9135a Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/dca9135a Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/dca9135a Branch: refs/heads/trunk Commit: dca9135af7702ec21f91859095ef34332cc6cc30 Parents: 4d80065 Author: Sumit Mohanty <[email protected]> Authored: Fri Feb 3 13:24:24 2017 -0800 Committer: Sumit Mohanty <[email protected]> Committed: Fri Feb 3 13:30:43 2017 -0800 ---------------------------------------------------------------------- .../DRUID/0.9.2/configuration/druid-common.xml | 6 ++++++ .../DRUID/0.9.2/package/scripts/druid.py | 2 ++ .../DRUID/0.9.2/package/scripts/params.py | 5 ++++- .../stacks/HDP/2.6/services/DRUID/kerberos.json | 19 ++++++++++++++++++- .../test/python/stacks/2.6/DRUID/test_druid.py | 2 ++ .../test/python/stacks/2.6/configs/default.json | 3 ++- 6 files changed, 34 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml index e00480e..a494750 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml @@ -46,6 +46,12 @@ <on-ambari-upgrade add="false"/> </property> <property> + <name>druid.security.extensions.loadList</name> + <value>[]</value> + <description>A comma-separated list of one or more druid security extensions to load. This property will be set via the kerberos wizard and User will not be allowed to modify this when security is enabled.</description> + <on-ambari-upgrade add="false"/> + </property> + <property> <name>druid.zk.service.host</name> <value>localhost:2181</value> <description> http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py index 20eda92..18febeb 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py @@ -48,6 +48,8 @@ def druid(upgrade_type=None, nodeType=None): 'druid.service'] druid_common_config['druid.selectors.coordinator.serviceName'] = \ params.config['configurations']['druid-coordinator']['druid.service'] + druid_common_config['druid.extensions.loadList'] = json.dumps(eval(params.druid_extensions_load_list) + + eval(params.druid_security_extensions_load_list)) # delete the password and user if empty otherwiswe derby will fail. if 'derby' == druid_common_config['druid.metadata.storage.type']: http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py index 558087d..aed4043 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py @@ -74,6 +74,9 @@ druid_log_dir = config['configurations']['druid-env']['druid_log_dir'] druid_classpath = config['configurations']['druid-env']['druid_classpath'] druid_extensions = config['configurations']['druid-common']['druid.extensions.pullList'] druid_repo_list = config['configurations']['druid-common']['druid.extensions.repositoryList'] +druid_extensions_load_list = config['configurations']['druid-common']['druid.extensions.loadList'] +druid_security_extensions_load_list = config['configurations']['druid-common']['druid.security.extensions.loadList'] + # status params druid_pid_dir = status_params.druid_pid_dir @@ -121,7 +124,7 @@ hdfs_site = config['configurations']['hdfs-site'] default_fs = config['configurations']['core-site']['fs.defaultFS'] dfs_type = default("/commandParams/dfs_type", "") -# Kerberose +# Kerberos druid_principal_name = default('/configurations/druid-common/druid.hadoop.security.kerberos.principal', 'missing_principal') druid_user_keytab = default('/configurations/druid-common/druid.hadoop.security.kerberos.keytab', 'missing_keytab') http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json index 1661285..251975b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json @@ -4,7 +4,13 @@ "name": "DRUID", "identities": [ { - "name": "/spnego" + "name": "/spnego", + "principal": { + "configuration": "druid-common/druid.hadoop.security.spnego.principal" + }, + "keytab": { + "configuration": "druid-common/druid.hadoop.security.spnego.keytab" + } }, { "name": "druid", @@ -72,6 +78,17 @@ } ] } + ], + "configurations": [ + { + "druid-common": { + "druid.hadoop.security.spnego.excludedPaths": "[\"/status\"]", + "druid.security.extensions.loadList" : "[\"druid-kerberos\"]" + } + } + ], + "auth_to_local_properties" : [ + "druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped" ] } ] http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py index 0a143ae..422e9ba 100644 --- a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py +++ b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py @@ -445,6 +445,8 @@ class TestDruid(RMFTestCase): druid_common_config['druid.extensions.hadoopDependenciesDir'] = format('/usr/hdp/current/{role}/hadoop-dependencies') druid_common_config['druid.selectors.indexing.serviceName'] = 'druid/overlord' druid_common_config['druid.selectors.coordinator.serviceName'] = 'druid/coordinator' + druid_common_config['druid.extensions.loadList'] = '["mysql-metadata-storage", "druid-datasketches", "druid-kerberos"]' + self.assertResourceCalled('PropertiesFile', 'common.runtime.properties', dir=format("/usr/hdp/current/{role}/conf/_common"), http://git-wip-us.apache.org/repos/asf/ambari/blob/dca9135a/ambari-server/src/test/python/stacks/2.6/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.6/configs/default.json b/ambari-server/src/test/python/stacks/2.6/configs/default.json index 963c4a4..4d9f98c 100644 --- a/ambari-server/src/test/python/stacks/2.6/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.6/configs/default.json @@ -430,7 +430,8 @@ "druid.indexer.logs.directory": "/user/druid/logs", "druid.extensions.pullList": "[\"custom-druid-extension\"]", "druid.extensions.repositoryList": "[\"http://custom-mvn-repo/public/release\"]";, - "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]" + "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]", + "druid.security.extensions.loadList": "[\"druid-kerberos\"]" }, "druid-historical" : { "druid.segmentCache.infoDir" : "/apps/druid/segmentCache/info_dir",
