AMBARI-20308 - Atlas service check fails during EU on wire encrypted cluster (jonathanhurley)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8e688244 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8e688244 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8e688244 Branch: refs/heads/branch-dev-logsearch Commit: 8e68824473cf68b5129ead6f81d4d9e5b9cfdc8f Parents: e19f57e Author: Jonathan Hurley <jhur...@hortonworks.com> Authored: Mon Mar 6 14:21:11 2017 -0500 Committer: Jonathan Hurley <jhur...@hortonworks.com> Committed: Mon Mar 6 14:23:44 2017 -0500 ---------------------------------------------------------------------- .../configuration/application-properties.xml | 42 ++++++++++++++++++++ .../stacks/HDP/2.5/upgrades/config-upgrade.xml | 6 +++ .../HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml | 16 +++++--- .../HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml | 6 +++ .../stacks/HDP/2.5/upgrades/upgrade-2.5.xml | 6 +++ .../stacks/HDP/2.5/upgrades/upgrade-2.6.xml | 1 + .../configuration/application-properties.xml | 3 +- 7 files changed, 73 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml new file mode 100644 index 0000000..366ecf6 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml @@ -0,0 +1,42 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false"> + + <!-- Supported in HDP 2.5.4 --> + <property> + <name>atlas.ssl.exclude.protocols</name> + <display-name>Excluded Wire Encryption Protocols</display-name> + <value>TLSv1.2</value> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <description>A comma-separate list of the wire encryption protocols to exclude when TLS is enabled. Some versions of cURL do not work with TLSv1.2.</description> + <used-by> + <property> + <type>application-properties</type> + <name>atlas.enableTLS</name> + </property> + </used-by> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml index 93e0149..6f3fe42 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml @@ -103,6 +103,11 @@ <replace key="content" find="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">" replace-with="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">\n<param name="MaxFileSize" value="{{atlas_log_max_backup_size}}MB" />"/> <replace key="content" find="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">" replace-with="<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">\n<param name="MaxFileSize" value="{{atlas_log_number_of_backup_files}}" />"/> </definition> + + <definition xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol" summary="Excluding TLS v1.2 Protocol"> + <type>application-properties</type> + <set key="atlas.ssl.exclude.protocols" value="TLSv1.2" if-type="application-properties" if-key="atlas.ssl.exclude.protocols" if-key-state="absent"/> + </definition> </changes> </component> <component name="SPARK_CLIENT"> @@ -136,6 +141,7 @@ </changes> </component> </service> + <service name="OOZIE"> <component name="OOZIE_SERVER"> <changes> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml index 5b37375..e7ada04 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml @@ -75,7 +75,7 @@ <service name="FLUME"> <component>FLUME_HANDLER</component> </service> - + <service name="ACCUMULO"> <component>ACCUMULO_TRACER</component> <component>ACCUMULO_GC</component> @@ -300,6 +300,12 @@ <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Nimbus"> <task xsi:type="configure" id="increase_storm_zookeeper_timeouts"/> </execute-stage> + + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Updating Atlas TLS Exclude Protocols"> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"> + <summary>Updating Atlas TLS Exclude Protocols to exclude TLS v1.2</summary> + </task> + </execute-stage> </group> <!-- @@ -329,7 +335,7 @@ </task> </execute-stage> </group> - + <!-- Now, restart all of the services. --> <group xsi:type="restart" name="ZOOKEEPER" title="ZooKeeper"> <service-check>false</service-check> @@ -671,7 +677,7 @@ <component>FLUME_HANDLER</component> </service> </group> - + <group xsi:type="restart" name="ACCUMULO" title="Accumulo"> <service-check>false</service-check> <skippable>true</skippable> @@ -700,7 +706,7 @@ <group xsi:type="cluster" name="FINALIZE_PRE_CHECK" title="Finalize {{direction.text.proper}} Pre-Check"> <direction>UPGRADE</direction> - + <execute-stage title="Check Component Versions"> <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.ComponentVersionCheckAction" /> </execute-stage> @@ -770,7 +776,7 @@ <function>setup_ranger_java_patches</function> </task> </pre-upgrade> - + <pre-downgrade copy-upgrade="true" /> <upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml index 55e8924..fe297c3 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml @@ -431,6 +431,12 @@ <summary>Updating the Atlas Log4J properties to include parameterizations</summary> </task> </execute-stage> + + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Updating Atlas TLS Exclude Protocols"> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"> + <summary>Updating Atlas TLS Exclude Protocols to exclude TLS v1.2</summary> + </task> + </execute-stage> <!--KAFKA--> <execute-stage service="KAFKA" component="KAFKA_BROKER" title="Parameterizing Kafka Log4J Properties"> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml index 15e5536..a030adb 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml @@ -934,6 +934,12 @@ <service name="ATLAS"> <component name="ATLAS_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"/> + </pre-upgrade> + + <pre-downgrade/> + <upgrade> <task xsi:type="restart-task"/> </upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml index 0c0b08e..97313b5 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml @@ -1066,6 +1066,7 @@ <component name="ATLAS_SERVER"> <pre-upgrade> <task xsi:type="configure" id="atlas_log4j_parameterize" /> + <task xsi:type="configure" id="hdp_2_5_4_0_atlas_exclude_tls_protocol"/> </pre-upgrade> <pre-downgrade /> <upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/8e688244/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml index 47e1fb5..91de1b0 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/application-properties.xml @@ -60,7 +60,7 @@ <on-ambari-upgrade add="true"/> </property> - <property> + <property> <name>atlas.sso.knox.browser.useragent</name> <value/> <description/> @@ -92,5 +92,4 @@ </value-attributes> <on-ambari-upgrade add="true"/> </property> - </configuration>