AMBARI-20586. Add (optional) master_kdcs to kerberos-env and generated krb5.conf file (Balazs Bence Sari via adoroszlai)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c17979cb Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c17979cb Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c17979cb Branch: refs/heads/branch-3.0-perf Commit: c17979cb734779f0a8511e5c852399f56cbcfa97 Parents: 00f269b Author: Balazs Bence Sari <[email protected]> Authored: Fri Mar 31 19:53:10 2017 +0200 Committer: Andrew Onishuk <[email protected]> Committed: Sat Apr 1 10:07:36 2017 +0300 ---------------------------------------------------------------------- .../BlueprintConfigurationProcessor.java | 1 + .../1.10.3-10/configuration/kerberos-env.xml | 15 +++++ .../1.10.3-10/configuration/krb5-conf.xml | 43 ++------------ .../package/scripts/kerberos_common.py | 5 +- .../1.10.3-10/package/scripts/params.py | 2 + .../1.10.3-10/package/templates/krb5_conf.j2 | 54 ------------------ .../KERBEROS/1.10.3-10/properties/krb5_conf.j2 | 60 ++++++++++++++++++++ .../KERBEROS/configuration/kerberos-env.xml | 15 +++++ .../KERBEROS/configuration/krb5-conf.xml | 43 ++------------ .../KERBEROS/package/scripts/kerberos_common.py | 5 +- .../services/KERBEROS/package/scripts/params.py | 2 + .../KERBEROS/package/templates/krb5_conf.j2 | 54 ------------------ .../services/KERBEROS/properties/krb5_conf.j2 | 60 ++++++++++++++++++++ .../BlueprintConfigurationProcessorTest.java | 5 +- .../stacks/2.2/KERBEROS/test_kerberos_client.py | 4 +- .../python/stacks/2.2/KERBEROS/use_cases.py | 5 +- 16 files changed, 174 insertions(+), 199 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java index e5927d6..db1aa07 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java @@ -160,6 +160,7 @@ public class BlueprintConfigurationProcessor { new SimplePropertyNameExportFilter("tez.tez-ui.history-url.base", "tez-site"), new SimplePropertyNameExportFilter("admin_server_host", "kerberos-env"), new SimplePropertyNameExportFilter("kdc_hosts", "kerberos-env"), + new SimplePropertyNameExportFilter("master_kdc", "kerberos-env"), new SimplePropertyNameExportFilter("realm", "kerberos-env"), new SimplePropertyNameExportFilter("kdc_type", "kerberos-env"), new SimplePropertyNameExportFilter("ldap-url", "kerberos-env"), http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml index 965ee13..e07e28e 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml @@ -147,6 +147,21 @@ <on-ambari-upgrade add="true"/> </property> <property> + <name>master_kdc</name> + <description> + The IP address or FQDN of the master KDC host in a master-slave KDC deployment. + Optionally a port number may be included. + Example: kdc1.example.com:88 + </description> + <display-name>Master KDC host</display-name> + <value/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> <name>admin_server_host</name> <display-name>Kadmin host</display-name> <description> http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml index c692b92..1963e2c 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml @@ -61,48 +61,13 @@ <name>content</name> <display-name>krb5-conf template</display-name> <description>Customizable krb5.conf template (Jinja template engine)</description> - <value> -[libdefaults] - renew_lifetime = 7d - forwardable = true - default_realm = {{realm}} - ticket_lifetime = 24h - dns_lookup_realm = false - dns_lookup_kdc = false - default_ccache_name = /tmp/krb5cc_%{uid} - #default_tgs_enctypes = {{encryption_types}} - #default_tkt_enctypes = {{encryption_types}} -{% if domains %} -[domain_realm] -{%- for domain in domains.split(',') %} - {{domain|trim()}} = {{realm}} -{%- endfor %} -{% endif %} -[logging] - default = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - kdc = FILE:/var/log/krb5kdc.log - -[realms] - {{realm}} = { -{%- if kdc_hosts > 0 -%} -{%- set kdc_host_list = kdc_hosts.split(',') -%} -{%- if kdc_host_list and kdc_host_list|length > 0 %} - admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} -{%- if kdc_host_list -%} -{% for kdc_host in kdc_host_list %} - kdc = {{kdc_host|trim()}} -{%- endfor -%} -{% endif %} -{%- endif %} -{%- endif %} - } - -{# Append additional realm declarations below #} - </value> + <property-type>VALUE_FROM_PROPERTY_FILE</property-type> + <value/> <value-attributes> <type>content</type> <overridable>false</overridable> + <property-file-name>krb5_conf.j2</property-file-name> + <property-file-type>text</property-file-type> </value-attributes> <on-ambari-upgrade add="true"/> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py index 8cb1f0c..fcd57af 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py @@ -116,10 +116,7 @@ class KerberosScript(Script): mode=0755 ) - if (params.krb5_conf_template is None) or not params.krb5_conf_template.strip(): - content = Template('krb5_conf.j2') - else: - content = InlineTemplate(params.krb5_conf_template) + content = InlineTemplate(params.krb5_conf_template) File(params.krb5_conf_path, content=content, http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py index 57f062a..0f2acca 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py @@ -104,6 +104,7 @@ if config is not None: realm = 'EXAMPLE.COM' domains = '' kdc_hosts = 'localhost' + master_kdc = None admin_server_host = None admin_principal = None admin_password = None @@ -125,6 +126,7 @@ if config is not None: encryption_types = get_property_value(kerberos_env, "encryption_types", None, True, None) realm = get_property_value(kerberos_env, "realm", None, True, None) kdc_hosts = get_property_value(kerberos_env, 'kdc_hosts', kdc_hosts) + master_kdc = get_property_value(kerberos_env, 'master_kdc') admin_server_host = get_property_value(kerberos_env, 'admin_server_host', admin_server_host) if krb5_conf_data is not None: http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 deleted file mode 100644 index 0191953..0000000 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#} -[libdefaults] - renew_lifetime = 7d - forwardable = true - default_realm = {{realm}} - ticket_lifetime = 24h - dns_lookup_realm = false - dns_lookup_kdc = false - default_ccache_name = /tmp/krb5cc_%{uid} - #default_tgs_enctypes = {{encryption_types}} - #default_tkt_enctypes = {{encryption_types}} -{% if domains %} -[domain_realm] -{%- for domain in domains.split(',') %} - {{domain|trim()}} = {{realm}} -{%- endfor %} -{% endif %} -[logging] - default = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - kdc = FILE:/var/log/krb5kdc.log - -[realms] - {{realm}} = { -{%- if kdc_hosts > 0 -%} -{%- set kdc_host_list = kdc_hosts.split(',') -%} -{%- if kdc_host_list and kdc_host_list|length > 0 %} - admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} -{%- if kdc_host_list -%} -{% for kdc_host in kdc_host_list %} - kdc = {{kdc_host|trim()}} -{%- endfor -%} -{% endif %} -{%- endif %} -{%- endif %} - } - -{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2 new file mode 100644 index 0000000..612751b --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2 @@ -0,0 +1,60 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +[libdefaults] + renew_lifetime = 7d + forwardable = true + default_realm = {{realm}} + ticket_lifetime = 24h + dns_lookup_realm = false + dns_lookup_kdc = false + default_ccache_name = /tmp/krb5cc_%{uid} + #default_tgs_enctypes = {{encryption_types}} + #default_tkt_enctypes = {{encryption_types}} +{% if domains %} +[domain_realm] +{%- for domain in domains.split(',') %} + {{domain|trim()}} = {{realm}} +{%- endfor %} +{% endif %} +[logging] + default = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + kdc = FILE:/var/log/krb5kdc.log + +[realms] + {{realm}} = { +{%- if master_kdc %} + master_kdc = {{master_kdc|trim()}} +{%- endif -%} +{%- if kdc_hosts > 0 -%} +{%- set kdc_host_list = kdc_hosts.split(',') -%} +{%- if kdc_host_list and kdc_host_list|length > 0 %} + admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} +{%- if kdc_host_list -%} +{%- if master_kdc and (master_kdc not in kdc_host_list) %} + kdc = {{master_kdc|trim()}} +{%- endif -%} +{% for kdc_host in kdc_host_list %} + kdc = {{kdc_host|trim()}} +{%- endfor -%} +{% endif %} +{%- endif %} +{%- endif %} + } + +{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml index 7016437..66e81db 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml @@ -147,6 +147,21 @@ <on-ambari-upgrade add="true"/> </property> <property> + <name>master_kdc</name> + <description> + The IP address or FQDN