This is an automated email from the ASF dual-hosted git repository. oleewere pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 147330c [AMBARI-22962] - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) (#385) 147330c is described below commit 147330c6c4cbe73fd3212150ad48282846fc83ee Author: kasakrisz <33458261+kasakr...@users.noreply.github.com> AuthorDate: Mon Feb 19 17:54:03 2018 +0100 [AMBARI-22962] - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) (#385) * AMBARI-22962 - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) * AMBARI-22962 - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) - addendum: move kerberos_descriptor.json content from constant to file * AMBARI-22962 - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) - fix: read kerberos_descriptor.json as resource stream * AMBARI-22962 - Ambari Upgrade: LogSearch + Ambari Infra (2.6 -> 2.7) - merge from trunk --- .../ambari/server/upgrade/UpgradeCatalog270.java | 166 +- .../AMBARI_INFRA/0.1.0/role_command_order.json | 7 - .../0.1.0/alerts.json | 2 +- .../configuration/infra-solr-client-log4j.xml | 0 .../0.1.0/configuration/infra-solr-env.xml | 0 .../0.1.0/configuration/infra-solr-log4j.xml | 0 .../configuration/infra-solr-security-json.xml | 0 .../0.1.0/configuration/infra-solr-xml.xml | 0 .../0.1.0/kerberos.json | 2 +- .../0.1.0/metainfo.xml | 4 +- .../0.1.0/package/scripts/infra_solr.py | 11 +- .../0.1.0/package/scripts/infra_solr_client.py | 2 + .../0.1.0/package/scripts/params.py | 4 +- .../0.1.0/package/scripts/service_check.py | 0 .../0.1.0/package/scripts/setup_infra_solr.py | 5 +- .../0.1.0/package/scripts/status_params.py | 2 +- .../package/templates/infra-solr-security.json.j2 | 0 .../package/templates/infra_solr_jaas.conf.j2 | 0 .../templates/input.config-ambari-infra.json.j2 | 0 .../0.1.0/properties/infra-solr-env.sh.j2 | 0 .../properties/solr-client-log4j.properties.j2 | 0 .../0.1.0/properties/solr-log4j.properties.j2 | 0 .../0.1.0/properties/solr.xml.j2 | 0 .../0.1.0/quicklinks/quicklinks.json | 0 .../0.1.0/role_command_order.json | 7 + .../0.1.0/service_advisor.py | 6 - .../0.1.0/themes/theme.json | 2 +- .../common-services/ATLAS/0.1.0.2.3/kerberos.json | 4 +- .../common-services/ATLAS/0.7.0.2.5/kerberos.json | 4 +- .../common-services/LOGSEARCH/0.5.0/kerberos.json | 4 +- .../common-services/RANGER/0.6.0/kerberos.json | 4 +- .../metainfo.xml | 4 +- .../stacks/HDP/2.6/services/ATLAS/kerberos.json | 2 +- .../server/upgrade/UpgradeCatalog270Test.java | 60 +- .../ambari/server/upgrade/kerberos_descriptor.json | 2653 ++++++++++++++++++++ 35 files changed, 2908 insertions(+), 47 deletions(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java index 046d929..7d40361 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java @@ -28,6 +28,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.stream.Collectors; import javax.persistence.EntityManager; @@ -44,12 +45,22 @@ import org.apache.ambari.server.controller.internal.AmbariServerConfigurationCat import org.apache.ambari.server.controller.internal.CalculatedStatus; import org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys; import org.apache.ambari.server.orm.DBAccessor; +import org.apache.ambari.server.orm.dao.AlertDefinitionDAO; +import org.apache.ambari.server.orm.dao.AlertDispatchDAO; +import org.apache.ambari.server.orm.dao.AlertsDAO; import org.apache.ambari.server.orm.dao.AmbariConfigurationDAO; +import org.apache.ambari.server.orm.dao.ArtifactDAO; import org.apache.ambari.server.orm.dao.DaoUtils; import org.apache.ambari.server.orm.dao.HostComponentStateDAO; import org.apache.ambari.server.orm.dao.RequestDAO; +import org.apache.ambari.server.orm.dao.ServiceConfigDAO; +import org.apache.ambari.server.orm.entities.AlertDefinitionEntity; +import org.apache.ambari.server.orm.entities.AlertGroupEntity; +import org.apache.ambari.server.orm.entities.AlertHistoryEntity; +import org.apache.ambari.server.orm.entities.ArtifactEntity; import org.apache.ambari.server.orm.entities.HostComponentStateEntity; import org.apache.ambari.server.orm.entities.RequestEntity; +import org.apache.ambari.server.orm.entities.ServiceConfigEntity; import org.apache.ambari.server.orm.entities.StageEntity; import org.apache.ambari.server.security.authorization.UserAuthenticationType; import org.apache.ambari.server.serveraction.kerberos.KerberosServerAction; @@ -60,7 +71,11 @@ import org.apache.ambari.server.state.Config; import org.apache.ambari.server.state.ConfigHelper; import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.ambari.server.state.State; +import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer; +import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor; import org.apache.ambari.server.state.kerberos.KerberosDescriptor; +import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory; +import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -73,7 +88,6 @@ import com.google.inject.Injector; public class UpgradeCatalog270 extends AbstractUpgradeCatalog { - public static final String HOST_ID_COLUMN = "host_id"; /** * Logger. */ @@ -161,6 +175,19 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog { protected static final String FK_KKP_SERVICE_PRINCIPAL = "FK_kkp_service_principal"; protected static final String KKP_ID_SEQ_NAME = "kkp_id_seq"; protected static final String KERBEROS_PRINCIPAL_HOST_TABLE = "kerberos_principal_host"; + protected static final String HOST_ID_COLUMN = "host_id"; + + protected static final String CLUSTER_ID_COLUMN = "cluster_id"; + public static final String[] COMPONENT_NAME_SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS = {COMPONENT_NAME_COLUMN, SERVICE_NAME_COLUMN, CLUSTER_ID_COLUMN}; + public static final String[] SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS = {SERVICE_NAME_COLUMN, CLUSTER_ID_COLUMN}; + protected static final String SERVICE_COMPONENT_DESIRED_STATE_TABLE = "servicecomponentdesiredstate"; + protected static final String CLUSTER_SERVICES_TABLE = "clusterservices"; + protected static final String SERVICE_COMPONENT_DESIRED_STATES_CLUSTER_SERVICES_FK = "srvccmponentdesiredstatesrvcnm"; + protected static final String SERVICE_DESIRED_STATE_CLUSTER_SERVICES_FK = "servicedesiredstateservicename"; + protected static final String COMPONENT_DESIRED_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK = "hstcmpnntdesiredstatecmpnntnme"; + protected static final String COMPONENT_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK = "hstcomponentstatecomponentname"; + public static final String AMBARI_INFRA_OLD_NAME = "AMBARI_INFRA"; + public static final String AMBARI_INFRA_NEW_NAME = "AMBARI_INFRA_SOLR"; @Inject DaoUtils daoUtils; @@ -656,6 +683,8 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog { upgradeLdapConfiguration(); createRoleAuthorizations(); addUserAuthenticationSequence(); + renameAmbariInfra(); + updateKerberosDescriptorArtifacts(); } protected void addUserAuthenticationSequence() throws SQLException { @@ -760,13 +789,11 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog { ConfigHelper configHelper = injector.getInstance(ConfigHelper.class); if (clusterMap != null && !clusterMap.isEmpty()) { for (final Cluster cluster : clusterMap.values()) { - Collection<Config> configs = cluster.getAllConfigs(); - for (Config config : configs) { - String configType = config.getType(); - if (configType.endsWith("-logsearch-conf")) { - configHelper.removeConfigsByType(cluster, configType); - } - } + cluster.getAllConfigs().stream() + .map(Config::getType) + .filter(configType -> configType.endsWith("-logsearch-conf")) + .collect(Collectors.toSet()) + .forEach(configType -> configHelper.removeConfigsByType(cluster, configType)); Config logSearchEnv = cluster.getDesiredConfigByType("logsearch-env"); @@ -866,6 +893,129 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog { } } + protected void renameAmbariInfra() throws SQLException { + LOG.info("Renaming service AMBARI_INFRA to AMBARI_INFRA_SOLR"); + dbAccessor.dropFKConstraint(SERVICE_COMPONENT_DESIRED_STATE_TABLE, SERVICE_COMPONENT_DESIRED_STATES_CLUSTER_SERVICES_FK); + dbAccessor.dropFKConstraint(SERVICE_DESIRED_STATE_TABLE, SERVICE_DESIRED_STATE_CLUSTER_SERVICES_FK); + dbAccessor.dropFKConstraint(COMPONENT_DESIRED_STATE_TABLE, COMPONENT_DESIRED_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK); + dbAccessor.dropFKConstraint(COMPONENT_STATE_TABLE, COMPONENT_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK); + try { + dbAccessor.updateTable(SERVICE_COMPONENT_DESIRED_STATE_TABLE, SERVICE_NAME_COLUMN, AMBARI_INFRA_NEW_NAME, String.format("WHERE %s = '%s'", SERVICE_NAME_COLUMN, AMBARI_INFRA_OLD_NAME)); + dbAccessor.updateTable(COMPONENT_DESIRED_STATE_TABLE, SERVICE_NAME_COLUMN, AMBARI_INFRA_NEW_NAME, String.format("WHERE %s = '%s'", SERVICE_NAME_COLUMN, AMBARI_INFRA_OLD_NAME)); + dbAccessor.updateTable(COMPONENT_STATE_TABLE, SERVICE_NAME_COLUMN, AMBARI_INFRA_NEW_NAME, String.format("WHERE %s = '%s'", SERVICE_NAME_COLUMN, AMBARI_INFRA_OLD_NAME)); + dbAccessor.updateTable(SERVICE_DESIRED_STATE_TABLE, SERVICE_NAME_COLUMN, AMBARI_INFRA_NEW_NAME, String.format("WHERE %s = '%s'", SERVICE_NAME_COLUMN, AMBARI_INFRA_OLD_NAME)); + dbAccessor.updateTable(CLUSTER_SERVICES_TABLE, SERVICE_NAME_COLUMN, AMBARI_INFRA_NEW_NAME, String.format("WHERE %s = '%s'", SERVICE_NAME_COLUMN, AMBARI_INFRA_OLD_NAME)); + } + finally { + dbAccessor.addFKConstraint(SERVICE_COMPONENT_DESIRED_STATE_TABLE, SERVICE_COMPONENT_DESIRED_STATES_CLUSTER_SERVICES_FK, + SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, CLUSTER_SERVICES_TABLE, SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, false); + dbAccessor.addFKConstraint(SERVICE_DESIRED_STATE_TABLE, SERVICE_DESIRED_STATE_CLUSTER_SERVICES_FK, + SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, CLUSTER_SERVICES_TABLE, SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, false); + dbAccessor.addFKConstraint(COMPONENT_DESIRED_STATE_TABLE, COMPONENT_DESIRED_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK, + COMPONENT_NAME_SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, SERVICE_COMPONENT_DESIRED_STATE_TABLE, COMPONENT_NAME_SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, false); + dbAccessor.addFKConstraint(COMPONENT_STATE_TABLE, COMPONENT_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK, + COMPONENT_NAME_SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, SERVICE_COMPONENT_DESIRED_STATE_TABLE, COMPONENT_NAME_SERVICE_NAME_CLUSTER_ID_KEY_COLUMNS, false); + } + + + AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class); + Clusters clusters = ambariManagementController.getClusters(); + if (clusters == null) + return; + + Map<String, Cluster> clusterMap = clusters.getClusters(); + if (MapUtils.isEmpty(clusterMap)) + return; + + ServiceConfigDAO serviceConfigDAO = injector.getInstance(ServiceConfigDAO.class); + for (ServiceConfigEntity serviceConfigEntity : serviceConfigDAO.findAll()) { + if (AMBARI_INFRA_OLD_NAME.equals(serviceConfigEntity.getServiceName())) { + serviceConfigEntity.setServiceName(AMBARI_INFRA_NEW_NAME); + serviceConfigDAO.merge(serviceConfigEntity); + } + } + + AlertDefinitionDAO alertDefinitionDAO = injector.getInstance(AlertDefinitionDAO.class); + for (final Cluster cluster : clusterMap.values()) { + for (AlertDefinitionEntity alertDefinitionEntity : alertDefinitionDAO.findByService(cluster.getClusterId(), AMBARI_INFRA_OLD_NAME)) { + alertDefinitionEntity.setServiceName(AMBARI_INFRA_NEW_NAME); + alertDefinitionDAO.merge(alertDefinitionEntity); + } + } + + AlertDispatchDAO alertDispatchDAO = injector.getInstance(AlertDispatchDAO.class); + for (AlertGroupEntity alertGroupEntity : alertDispatchDAO.findAllGroups()) { + if (AMBARI_INFRA_OLD_NAME.equals(alertGroupEntity.getServiceName())) { + alertGroupEntity.setServiceName(AMBARI_INFRA_NEW_NAME); + alertGroupEntity.setGroupName(AMBARI_INFRA_NEW_NAME); + alertDispatchDAO.merge(alertGroupEntity); + } + } + + AlertsDAO alertsDAO = injector.getInstance(AlertsDAO.class); + for (AlertHistoryEntity alertHistoryEntity : alertsDAO.findAll()) { + if (AMBARI_INFRA_OLD_NAME.equals(alertHistoryEntity.getServiceName())) { + alertHistoryEntity.setServiceName(AMBARI_INFRA_NEW_NAME); + alertsDAO.merge(alertHistoryEntity); + } + } + } + + @Override + protected void updateKerberosDescriptorArtifact(ArtifactDAO artifactDAO, ArtifactEntity artifactEntity) throws AmbariException { + if (artifactEntity == null) + return; + + Map<String, Object> data = artifactEntity.getArtifactData(); + if (data == null) + return; + + final KerberosDescriptor kerberosDescriptor = new KerberosDescriptorFactory().createInstance(data); + if (kerberosDescriptor == null) + return; + + Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices(); + KerberosServiceDescriptor ambariInfraService = services.get(AMBARI_INFRA_OLD_NAME); + if (ambariInfraService == null) + return; + + ambariInfraService.setName(AMBARI_INFRA_NEW_NAME); + services.remove(AMBARI_INFRA_OLD_NAME); + services.put(AMBARI_INFRA_NEW_NAME, ambariInfraService); + kerberosDescriptor.setServices(services); + + for (KerberosServiceDescriptor serviceDescriptor : kerberosDescriptor.getServices().values()) { + updateKerberosIdentities(serviceDescriptor); + for (KerberosComponentDescriptor componentDescriptor : serviceDescriptor.getComponents().values()) { + updateKerberosIdentities(componentDescriptor); + } + } + + artifactEntity.setArtifactData(kerberosDescriptor.toMap()); + artifactDAO.merge(artifactEntity); + } + + private void updateKerberosIdentities(AbstractKerberosDescriptorContainer descriptorContainer) { + if (descriptorContainer.getIdentities() == null) + return; + descriptorContainer.getIdentities().stream() + .filter(identityDescriptor -> identityDescriptor.getReference() != null && identityDescriptor.getReference().contains(AMBARI_INFRA_OLD_NAME)) + .forEach(identityDescriptor -> identityDescriptor.setReference(identityDescriptor.getReference().replace(AMBARI_INFRA_OLD_NAME, AMBARI_INFRA_NEW_NAME))); + descriptorContainer.getIdentities().stream() + .filter(identityDescriptor -> identityDescriptor.getWhen() != null).collect(Collectors.toList()) + .forEach(identityDescriptor -> { + Map<String, Object> whenMap = identityDescriptor.getWhen().toMap(); + if (whenMap.containsKey("contains")) { + List<String> serviceList = (List<String>) whenMap.get("contains"); + if (serviceList.contains(AMBARI_INFRA_OLD_NAME)) { + serviceList.remove(AMBARI_INFRA_OLD_NAME); + serviceList.add(AMBARI_INFRA_NEW_NAME); + identityDescriptor.setWhen(org.apache.ambari.server.collections.PredicateUtils.fromMap((Map<?, ?>) whenMap)); + } + } + }); + } + protected PrepareKerberosIdentitiesServerAction getPrepareIdentityServerAction() { return new PrepareKerberosIdentitiesServerAction(); } diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/role_command_order.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/role_command_order.json deleted file mode 100644 index 1bdc43e..0000000 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/role_command_order.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "general_deps" : { - "_comment" : "dependencies for AMBARI INFRA", - "INFRA_SOLR-START" : ["ZOOKEEPER_SERVER-START"], - "AMBARI_INFRA_SERVICE_CHECK-SERVICE_CHECK": ["INFRA_SOLR-START"] - } -} diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/alerts.