[ambari] branch trunk updated: AMBARI-22824. Let YARN/MR2 use ZK principal name set by users when enabling Kerberos (until now it's been hardcoded to 'zookeeper')

Mon, 29 Jan 2018 03:46:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

echekanskiy pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 4a9e13c  AMBARI-22824. Let YARN/MR2 use ZK principal name set by users 
when enabling Kerberos (until now it's been hardcoded to 'zookeeper')
4a9e13c is described below

commit 4a9e13c7040761785c7d09e312f37cae590f2221
Author: smolnar82 <[email protected]>
AuthorDate: Mon Jan 29 12:46:05 2018 +0100

    AMBARI-22824. Let YARN/MR2 use ZK principal name set by users when enabling 
Kerberos (until now it's been hardcoded to 'zookeeper')
---
 .../common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml         | 4 ++++
 .../common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py    | 4 +++-
 .../common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py    | 4 +++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
index d663c49..52560ac 100644
--- 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
+++ 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
@@ -244,6 +244,10 @@ if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then
 fi
 YARN_OPTS="$YARN_OPTS -Dyarn.policy.file=$YARN_POLICYFILE"
 YARN_OPTS="$YARN_OPTS -Djava.io.tmpdir={{hadoop_java_io_tmpdir}}"
+
+{% if rm_security_opts is defined %}
+YARN_OPTS="{{rm_security_opts}} $YARN_OPTS"
+{% endif %}
     </value>
     <value-attributes>
       <type>content</type>
diff --git 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index 4a49822..eab6870 100644
--- 
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ 
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -347,7 +347,9 @@ if security_enabled:
   rm_kinit_cmd = format("{kinit_path_local} -kt {rm_keytab} 
{rm_principal_name};")
   yarn_jaas_file = os.path.join(config_dir, 'yarn_jaas.conf')
   if stack_supports_zk_security:
-    rm_security_opts = format('-Dzookeeper.sasl.client=true 
-Dzookeeper.sasl.client.username=zookeeper 
-Djava.security.auth.login.config={yarn_jaas_file} 
-Dzookeeper.sasl.clientconfig=Client')
+    zk_principal_name = 
default("/configurations/zookeeper-env/zookeeper_principal_name", 
"zookeeper/[email protected]")
+    zk_principal_user = zk_principal_name.split('/')[0]
+    rm_security_opts = format('-Dzookeeper.sasl.client=true 
-Dzookeeper.sasl.client.username={zk_principal_user} 
-Djava.security.auth.login.config={yarn_jaas_file} 
-Dzookeeper.sasl.clientconfig=Client')
 
   # YARN timeline security options
   if has_ats:
diff --git 
a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
 
b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
index 9afd112..7593708 100644
--- 
a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
+++ 
b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
@@ -345,7 +345,9 @@ if security_enabled:
   rm_keytab = 
config['configurations']['yarn-site']['yarn.resourcemanager.keytab']
   rm_kinit_cmd = format("{kinit_path_local} -kt {rm_keytab} 
{rm_principal_name};")
   yarn_jaas_file = os.path.join(config_dir, 'yarn_jaas.conf')
-  rm_security_opts = format('-Dzookeeper.sasl.client=true 
-Dzookeeper.sasl.client.username=zookeeper 
-Djava.security.auth.login.config={yarn_jaas_file} 
-Dzookeeper.sasl.clientconfig=Client')
+  zk_principal_name = 
default("/configurations/zookeeper-env/zookeeper_principal_name", 
"zookeeper/[email protected]")
+  zk_principal_user = zk_principal_name.split('/')[0]
+  rm_security_opts = format('-Dzookeeper.sasl.client=true 
-Dzookeeper.sasl.client.username={zk_principal_user} 
-Djava.security.auth.login.config={yarn_jaas_file} 
-Dzookeeper.sasl.clientconfig=Client')
 
   # YARN timeline security options
   if has_ats:

-- 
To stop receiving notification emails like this one, please contact
[email protected].

Reply via email to