AMBARI-20088 Log Search should handle turned off Credential Store too (mgergely)
Change-Id: Ib19258e0a2ac7c90118319b3dfe638009b7083a6 Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6baf3875 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6baf3875 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6baf3875 Branch: refs/heads/branch-feature-AMBARI-12556 Commit: 6baf387596906005391746bd41b60283b9aed980 Parents: df22765 Author: Miklos Gergely <[email protected]> Authored: Wed Feb 22 10:22:03 2017 +0100 Committer: Miklos Gergely <[email protected]> Committed: Wed Feb 22 10:22:03 2017 +0100 ---------------------------------------------------------------------- .../LOGSEARCH/0.5.0/package/scripts/params.py | 9 ++++ .../0.5.0/package/scripts/setup_logfeeder.py | 43 ++++++++++++++++---- .../0.5.0/package/scripts/setup_logsearch.py | 35 ++++++++++++---- .../test/python/stacks/2.4/configs/default.json | 1 + 4 files changed, 74 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6baf3875/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py index a023f2f..17c536e 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py @@ -53,9 +53,14 @@ tmp_dir = Script.get_tmp_dir() sudo = AMBARI_SUDO_BINARY security_enabled = status_params.security_enabled +credential_store_enabled = False +if 'credentialStoreEnabled' in config: + credential_store_enabled = config['credentialStoreEnabled'] + logsearch_server_conf = "/etc/ambari-logsearch-portal/conf" logsearch_server_keys_folder = logsearch_server_conf + "/keys" logsearch_logfeeder_conf = "/etc/ambari-logsearch-logfeeder/conf" +logsearch_logfeeder_keys_folder = logsearch_logfeeder_conf + "/keys" logsearch_config_set_dir = format("{logsearch_server_conf}/solr_configsets") @@ -176,8 +181,10 @@ logsearch_app_max_memory = config['configurations']['logsearch-env']['logsearch_ logsearch_keystore_location = config['configurations']['logsearch-env']['logsearch_keystore_location'] logsearch_keystore_type = config['configurations']['logsearch-env']['logsearch_keystore_type'] +logsearch_keystore_password = config['configurations']['logsearch-env']['logsearch_keystore_password'] logsearch_truststore_location = config['configurations']['logsearch-env']['logsearch_truststore_location'] logsearch_truststore_type = config['configurations']['logsearch-env']['logsearch_truststore_type'] +logsearch_truststore_password = config['configurations']['logsearch-env']['logsearch_truststore_password'] logsearch_env_config = dict(config['configurations']['logsearch-env']) logsearch_env_jceks_file = os.path.join(logsearch_server_conf, 'logsearch.jceks') @@ -312,8 +319,10 @@ logfeeder_log4j_content = config['configurations']['logfeeder-log4j']['content'] logfeeder_keystore_location = config['configurations']['logfeeder-env']['logfeeder_keystore_location'] logfeeder_keystore_type = config['configurations']['logfeeder-env']['logfeeder_keystore_type'] +logfeeder_keystore_password = config['configurations']['logfeeder-env']['logfeeder_keystore_password'] logfeeder_truststore_location = config['configurations']['logfeeder-env']['logfeeder_truststore_location'] logfeeder_truststore_type = config['configurations']['logfeeder-env']['logfeeder_truststore_type'] +logfeeder_truststore_password = config['configurations']['logfeeder-env']['logfeeder_truststore_password'] logfeeder_env_config = dict(config['configurations']['logfeeder-env']) logfeeder_env_jceks_file = os.path.join(logsearch_logfeeder_conf, 'logfeeder.jceks') http://git-wip-us.apache.org/repos/asf/ambari/blob/6baf3875/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py index 6952c2c..e6e55b9 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py @@ -45,13 +45,42 @@ def setup_logfeeder(): content='' ) - params.logfeeder_env_config = update_credential_provider_path(params.logfeeder_env_config, - 'logfeeder-env', - params.logfeeder_env_jceks_file, - params.logsearch_user, - params.user_group - ) - params.logfeeder_properties[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file' + params.logfeeder_env_jceks_file + if params.credential_store_enabled: + params.logfeeder_env_config = update_credential_provider_path(params.logfeeder_env_config, + 'logfeeder-env', + params.logfeeder_env_jceks_file, + params.logsearch_user, + params.user_group + ) + params.logfeeder_properties[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file' + params.logfeeder_env_jceks_file + File(format("{logsearch_logfeeder_keys_folder}/ks_pass.txt"), + action="delete" + ) + File(format("{logsearch_logfeeder_keys_folder}/ts_pass.txt"), + action="delete" + ) + else: + Directory(params.logsearch_logfeeder_keys_folder, + cd_access='a', + mode=0755, + owner=params.logsearch_user, + group=params.user_group + ) + + File(format("{logsearch_logfeeder_keys_folder}/ks_pass.txt"), + content=params.logfeeder_keystore_password, + mode=0600, + owner=params.logsearch_user, + group=params.user_group + ) + + File(format("{logsearch_logfeeder_keys_folder}/ts_pass.txt"), + content=params.logfeeder_truststore_password, + mode=0600, + owner=params.logsearch_user, + group=params.user_group + ) + PropertiesFile(format("{logsearch_logfeeder_conf}/logfeeder.properties"), properties = params.logfeeder_properties ) http://git-wip-us.apache.org/repos/asf/ambari/blob/6baf3875/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py index f96bfd0..7738cc1 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py @@ -60,13 +60,34 @@ def setup_logsearch(): content='' ) - params.logsearch_env_config = update_credential_provider_path(params.logsearch_env_config, - 'logsearch-env', - params.logsearch_env_jceks_file, - params.logsearch_user, - params.user_group - ) - params.logsearch_properties[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file' + params.logsearch_env_jceks_file + if params.credential_store_enabled: + params.logsearch_env_config = update_credential_provider_path(params.logsearch_env_config, + 'logsearch-env', + params.logsearch_env_jceks_file, + params.logsearch_user, + params.user_group + ) + params.logsearch_properties[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file' + params.logsearch_env_jceks_file + File(format("{logsearch_server_keys_folder}/ks_pass.txt"), + action="delete" + ) + File(format("{logsearch_server_keys_folder}/ts_pass.txt"), + action="delete" + ) + else: + File(format("{logsearch_server_keys_folder}/ks_pass.txt"), + content=params.logsearch_keystore_password, + mode=0600, + owner= params.logsearch_user, + group=params.user_group + ) + File(format("{logsearch_server_keys_folder}/ts_pass.txt"), + content=params.logsearch_truststore_password, + mode=0600, + owner= params.logsearch_user, + group=params.user_group + ) + PropertiesFile(format("{logsearch_server_conf}/logsearch.properties"), properties=params.logsearch_properties ) http://git-wip-us.apache.org/repos/asf/ambari/blob/6baf3875/ambari-server/src/test/python/stacks/2.4/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.4/configs/default.json b/ambari-server/src/test/python/stacks/2.4/configs/default.json index d4e6064..8822e96 100644 --- a/ambari-server/src/test/python/stacks/2.4/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.4/configs/default.json @@ -18,6 +18,7 @@ "java_home": "/usr/jdk64/jdk1.7.0_45", "db_name": "ambari" }, + "credentialStoreEnabled": "true", "commandType": "EXECUTION_COMMAND", "roleParams": {}, "serviceName": "SLIDER",
