AMBARI-21501. Make HSI's 'hive.llap.zk.sm.keytab' and 'hive.service.keytab' group readable.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f450eba5 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f450eba5 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f450eba5 Branch: refs/heads/branch-feature-AMBARI-12556 Commit: f450eba5c23c0d35ab9181d531d9e1ef84cbf3e8 Parents: 01d60f4 Author: Swapan Shridhar <[email protected]> Authored: Mon Jul 17 15:04:37 2017 -0700 Committer: Swapan Shridhar <[email protected]> Committed: Mon Jul 17 15:04:37 2017 -0700 ---------------------------------------------------------------------- .../stacks/HDP/2.6/services/HIVE/kerberos.json | 151 ------------------- .../stacks/HDP/2.6/services/YARN/kerberos.json | 2 +- 2 files changed, 1 insertion(+), 152 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f450eba5/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json deleted file mode 100644 index b6e57e1..0000000 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "services": [ - { - "name": "HIVE", - "identities": [ - { - "name": "/spnego" - }, - { - "name": "/smokeuser" - } - ], - "configurations": [ - { - "hive-site": { - "hive.metastore.sasl.enabled": "true", - "hive.server2.authentication": "KERBEROS" - } - }, - { - "ranger-hive-audit": { - "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", - "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", - "xasecure.audit.jaas.Client.option.useKeyTab": "true", - "xasecure.audit.jaas.Client.option.storeKey": "false", - "xasecure.audit.jaas.Client.option.serviceName": "solr", - "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" - } - } - ], - "components": [ - { - "name": "HIVE_METASTORE", - "identities": [ - { - "name": "/HIVE/HIVE_SERVER/hive_server_hive", - "principal": { - "configuration": "hive-site/hive.metastore.kerberos.principal" - }, - "keytab": { - "configuration": "hive-site/hive.metastore.kerberos.keytab.file" - } - } - ] - }, - { - "name": "HIVE_SERVER", - "identities": [ - { - "name": "/HDFS/NAMENODE/hdfs" - }, - { - "name": "hive_server_hive", - "principal": { - "value": "hive/_HOST@${realm}", - "type": "service", - "configuration": "hive-site/hive.server2.authentication.kerberos.principal", - "local_username": "${hive-env/hive_user}" - }, - "keytab": { - "file": "${keytab_dir}/hive.service.keytab", - "owner": { - "name": "${hive-env/hive_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hive-site/hive.server2.authentication.kerberos.keytab" - } - }, - { - "name": "atlas_kafka", - "reference": "/HIVE/HIVE_SERVER/hive_server_hive", - "principal": { - "configuration": "hive-atlas-application.properties/atlas.jaas.KafkaClient.option.principal" - }, - "keytab": { - "configuration": "hive-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hive-site/hive.server2.authentication.spnego.principal" - }, - "keytab": { - "configuration": "hive-site/hive.server2.authentication.spnego.keytab" - } - }, - { - "name": "ranger_audit", - "reference": "/HIVE/HIVE_SERVER/hive_server_hive", - "principal": { - "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.principal" - }, - "keytab": { - "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.keyTab" - } - } - ] - }, - { - "name": "HIVE_SERVER_INTERACTIVE", - "identities": [ - { - "name": "/HDFS/NAMENODE/hdfs" - }, - { - "name": "/HIVE/HIVE_SERVER/hive_server_hive" - }, - { - "name": "/HIVE/HIVE_SERVER/spnego" - }, - { - "name": "/YARN/NODEMANAGER/llap_zk_hive" - } - ] - }, - { - "name": "WEBHCAT_SERVER", - "identities": [ - { - "name": "/spnego", - "principal": { - "configuration": "webhcat-site/templeton.kerberos.principal" - }, - "keytab": { - "configuration": "webhcat-site/templeton.kerberos.keytab" - } - } - ], - "configurations": [ - { - "core-site": { - "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_host|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}" - } - }, - { - "webhcat-site": { - "templeton.kerberos.secret": "secret", - "templeton.hive.properties": "hive.metastore.local=false,hive.metastore.uris=${clusterHostInfo/hive_metastore_host|each(thrift://%s:9083, \\\\,, \\s*\\,\\s*)},hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,hive.metastore.warehouse.dir=/apps/hive/warehouse,hive.exec.mode.local.auto=false,hive.metastore.kerberos.principal=hive/_HOST@${realm}" - } - } - ] - } - ] - } - ] -} http://git-wip-us.apache.org/repos/asf/ambari/blob/f450eba5/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json index 60d50eb..b1501b8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json @@ -117,7 +117,7 @@ }, "group": { "name": "${cluster-env/user_group}", - "access": "" + "access": "r" }, "configuration": "hive-interactive-site/hive.llap.zk.sm.keytab.file" },