of the master KDC host in a master-slave KDC deployment. + Optionally a port number may be included. + Example: kdc1.example.com:88 + </description> + <display-name>Master KDC host</display-name> + <value/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> <name>admin_server_host</name> <display-name>Kadmin host</display-name> <description> http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml index c692b92..1963e2c 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml @@ -61,48 +61,13 @@ <name>content</name> <display-name>krb5-conf template</display-name> <description>Customizable krb5.conf template (Jinja template engine)</description> - <value> -[libdefaults] - renew_lifetime = 7d - forwardable = true - default_realm = {{realm}} - ticket_lifetime = 24h - dns_lookup_realm = false - dns_lookup_kdc = false - default_ccache_name = /tmp/krb5cc_%{uid} - #default_tgs_enctypes = {{encryption_types}} - #default_tkt_enctypes = {{encryption_types}} -{% if domains %} -[domain_realm] -{%- for domain in domains.split(',') %} - {{domain|trim()}} = {{realm}} -{%- endfor %} -{% endif %} -[logging] - default = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - kdc = FILE:/var/log/krb5kdc.log - -[realms] - {{realm}} = { -{%- if kdc_hosts > 0 -%} -{%- set kdc_host_list = kdc_hosts.split(',') -%} -{%- if kdc_host_list and kdc_host_list|length > 0 %} - admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} -{%- if kdc_host_list -%} -{% for kdc_host in kdc_host_list %} - kdc = {{kdc_host|trim()}} -{%- endfor -%} -{% endif %} -{%- endif %} -{%- endif %} - } - -{# Append additional realm declarations below #} - </value> + <property-type>VALUE_FROM_PROPERTY_FILE</property-type> + <value/> <value-attributes> <type>content</type> <overridable>false</overridable> + <property-file-name>krb5_conf.j2</property-file-name> + <property-file-type>text</property-file-type> </value-attributes> <on-ambari-upgrade add="true"/> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py index 70c81e7..abf58ee 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py @@ -110,10 +110,7 @@ class KerberosScript(Script): mode=0755 ) - if (params.krb5_conf_template is None) or not params.krb5_conf_template.strip(): - content = Template('krb5_conf.j2') - else: - content = InlineTemplate(params.krb5_conf_template) + content = InlineTemplate(params.krb5_conf_template) File(params.krb5_conf_path, content=content, http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py index 3533b35..4eb5b02 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py @@ -101,6 +101,7 @@ if config is not None: realm = 'EXAMPLE.COM' domains = '' kdc_hosts = 'localhost' + master_kdc = None admin_server_host = None admin_principal = None admin_password = None @@ -122,6 +123,7 @@ if config is not None: encryption_types = get_property_value(kerberos_env, "encryption_types", None, True, None) realm = get_property_value(kerberos_env, "realm", None, True, None) kdc_hosts = get_property_value(kerberos_env, 'kdc_hosts', kdc_hosts) + master_kdc = get_property_value(kerberos_env, 'master_kdc') admin_server_host = get_property_value(kerberos_env, 'admin_server_host', admin_server_host) if krb5_conf_data is not None: http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 deleted file mode 100644 index 0191953..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#} -[libdefaults] - renew_lifetime = 7d - forwardable = true - default_realm = {{realm}} - ticket_lifetime = 24h - dns_lookup_realm = false - dns_lookup_kdc = false - default_ccache_name = /tmp/krb5cc_%{uid} - #default_tgs_enctypes = {{encryption_types}} - #default_tkt_enctypes = {{encryption_types}} -{% if domains %} -[domain_realm] -{%- for domain in domains.split(',') %} - {{domain|trim()}} = {{realm}} -{%- endfor %} -{% endif %} -[logging] - default = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - kdc = FILE:/var/log/krb5kdc.log - -[realms] - {{realm}} = { -{%- if kdc_hosts > 0 -%} -{%- set kdc_host_list = kdc_hosts.split(',') -%} -{%- if kdc_host_list and kdc_host_list|length > 0 %} - admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} -{%- if kdc_host_list -%} -{% for kdc_host in kdc_host_list %} - kdc = {{kdc_host|trim()}} -{%- endfor -%} -{% endif %} -{%- endif %} -{%- endif %} - } - -{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2 new file mode 100644 index 0000000..612751b --- /dev/null +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2 @@ -0,0 +1,60 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +[libdefaults] + renew_lifetime = 7d + forwardable = true + default_realm = {{realm}} + ticket_lifetime = 24h + dns_lookup_realm = false + dns_lookup_kdc = false + default_ccache_name = /tmp/krb5cc_%{uid} + #default_tgs_enctypes = {{encryption_types}} + #default_tkt_enctypes = {{encryption_types}} +{% if domains %} +[domain_realm] +{%- for domain in domains.split(',') %} + {{domain|trim()}} = {{realm}} +{%- endfor %} +{% endif %} +[logging] + default = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + kdc = FILE:/var/log/krb5kdc.log + +[realms] + {{realm}} = { +{%- if master_kdc %} + master_kdc = {{master_kdc|trim()}} +{%- endif -%} +{%- if kdc_hosts > 0 -%} +{%- set kdc_host_list = kdc_hosts.split(',') -%} +{%- if kdc_host_list and kdc_host_list|length > 0 %} + admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} +{%- if kdc_host_list -%} +{%- if master_kdc and (master_kdc not in kdc_host_list) %} + kdc = {{master_kdc|trim()}} +{%- endif -%} +{% for kdc_host in kdc_host_list %} + kdc = {{kdc_host|trim()}} +{%- endfor -%} +{% endif %} +{%- endif %} +{%- endif %} + } + +{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java index 54d4fcc..dba4043 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java @@ -894,7 +894,8 @@ public class BlueprintConfigurationProcessorTest { // simulate the case of a Kerberized cluster, including config // added by the Kerberos service kerberosEnvProperties.put("admin_server_host", expectedHostName); - kerberosEnvProperties.put("kdc_hosts", expectedHostName); + kerberosEnvProperties.put("kdc_hosts", expectedHostName + ",secondary.kdc.org"); + kerberosEnvProperties.put("master_kdc", expectedHostName); coreSiteProperties.put("hadoop.proxyuser.yarn.hosts", expectedHostName); Configuration clusterConfig = new Configuration(configProperties, @@ -923,6 +924,8 @@ public class BlueprintConfigurationProcessorTest { kerberosEnvProperties.containsKey("admin_server_host")); assertFalse("kdc_hosts should not be present in exported blueprint in kerberos-env", kerberosEnvProperties.containsKey("kdc_hosts")); + assertFalse("master_kdc should not be present in exported blueprint in kerberos-env", + kerberosEnvProperties.containsKey("master_kdc")); assertEquals("hadoop.proxyuser.yarn.hosts was not exported correctly", createExportedHostName("host_group_1"), coreSiteProperties.get("hadoop.proxyuser.yarn.hosts")); } http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py index 6727b2f..f638845 100644 --- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py +++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py @@ -32,7 +32,7 @@ class TestKerberosClient(RMFTestCase): STACK_VERSION = "2.2" def test_configure_managed_kdc(self): - json_data = use_cases.get_manged_kdc_use_case() + json_data = use_cases.get_managed_kdc_use_case() self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kerberos_client.py", classname="KerberosClient", @@ -52,7 +52,7 @@ class TestKerberosClient(RMFTestCase): "/" + use_cases.get_krb5_conf_file(json_data)) self.assertResourceCalled('File', file_path, - content=Template('krb5_conf.j2'), + content=InlineTemplate(use_cases.get_krb5_conf_template(json_data)), owner='root', group='root', mode=0644) http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py index 17d9f88..08a6be8 100644 --- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py +++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py @@ -74,7 +74,7 @@ kdc_conf_template = \ kadm5_acl_template = '*/admin@{{realm}} *' -def get_manged_kdc_use_case(): +def get_managed_kdc_use_case(): config_file = "stacks/2.2/configs/default.json" with open(config_file, "r") as f: json_data = json.load(f) @@ -88,7 +88,8 @@ def get_manged_kdc_use_case(): json_data['configurations']['krb5-conf'] = { 'realm': 'MANAGED_REALM.COM', 'admin_principal': "admin/admin", - 'admin_password': "hadoop" + 'admin_password': "hadoop", + 'content': krb5_conf_template } return json_data