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/alerts.json similarity index 97% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/alerts.json rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/alerts.json index cf85d9f..55c21b6 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/alerts.json +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/alerts.json @@ -1,5 +1,5 @@ { - "AMBARI_INFRA": { + "AMBARI_INFRA_SOLR": { "INFRA_SOLR": [ { "name": "infra_solr", diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-client-log4j.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-client-log4j.xml similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-client-log4j.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-client-log4j.xml diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-env.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-env.xml similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-env.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-env.xml diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-log4j.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-log4j.xml similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-log4j.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-log4j.xml diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-security-json.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-security-json.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-xml.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-xml.xml similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-xml.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-xml.xml diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/kerberos.json similarity index 97% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/kerberos.json index 46183ee..cebf479 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/kerberos.json @@ -1,7 +1,7 @@ { "services": [ { - "name": "AMBARI_INFRA", + "name": "AMBARI_INFRA_SOLR", "identities": [ { "name": "ambari_infra_smokeuser", diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/metainfo.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/metainfo.xml similarity index 98% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/metainfo.xml rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/metainfo.xml index e936d24..90206c1 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/metainfo.xml @@ -19,8 +19,8 @@ <schemaVersion>2.0</schemaVersion> <services> <service> - <name>AMBARI_INFRA</name> - <displayName>Ambari Infra</displayName> + <name>AMBARI_INFRA_SOLR</name> + <displayName>Infra Solr</displayName> <comment>Core shared service used by Ambari managed components.</comment> <version>0.1.0</version> <components> diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr.py similarity index 99% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr.py index c646b01..84f5645 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr.py @@ -17,16 +17,18 @@ limitations under the License. """ +import sys +from resource_management.core.logger import Logger from resource_management.core.resources.system import Execute, File from resource_management.core.resources.zkmigrator import ZkMigrator -from resource_management.core.logger import Logger -from resource_management.libraries.script.script import Script -from resource_management.libraries.functions.format import format from resource_management.libraries.functions.check_process_status import check_process_status +from resource_management.libraries.functions.format import format from resource_management.libraries.functions.get_user_call_output import get_user_call_output from resource_management.libraries.functions.show_logs import show_logs +from resource_management.libraries.script.script import Script + from setup_infra_solr import setup_infra_solr -import sys + class InfraSolr(Script): def install(self, env): @@ -78,7 +80,6 @@ class InfraSolr(Script): check_process_status(status_params.infra_solr_pidfile) def kill_process(self, pid_file, user, log_dir): - import params """ Kill the process by pid file, then check the process is running or not. If the process is still running after the kill command, it will try to kill with -9 option (hard kill) diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr_client.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr_client.py similarity index 98% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr_client.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr_client.py index 37ffcf4..3b72d8c 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/infra_solr_client.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/infra_solr_client.py @@ -19,8 +19,10 @@ limitations under the License. from resource_management.core.exceptions import ClientComponentHasNoStatus from resource_management.libraries.script.script import Script + from setup_infra_solr import setup_infra_solr + class InfraSolrClient(Script): def install(self, env): diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py similarity index 99% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py index 00254c0..b2a19fd 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py @@ -17,14 +17,16 @@ limitations under the License. """ +import os from ambari_commons.constants import AMBARI_SUDO_BINARY from resource_management.libraries.functions.default import default from resource_management.libraries.functions.format import format from resource_management.libraries.functions.is_empty import is_empty from resource_management.libraries.script.script import Script -import os + import status_params + def get_port_from_url(address): if not is_empty(address): return address.split(':')[-1] diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/service_check.py similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/service_check.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/service_check.py diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py similarity index 99% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py index 18cda51..83a578c 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py @@ -18,11 +18,12 @@ limitations under the License. """ from resource_management.core.exceptions import Fail -from resource_management.core.source import InlineTemplate, Template from resource_management.core.resources.system import Directory, File +from resource_management.core.source import InlineTemplate, Template +from resource_management.libraries.functions import solr_cloud_util from resource_management.libraries.functions.decorator import retry from resource_management.libraries.functions.format import format -from resource_management.libraries.functions import solr_cloud_util + def setup_infra_solr(name = None): import params diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/status_params.py similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/status_params.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/status_params.py index f91a114..3c1ed37 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/status_params.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/status_params.py @@ -19,11 +19,11 @@ limitations under the License. """ +from os import listdir, path from resource_management.libraries.functions import get_kinit_path from resource_management.libraries.functions.default import default from resource_management.libraries.functions.format import format from resource_management.libraries.script.script import Script -from os import listdir, path config = Script.get_config() diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/infra-solr-security.json.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/infra-solr-security.json.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra_solr_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/infra_solr_jaas.conf.