[ambari] branch trunk updated: AMBARI-22847. Let HBase use ZK principal name set by users when enabling Kerberos (until now it's been hardcoded to 'zookeeper')

[echekanskiy]

This is an automated email from the ASF dual-hosted git repository.

echekanskiy pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new c37068a  AMBARI-22847. Let HBase use ZK principal name set by users 
when enabling Kerberos (until now it's been hardcoded to 'zookeeper')
c37068a is described below

commit c37068ae4f700dc96900adf5b0e8bc36b8cd2fd3
Author: Sandor Molnar <smol...@hortonworks.com>
AuthorDate: Fri Jan 26 13:36:33 2018 +0100

    AMBARI-22847. Let HBase use ZK principal name set by users when enabling 
Kerberos (until now it's been hardcoded to 'zookeeper')
---
 .../common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml        | 2 +-
 .../common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py    | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
 
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
index b36ac00..ff9d6fa 100644
--- 
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
+++ 
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
@@ -230,7 +230,7 @@ JDK_DEPENDED_OPTS="-XX:PermSize=128m -XX:MaxPermSize=128m"
 {% endif %}
 
 {% if security_enabled %}
-export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC 
-XX:ErrorFile={{log_dir}}/hs_err_pid%p.log 
-Djava.security.auth.login.config={{client_jaas_config_file}} 
-Djava.io.tmpdir={{java_io_tmpdir}}"
+export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC 
-XX:ErrorFile={{log_dir}}/hs_err_pid%p.log 
-Djava.security.auth.login.config={{client_jaas_config_file}} 
-Djava.io.tmpdir={{java_io_tmpdir}} {{zk_security_opts}}"
 export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}} 
-Djava.security.auth.login.config={{master_jaas_config_file}} 
-Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
 export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS 
-Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 
-XX:ReservedCodeCacheSize=256m -Xms{{regionserver_heapsize}} 
-Xmx{{regionserver_heapsize}} 
-Djava.security.auth.login.config={{regionserver_jaas_config_file}} 
-Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
 export PHOENIX_QUERYSERVER_OPTS="$PHOENIX_QUERYSERVER_OPTS 
-Djava.security.auth.login.config={{queryserver_jaas_config_file}}"
diff --git 
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
 
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
index b7e2b89..d8b26fc 100644
--- 
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
+++ 
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
@@ -184,6 +184,9 @@ service_check_data = get_unique_id_and_date()
 user_group = config['configurations']['cluster-env']["user_group"]
 
 if security_enabled:
+  zk_principal_name = 
default("/configurations/zookeeper-env/zookeeper_principal_name", 
"zookeeper/_h...@example.com")
+  zk_principal_user = zk_principal_name.split('/')[0]
+  zk_security_opts = format('-Dzookeeper.sasl.client=true 
-Dzookeeper.sasl.client.username={zk_principal_user} 
-Dzookeeper.sasl.clientconfig=Client')
   _hostname_lowercase = config['hostname'].lower()
   master_jaas_princ = 
config['configurations']['hbase-site']['hbase.master.kerberos.principal'].replace('_HOST',_hostname_lowercase)
   master_keytab_path = 
config['configurations']['hbase-site']['hbase.master.keytab.file']

-- 
To stop receiving notification emails like this one, please contact
echekans...@apache.org.