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra_solr_jaas.conf.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/infra_solr_jaas.conf.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/input.config-ambari-infra.json.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/input.config-ambari-infra.json.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/input.config-ambari-infra.json.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/templates/input.config-ambari-infra.json.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/infra-solr-env.sh.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/infra-solr-env.sh.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr-client-log4j.properties.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr-client-log4j.properties.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr-client-log4j.properties.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr-client-log4j.properties.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr-log4j.properties.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr-log4j.properties.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr-log4j.properties.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr-log4j.properties.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr.xml.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr.xml.j2 similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/solr.xml.j2 rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/properties/solr.xml.j2 diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/quicklinks/quicklinks.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/quicklinks/quicklinks.json similarity index 100% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/quicklinks/quicklinks.json rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/quicklinks/quicklinks.json diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/role_command_order.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/role_command_order.json new file mode 100644 index 0000000..1612edf --- /dev/null +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/role_command_order.json @@ -0,0 +1,7 @@ +{ + "general_deps" : { + "_comment" : "dependencies for AMBARI INFRA_SOLR", + "INFRA_SOLR-START" : ["ZOOKEEPER_SERVER-START"], + "AMBARI_INFRA_SOLR_SERVICE_CHECK-SERVICE_CHECK": ["INFRA_SOLR-START"] + } +} diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/service_advisor.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/service_advisor.py similarity index 97% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/service_advisor.py rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/service_advisor.py index 9b6aace..139d0fb 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/service_advisor.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/service_advisor.py @@ -21,12 +21,6 @@ limitations under the License. import imp import os import traceback -import re -import socket -import fnmatch - - -from resource_management.core.logger import Logger SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/') diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/themes/theme.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/themes/theme.json similarity index 97% rename from ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/themes/theme.json rename to ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/themes/theme.json index 3d16f9a..fb59aa1 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/themes/theme.json +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/themes/theme.json @@ -1,6 +1,6 @@ { "name": "default", - "description": "Default theme for AMBARI_INFRA service", + "description": "Default theme for AMBARI_INFRA_SOLR service", "configuration": { "layouts": [ { diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json index 3246a83..801228f 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json @@ -52,9 +52,9 @@ }, { "name": "atlas_atlas_server_infra-solr", - "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "reference": "/AMBARI_INFRA_SOLR/INFRA_SOLR/infra-solr", "when" : { - "contains" : ["services", "AMBARI_INFRA"] + "contains" : ["services", "AMBARI_INFRA_SOLR"] } } ] diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json index 22dba86..8d59789 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json @@ -92,9 +92,9 @@ }, { "name": "atlas_atlas_server_infra-solr", - "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "reference": "/AMBARI_INFRA_SOLR/INFRA_SOLR/infra-solr", "when" : { - "contains" : ["services", "AMBARI_INFRA"] + "contains" : ["services", "AMBARI_INFRA_SOLR"] } } ] diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json index e4be47f..3a2f299 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json @@ -34,9 +34,9 @@ }, { "name": "logsearch_logsearch_server_infra-solr", - "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "reference": "/AMBARI_INFRA_SOLR/INFRA_SOLR/infra-solr", "when" : { - "contains" : ["services", "AMBARI_INFRA"] + "contains" : ["services", "AMBARI_INFRA_SOLR"] } } ] diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json index 9d86bb4..1ab6381 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json @@ -79,9 +79,9 @@ }, { "name": "ranger_ranger_admin_infra-solr", - "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "reference": "/AMBARI_INFRA_SOLR/INFRA_SOLR/infra-solr", "when" : { - "contains" : ["services", "AMBARI_INFRA"] + "contains" : ["services", "AMBARI_INFRA_SOLR"] } } ] diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA_SOLR/metainfo.xml similarity index 90% rename from ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA/metainfo.xml rename to ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA_SOLR/metainfo.xml index 635d525..fea5e38 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/AMBARI_INFRA_SOLR/metainfo.xml @@ -19,8 +19,8 @@ <schemaVersion>2.0</schemaVersion> <services> <service> - <name>AMBARI_INFRA</name> - <extends>common-services/AMBARI_INFRA/0.1.0</extends> + <name>AMBARI_INFRA_SOLR</name> + <extends>common-services/AMBARI_INFRA_SOLR/0.1.0</extends> </service> </services> </metainfo> diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/kerberos.json index 6600534..375430c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/kerberos.json @@ -93,7 +93,7 @@ }, { "name": "atlas_atlas_server_infra-solr", - "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr" + "reference": "/AMBARI_INFRA_SOLR/INFRA_SOLR/infra-solr" } ] } diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java index c249cca..d9ba8d5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java @@ -26,6 +26,8 @@ import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_CONFIGUR import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_CONFIGURATION_PROPERTY_NAME_COLUMN; import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_CONFIGURATION_PROPERTY_VALUE_COLUMN; import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_CONFIGURATION_TABLE; +import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_INFRA_NEW_NAME; +import static org.apache.ambari.server.upgrade.UpgradeCatalog270.AMBARI_INFRA_OLD_NAME; import static org.apache.ambari.server.upgrade.UpgradeCatalog270.COMPONENT_DESIRED_STATE_TABLE; import static org.apache.ambari.server.upgrade.UpgradeCatalog270.COMPONENT_NAME_COLUMN; import static org.apache.ambari.server.upgrade.UpgradeCatalog270.COMPONENT_STATE_TABLE; @@ -95,6 +97,8 @@ import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.reset; import static org.easymock.EasyMock.startsWith; import static org.easymock.EasyMock.verify; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import java.io.File; @@ -149,6 +153,8 @@ import org.apache.ambari.server.metadata.CachedRoleCommandOrderProvider; import org.apache.ambari.server.metadata.RoleCommandOrderProvider; import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.AmbariConfigurationDAO; +import org.apache.ambari.server.orm.dao.ArtifactDAO; +import org.apache.ambari.server.orm.entities.ArtifactEntity; import org.apache.ambari.server.scheduler.ExecutionScheduler; import org.apache.ambari.server.security.SecurityHelper; import org.apache.ambari.server.security.encryption.CredentialStoreService; @@ -175,6 +181,7 @@ import org.apache.ambari.server.state.stack.OsFamily; import org.apache.ambari.server.testutils.PartialNiceMockBinder; import org.apache.ambari.server.topology.PersistedState; import org.apache.ambari.server.topology.PersistedStateImpl; +import org.apache.commons.io.IOUtils; import org.easymock.Capture; import org.easymock.CaptureType; import org.easymock.EasyMock; @@ -205,6 +212,7 @@ import com.google.inject.persist.UnitOfWork; @RunWith(EasyMockRunner.class) public class UpgradeCatalog270Test { + public static final Gson GSON = new Gson(); @Rule public ExpectedException expectedException = ExpectedException.none(); @@ -238,6 +246,12 @@ public class UpgradeCatalog270Test { @Mock(type = MockType.NICE) AmbariConfigurationDAO ambariConfigurationDao; + @Mock(type = MockType.NICE) + ArtifactDAO artifactDAO; + + @Mock(type = MockType.NICE) + private AmbariManagementController ambariManagementController; + @Before public void init() { reset(entityManagerProvider, injector); @@ -265,7 +279,8 @@ public class UpgradeCatalog270Test { Method upgradeLdapConfiguration = UpgradeCatalog270.class.getDeclaredMethod("upgradeLdapConfiguration"); Method createRoleAuthorizations = UpgradeCatalog270.class.getDeclaredMethod("createRoleAuthorizations"); Method addUserAuthenticationSequence = UpgradeCatalog270.class.getDeclaredMethod("addUserAuthenticationSequence"); - + Method renameAmbariInfra = UpgradeCatalog270.class.getDeclaredMethod("renameAmbariInfra"); + Method updateKerberosDescriptorArtifacts = UpgradeCatalog270.class.getSuperclass().getDeclaredMethod("updateKerberosDescriptorArtifacts"); UpgradeCatalog270 upgradeCatalog270 = createMockBuilder(UpgradeCatalog270.class) .addMockedMethod(showHcatDeletedUserMessage) .addMockedMethod(addNewConfigurationsFromXml) @@ -276,6 +291,8 @@ public class UpgradeCatalog270Test { .addMockedMethod(upgradeLdapConfiguration) .addMockedMethod(createRoleAuthorizations) .addMockedMethod(addUserAuthenticationSequence) + .addMockedMethod(renameAmbariInfra) + .addMockedMethod(updateKerberosDescriptorArtifacts) .createMock(); @@ -304,6 +321,12 @@ public class UpgradeCatalog270Test { upgradeCatalog270.addUserAuthenticationSequence(); expectLastCall().once(); + upgradeCatalog270.renameAmbariInfra(); + expectLastCall().once(); + + upgradeCatalog270.updateKerberosDescriptorArtifacts(); + expectLastCall().once(); + replay(upgradeCatalog270); upgradeCatalog270.executeDMLUpdates(); @@ -503,6 +526,8 @@ public class UpgradeCatalog270Test { install(new FactoryModuleBuilder().build(UpgradeContextFactory.class)); install(new FactoryModuleBuilder().implement( Service.class, ServiceImpl.class).build(ServiceFactory.class)); +// binder.bind(Configuration.class).toInstance(configuration); +// binder.bind(AmbariManagementController.class).toInstance(ambariManagementController); } }; return module; @@ -1009,4 +1034,37 @@ public class UpgradeCatalog270Test { expectedException.expectMessage("Expectation failure on verify"); verify(entityManager, ambariConfigurationDao); } + + @Test + public void testupdateKerberosDescriptorArtifact() throws Exception { + String kerberosDescriptorJson = IOUtils.toString(getClass().getClassLoader().getResourceAsStream("org/apache/ambari/server/upgrade/kerberos_descriptor.json"), "UTF-8"); + + ArtifactEntity artifactEntity = new ArtifactEntity(); + artifactEntity.setArtifactName("kerberos_descriptor"); + artifactEntity.setArtifactData(GSON.<Map<String, Object>>fromJson(kerberosDescriptorJson, Map.class)); + + UpgradeCatalog270 upgradeCatalog270 = createMockBuilder(UpgradeCatalog270.class) + .createMock(); + + expect(artifactDAO.merge(artifactEntity)).andReturn(artifactEntity); + + replay(upgradeCatalog270); + + upgradeCatalog270.updateKerberosDescriptorArtifact(artifactDAO, artifactEntity); + + int oldCount = substringCount(kerberosDescriptorJson, AMBARI_INFRA_OLD_NAME); + int newCount = substringCount(GSON.toJson(artifactEntity.getArtifactData()), AMBARI_INFRA_NEW_NAME); + assertThat(newCount, is(oldCount)); + + verify(upgradeCatalog270); + } + + private int substringCount(String source, String substring) { + int count = 0; + int i = -1; + while ((i = source.indexOf(substring, i + 1)) != -1) { + ++count; + } + return count; + } } diff --git a/ambari-server/src/test/resources/org/apache/ambari/server/upgrade/kerberos_descriptor.json b/ambari-server/src/test/resources/org/apache/ambari/server/upgrade/kerberos_descriptor.json new file mode 100644 index 0000000..6426761 --- /dev/null +++ b/ambari-server/src/test/resources/org/apache/ambari/server/upgrade/kerberos_descriptor.json @@ -0,0 +1,2653 @@ +{ + "identities":[ + { + "keytab":{ + "configuration":"cluster-env/smokeuser_keytab", + "file":"${keytab_dir}/smokeuser.headless.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${cluster-env/smokeuser}" + } + }, + "name":"smokeuser", + "principal":{ + "configuration":"cluster-env/smokeuser_principal_name", + "local_username":"${cluster-env/smokeuser}", + "type":"user", + "value":"${cluster-env/smokeuser}${principal_suffix}@${realm}" + } + }, + { + "keytab":{ + "file":"${keytab_dir}/spnego.service.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"root" + } + }, + "name":"spnego", + "principal":{ + "type":"service", + "value":"HTTP/_HOST@${realm}" + } + } + ], + "properties":{ + "additional_realms":"", + "keytab_dir":"/etc/security/keytabs", + "principal_suffix":"-${cluster_name|toLower()}", + "realm":"EXAMPLE.COM" + }, + "services":[ + { + "components":[ + { + "name":"ACCUMULO_CLIENT" + }, + { + "name":"ACCUMULO_GC" + }, + { + "identities":[ + { + "name":"accumulo_accumulo_master_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"ACCUMULO_MASTER" + }, + { + "name":"ACCUMULO_MONITOR" + }, + { + "name":"ACCUMULO_TRACER" + }, + { + "name":"ACCUMULO_TSERVER" + } + ], + "configurations":[ + { + "accumulo-site":{ + "general.delegation.token.lifetime":"7d", + "general.delegation.token.update.interval":"1d", + "instance.rpc.sasl.enabled":"true", + "instance.security.authenticator":"org.apache.accumulo.server.security.handler.KerberosAuthenticator", + "instance.security.authorizor":"org.apache.accumulo.server.security.handler.KerberosAuthorizor", + "instance.security.permissionHandler":"org.apache.accumulo.server.security.handler.KerberosPermissionHandler", + "trace.token.type":"org.apache.accumulo.core.client.security.tokens.KerberosToken" + } + }, + { + "client":{ + "kerberos.server.primary":"{{bare_accumulo_principal}}" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"accumulo-env/accumulo_user_keytab", + "file":"${keytab_dir}/accumulo.headless.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${accumulo-env/accumulo_user}" + } + }, + "name":"accumulo", + "principal":{ + "configuration":"accumulo-env/accumulo_principal_name", + "local_username":"${accumulo-env/accumulo_user}", + "type":"user", + "value":"${accumulo-env/accumulo_user}${principal_suffix}@${realm}" + } + }, + { + "keytab":{ + "configuration":"accumulo-site/general.kerberos.keytab", + "file":"${keytab_dir}/accumulo.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${accumulo-env/accumulo_user}" + } + }, + "name":"accumulo_service", + "principal":{ + "configuration":"accumulo-site/general.kerberos.principal", + "local_username":"${accumulo-env/accumulo_user}", + "type":"service", + "value":"${accumulo-env/accumulo_user}/_HOST@${realm}" + } + }, + { + "name":"accumulo_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"accumulo-site/trace.token.property.keytab", + "file":"${keytab_dir}/accumulo-tracer.headless.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${accumulo-env/accumulo_user}" + } + }, + "name":"accumulo_tracer", + "principal":{ + "configuration":"accumulo-site/trace.user", + "local_username":"${accumulo-env/accumulo_user}", + "type":"user", + "value":"tracer${principal_suffix}@${realm}" + } + } + ], + "name":"ACCUMULO" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "file":"${keytab_dir}/ambari.server.keytab", + "group":{ + + }, + "owner":{ + "access":"r" + } + }, + "name":"ambari-server", + "principal":{ + "configuration":"cluster-env/ambari_principal_name", + "type":"user", + "value":"ambari-server${principal_suffix}@${realm}" + } + }, + { + "name":"ambari-server_spnego", + "reference":"/spnego" + } + ], + "name":"AMBARI_SERVER" + } + ], + "name":"AMBARI" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"infra-solr-env/infra_solr_kerberos_keytab", + "file":"${keytab_dir}/ambari-infra-solr.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${infra-solr-env/infra_solr_user}" + } + }, + "name":"infra-solr", + "principal":{ + "configuration":"infra-solr-env/infra_solr_kerberos_principal", + "type":"service", + "value":"infra-solr/_HOST@${realm}" + } + } + ], + "name":"INFRA_SOLR" + }, + { + "name":"INFRA_SOLR_CLIENT" + } + ], + "identities":[ + { + "name":"ambari_infra_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"infra-solr-env/infra_solr_web_kerberos_keytab" + }, + "name":"ambari_infra_spnego", + "principal":{ + "configuration":"infra-solr-env/infra_solr_web_kerberos_principal" + }, + "reference":"/spnego" + } + ], + "name":"AMBARI_INFRA" + }, + { + "components":[ + { + "configurations":[ + { + "ams-hbase-security-site":{ + "hadoop.security.authentication":"kerberos", + "hbase.coprocessor.master.classes":"org.apache.hadoop.hbase.security.access.AccessController", + "hbase.coprocessor.region.classes":"org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController", + "hbase.security.authentication":"kerberos", + "hbase.security.authorization":"true", + "hbase.zookeeper.property.authProvider.1":"org.apache.zookeeper.server.auth.SASLAuthenticationProvider", + "hbase.zookeeper.property.jaasLoginRenew":"3600000", + "hbase.zookeeper.property.kerberos.removeHostFromPrincipal":"true", + "hbase.zookeeper.property.kerberos.removeRealmFromPrincipal":"true" + } + }, + { + "ams-hbase-site":{ + "zookeeper.znode.parent":"/ams-hbase-secure" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"ams-hbase-security-site/hbase.myclient.keytab", + "file":"${keytab_dir}/ams.collector.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${ams-env/ambari_metrics_user}" + } + }, + "name":"ams_collector", + "principal":{ + "configuration":"ams-hbase-security-site/hbase.myclient.principal", + "local_username":"${ams-env/ambari_metrics_user}", + "type":"service", + "value":"amshbase/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ams-hbase-security-site/hbase.master.keytab.file", + "file":"${keytab_dir}/ams-hbase.master.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${ams-env/ambari_metrics_user}" + } + }, + "name":"ams_hbase_master_hbase", + "principal":{ + "configuration":"ams-hbase-security-site/hbase.master.kerberos.principal", + "local_username":"${ams-env/ambari_metrics_user}", + "type":"service", + "value":"amshbase/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ams-hbase-security-site/hbase.regionserver.keytab.file", + "file":"${keytab_dir}/ams-hbase.regionserver.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${ams-env/ambari_metrics_user}" + } + }, + "name":"ams_hbase_regionserver_hbase", + "principal":{ + "configuration":"ams-hbase-security-site/hbase.regionserver.kerberos.principal", + "local_username":"${ams-env/ambari_metrics_user}", + "type":"service", + "value":"amshbase/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ams-hbase-security-site/ams.zookeeper.keytab", + "file":"${keytab_dir}/ams-zk.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${ams-env/ambari_metrics_user}" + } + }, + "name":"ams_zookeeper", + "principal":{ + "configuration":"ams-hbase-security-site/ams.zookeeper.principal", + "local_username":"${ams-env/ambari_metrics_user}", + "type":"service", + "value":"amszk/_HOST@${realm}" + } + } + ], + "name":"METRICS_COLLECTOR" + } + ], + "identities":[ + { + "name":"ambari_metrics_spnego", + "reference":"/spnego" + } + ], + "name":"AMBARI_METRICS" + }, + { + "auth_to_local_properties":[ + "application-properties/atlas.authentication.method.kerberos.name.rules|new_lines_escaped" + ], + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"application-properties/atlas.jaas.KafkaClient.option.keyTab", + "file":"${keytab_dir}/atlas.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${atlas-env/metadata_user}" + } + }, + "name":"atlas", + "principal":{ + "configuration":"application-properties/atlas.jaas.KafkaClient.option.principal", + "local_username":"${atlas-env/metadata_user}", + "type":"service", + "value":"atlas/_HOST@${realm}" + } + }, + { + "name":"atlas_atlas_server_infra-solr", + "reference":"/AMBARI_INFRA/INFRA_SOLR/infra-solr" + }, + { + "name":"atlas_atlas_server_kafka_broker", + "reference":"/KAFKA/KAFKA_BROKER/kafka_broker" + }, + { + "keytab":{ + "configuration":"application-properties/atlas.authentication.method.kerberos.keytab" + }, + "name":"atlas_atlas_server_spnego", + "principal":{ + "configuration":"application-properties/atlas.authentication.method.kerberos.principal", + "value":"HTTP/_HOST@${realm}" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"application-properties/atlas.authentication.keytab" + }, + "name":"atlas_auth", + "principal":{ + "configuration":"application-properties/atlas.authentication.principal" + }, + "reference":"/ATLAS/ATLAS_SERVER/atlas" + }, + { + "keytab":{ + "configuration":"ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"ranger_atlas_audit", + "principal":{ + "configuration":"ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/ATLAS/ATLAS_SERVER/atlas" + } + ], + "name":"ATLAS_SERVER" + } + ], + "configurations":[ + { + "application-properties":{ + "atlas.authentication.method.kerberos":"true", + "atlas.jaas.KafkaClient.loginModuleControlFlag":"required", + "atlas.jaas.KafkaClient.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "atlas.jaas.KafkaClient.option.serviceName":"${kafka-env/kafka_user}", + "atlas.jaas.KafkaClient.option.storeKey":"true", + "atlas.jaas.KafkaClient.option.useKeyTab":"true", + "atlas.kafka.sasl.kerberos.service.name":"${kafka-env/kafka_user}", + "atlas.kafka.security.protocol":"PLAINTEXTSASL", + "atlas.server.ha.zookeeper.acl":"auth:", + "atlas.solr.kerberos.enable":"true" + } + }, + { + "ranger-atlas-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "name":"ATLAS" + }, + { + "auth_to_local_properties":[ + "druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped" + ], + "components":[ + { + "name":"DRUID_BROKER" + }, + { + "name":"DRUID_COORDINATOR" + }, + { + "name":"DRUID_HISTORICAL" + }, + { + "name":"DRUID_MIDDLEMANAGER" + }, + { + "name":"DRUID_OVERLORD" + }, + { + "name":"DRUID_ROUTER" + } + ], + "configurations":[ + { + "druid-common":{ + "druid.hadoop.security.spnego.excludedPaths":"[\"/status\"]", + "druid.security.extensions.loadList":"[\"druid-kerberos\"]" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"druid-common/druid.hadoop.security.kerberos.keytab", + "file":"${keytab_dir}/druid.headless.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${druid-env/druid_user}" + } + }, + "name":"druid", + "principal":{ + "configuration":"druid-common/druid.hadoop.security.kerberos.principal", + "local_username":"${druid-env/druid_user}", + "type":"user", + "value":"${druid-env/druid_user}${principal_suffix}@${realm}" + } + }, + { + "name":"druid_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"druid-common/druid.hadoop.security.spnego.keytab" + }, + "name":"druid_spnego", + "principal":{ + "configuration":"druid-common/druid.hadoop.security.spnego.principal" + }, + "reference":"/spnego" + } + ], + "name":"DRUID" + }, + { + "auth_to_local_properties":[ + "falcon-startup.properties/*.falcon.http.authentication.kerberos.name.rules|new_lines_escaped" + ], + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"falcon-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab" + }, + "name":"falcon_falcon_server_falcon_server", + "principal":{ + "configuration":"falcon-atlas-application.properties/atlas.jaas.KafkaClient.option.principal" + }, + "reference":"/FALCON/FALCON_SERVER/falcon_server" + }, + { + "keytab":{ + "configuration":"falcon-startup.properties/*.falcon.http.authentication.kerberos.keytab" + }, + "name":"falcon_falcon_server_falcon_spnego", + "principal":{ + "configuration":"falcon-startup.properties/*.falcon.http.authentication.kerberos.principal", + "value":"HTTP/_HOST@${realm}" + }, + "reference":"/spnego" + }, + { + "name":"falcon_falcon_server_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab", + "file":"${keytab_dir}/falcon.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${falcon-env/falcon_user}" + } + }, + "name":"falcon_server", + "principal":{ + "configuration":"falcon-startup.properties/*.falcon.service.authentication.kerberos.principal", + "local_username":"${falcon-env/falcon_user}", + "type":"service", + "value":"falcon/_HOST@${realm}" + } + } + ], + "name":"FALCON_SERVER" + } + ], + "configurations":[ + { + "falcon-startup.properties":{ + "*.dfs.namenode.kerberos.principal":"nn/_HOST@${realm}", + "*.falcon.authentication.type":"kerberos", + "*.falcon.http.authentication.type":"kerberos" + } + } + ], + "identities":[ + { + "name":"falcon_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"falcon_spnego", + "reference":"/spnego" + } + ], + "name":"FALCON" + }, + { + "components":[ + { + "identities":[ + { + "name":"hbase_hbase_master_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + }, + "name":"hbase_hbase_master_spnego", + "principal":{ + "configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hbase-site/hbase.master.keytab.file", + "file":"${keytab_dir}/hbase.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hbase-env/hbase_user}" + } + }, + "name":"hbase_master_hbase", + "principal":{ + "configuration":"hbase-site/hbase.master.kerberos.principal", + "local_username":"${hbase-env/hbase_user}", + "type":"service", + "value":"hbase/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"ranger_hbase_audit", + "principal":{ + "configuration":"ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/HBASE/HBASE_MASTER/hbase_master_hbase" + } + ], + "name":"HBASE_MASTER" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + }, + "name":"hbase_hbase_regionserver_spnego", + "principal":{ + "configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hbase-site/hbase.regionserver.keytab.file", + "file":"${keytab_dir}/hbase.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hbase-env/hbase_user}" + } + }, + "name":"hbase_regionserver_hbase", + "principal":{ + "configuration":"hbase-site/hbase.regionserver.kerberos.principal", + "local_username":"${hbase-env/hbase_user}", + "type":"service", + "value":"hbase/_HOST@${realm}" + } + } + ], + "name":"HBASE_REGIONSERVER" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"hbase-site/phoenix.queryserver.keytab.file" + }, + "name":"phoenix_spnego", + "principal":{ + "configuration":"hbase-site/phoenix.queryserver.kerberos.principal" + }, + "reference":"/spnego" + } + ], + "name":"PHOENIX_QUERY_SERVER" + } + ], + "configurations":[ + { + "hbase-site":{ + "hbase.bulkload.staging.dir":"/apps/hbase/staging", + "hbase.coprocessor.master.classes":"{{hbase_coprocessor_master_classes}}", + "hbase.coprocessor.region.classes":"{{hbase_coprocessor_region_classes}}", + "hbase.coprocessor.regionserver.classes":"{{hbase_coprocessor_regionserver_classes}}", + "hbase.master.ui.readonly":"true", + "hbase.security.authentication":"kerberos", + "hbase.security.authorization":"true", + "zookeeper.znode.parent":"/hbase-secure" + } + }, + { + "ranger-hbase-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"hbase-env/hbase_user_keytab", + "file":"${keytab_dir}/hbase.headless.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hbase-env/hbase_user}" + } + }, + "name":"hbase", + "principal":{ + "configuration":"hbase-env/hbase_principal_name", + "local_username":"${hbase-env/hbase_user}", + "type":"user", + "value":"${hbase-env/hbase_user}${principal_suffix}@${realm}" + } + }, + { + "name":"hbase_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"hbase_spnego", + "reference":"/spnego" + } + ], + "name":"HBASE" + }, + { + "auth_to_local_properties":[ + "core-site/hadoop.security.auth_to_local" + ], + "components":[ + { + "configurations":[ + { + "hdfs-site":{ + "dfs.datanode.address":"0.0.0.0:1019", + "dfs.datanode.http.address":"0.0.0.0:1022" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"hdfs-site/dfs.datanode.keytab.file", + "file":"${keytab_dir}/dn.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"datanode_dn", + "principal":{ + "configuration":"hdfs-site/dfs.datanode.kerberos.principal", + "local_username":"${hadoop-env/hdfs_user}", + "type":"service", + "value":"dn/_HOST@${realm}" + } + } + ], + "name":"DATANODE" + }, + { + "identities":[ + { + "name":"hdfs_hdfs_client_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"HDFS_CLIENT" + }, + { + "identities":[ + { + "name":"hdfs_journalnode_spnego", + "principal":{ + "configuration":"hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hdfs-site/dfs.journalnode.keytab.file", + "file":"${keytab_dir}/jn.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"journalnode_jn", + "principal":{ + "configuration":"hdfs-site/dfs.journalnode.kerberos.principal", + "local_username":"${hadoop-env/hdfs_user}", + "type":"service", + "value":"jn/_HOST@${realm}" + } + } + ], + "name":"JOURNALNODE" + }, + { + "configurations":[ + { + "hdfs-site":{ + "dfs.block.access.token.enable":"true" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"hadoop-env/hdfs_user_keytab", + "file":"${keytab_dir}/hdfs.headless.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"hdfs", + "principal":{ + "configuration":"hadoop-env/hdfs_principal_name", + "local_username":"${hadoop-env/hdfs_user}", + "type":"user", + "value":"${hadoop-env/hdfs_user}${principal_suffix}@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"hdfs_namenode_namenode_nn", + "principal":{ + "configuration":"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/HDFS/NAMENODE/namenode_nn" + }, + { + "name":"hdfs_namenode_spnego", + "principal":{ + "configuration":"hdfs-site/dfs.namenode.kerberos.internal.spnego.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hdfs-site/dfs.namenode.keytab.file", + "file":"${keytab_dir}/nn.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"namenode_nn", + "principal":{ + "configuration":"hdfs-site/dfs.namenode.kerberos.principal", + "local_username":"${hadoop-env/hdfs_user}", + "type":"service", + "value":"nn/_HOST@${realm}" + } + } + ], + "name":"NAMENODE" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"hdfs-site/nfs.keytab.file", + "file":"${keytab_dir}/nfs.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"nfsgateway", + "principal":{ + "configuration":"hdfs-site/nfs.kerberos.principal", + "local_username":"${hadoop-env/hdfs_user}", + "type":"service", + "value":"nfs/_HOST@${realm}" + } + } + ], + "name":"NFS_GATEWAY" + }, + { + "identities":[ + { + "name":"hdfs_secondary_namenode_spnego", + "principal":{ + "configuration":"hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hdfs-site/dfs.secondary.namenode.keytab.file", + "file":"${keytab_dir}/nn.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hadoop-env/hdfs_user}" + } + }, + "name":"secondary_namenode_nn", + "principal":{ + "configuration":"hdfs-site/dfs.secondary.namenode.kerberos.principal", + "local_username":"${hadoop-env/hdfs_user}", + "type":"service", + "value":"nn/_HOST@${realm}" + } + } + ], + "name":"SECONDARY_NAMENODE" + } + ], + "configurations":[ + { + "core-site":{ + "ha.zookeeper.acl":"sasl:nn:rwcda", + "hadoop.proxyuser.HTTP.groups":"${hadoop-env/proxyuser_group}", + "hadoop.security.authentication":"kerberos", + "hadoop.security.authorization":"true" + } + }, + { + "ranger-hdfs-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "name":"hdfs_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"hdfs-site/dfs.web.authentication.kerberos.keytab" + }, + "name":"hdfs_spnego", + "principal":{ + "configuration":"hdfs-site/dfs.web.authentication.kerberos.principal" + }, + "reference":"/spnego" + } + ], + "name":"HDFS" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"hive-site/hive.metastore.kerberos.keytab.file" + }, + "name":"hive_hive_metastore_hive_server_hive", + "principal":{ + "configuration":"hive-site/hive.metastore.kerberos.principal" + }, + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + } + ], + "name":"HIVE_METASTORE" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"hive-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab" + }, + "name":"atlas_kafka", + "principal":{ + "configuration":"hive-atlas-application.properties/atlas.jaas.KafkaClient.option.principal" + }, + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + }, + { + "name":"hive_hive_server_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"hive-site/hive.server2.authentication.spnego.keytab" + }, + "name":"hive_hive_server_spnego", + "principal":{ + "configuration":"hive-site/hive.server2.authentication.spnego.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"hive-site/hive.server2.authentication.kerberos.keytab", + "file":"${keytab_dir}/hive.service.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${hive-env/hive_user}" + } + }, + "name":"hive_server_hive", + "principal":{ + "configuration":"hive-site/hive.server2.authentication.kerberos.principal", + "local_username":"${hive-env/hive_user}", + "type":"service", + "value":"hive/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-hive-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"ranger_audit", + "principal":{ + "configuration":"ranger-hive-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + } + ], + "name":"HIVE_SERVER" + }, + { + "identities":[ + { + "name":"hive_hive_server_interactive_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "name":"hive_hive_server_interactive_hive_server_hive", + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + }, + { + "name":"hive_hive_server_interactive_spnego", + "reference":"/HIVE/HIVE_SERVER/spnego" + } + ], + "name":"HIVE_SERVER_INTERACTIVE" + }, + { + "configurations":[ + { + "core-site":{ + "hadoop.proxyuser.HTTP.hosts":"${clusterHostInfo/webhcat_server_host|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}" + } + }, + { + "webhcat-site":{ + "templeton.hive.properties":"hive.metastore.local\u003dfalse,hive.metastore.uris\u003d${clusterHostInfo/hive_metastore_host|each(thrift://%s:9083, \\\\,, \\s*\\,\\s*)},hive.metastore.sasl.enabled\u003dtrue,hive.metastore.execute.setugi\u003dtrue,hive.metastore.warehouse.dir\u003d/apps/hive/warehouse,hive.exec.mode.local.auto\u003dfalse,hive.metastore.kerberos.principal\u003dhive/_HOST@${realm}", + "templeton.kerberos.secret":"secret" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"webhcat-site/templeton.kerberos.keytab" + }, + "name":"hive_webhcat_server_spnego", + "principal":{ + "configuration":"webhcat-site/templeton.kerberos.principal" + }, + "reference":"/spnego" + } + ], + "name":"WEBHCAT_SERVER" + } + ], + "configurations":[ + { + "hive-site":{ + "hive.metastore.sasl.enabled":"true", + "hive.server2.authentication":"KERBEROS" + } + }, + { + "ranger-hive-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "name":"hive_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"hive_spnego", + "reference":"/spnego" + } + ], + "name":"HIVE" + }, + { + "auth_to_local_properties":[ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"kafka-env/kafka_keytab", + "file":"${keytab_dir}/kafka.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${kafka-env/kafka_user}" + } + }, + "name":"kafka_broker", + "principal":{ + "configuration":"kafka-env/kafka_principal_name", + "type":"service", + "value":"${kafka-env/kafka_user}/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"kafka_kafka_broker_kafka_broker", + "principal":{ + "configuration":"ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/KAFKA/KAFKA_BROKER/kafka_broker" + } + ], + "name":"KAFKA_BROKER" + } + ], + "configurations":[ + { + "kafka-broker":{ + "authorizer.class.name":"kafka.security.auth.SimpleAclAuthorizer", + "principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal", + "security.inter.broker.protocol":"PLAINTEXTSASL", + "super.users":"user:${kafka-env/kafka_user}", + "zookeeper.set.acl":"true" + } + }, + { + "ranger-kafka-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "name":"kafka_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"KAFKA" + }, + { + "components":[ + { + "name":"KERBEROS_CLIENT" + } + ], + "identities":[ + { + "name":"kerberos_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"KERBEROS" + }, + { + "components":[ + { + "configurations":[ + { + "core-site":{ + "hadoop.proxyuser.${knox-env/knox_user}.groups":"${hadoop-env/proxyuser_group}", + "hadoop.proxyuser.${knox-env/knox_user}.hosts":"${clusterHostInfo/knox_gateway_hosts}" + } + }, + { + "gateway-site":{ + "gateway.hadoop.kerberos.secured":"true", + "java.security.krb5.conf":"/etc/krb5.conf" + } + }, + { + "oozie-site":{ + "oozie.service.ProxyUserService.proxyuser.${knox-env/knox_user}.groups":"${hadoop-env/proxyuser_group}", + "oozie.service.ProxyUserService.proxyuser.${knox-env/knox_user}.hosts":"${clusterHostInfo/knox_gateway_hosts}" + } + }, + { + "ranger-knox-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + }, + { + "webhcat-site":{ + "webhcat.proxyuser.${knox-env/knox_user}.groups":"${hadoop-env/proxyuser_group}", + "webhcat.proxyuser.${knox-env/knox_user}.hosts":"${clusterHostInfo/knox_gateway_hosts}" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"ranger-knox-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"knox_knox_gateway_knox_principal", + "principal":{ + "configuration":"ranger-knox-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/KNOX/KNOX_GATEWAY/knox_principal" + }, + { + "keytab":{ + "configuration":"knox-env/knox_keytab_path", + "file":"${keytab_dir}/knox.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${knox-env/knox_user}" + } + }, + "name":"knox_principal", + "principal":{ + "configuration":"knox-env/knox_principal_name", + "local_username":"${knox-env/knox_user}", + "type":"service", + "value":"${knox-env/knox_user}/_HOST@${realm}" + } + } + ], + "name":"KNOX_GATEWAY" + } + ], + "name":"KNOX" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"logfeeder-env/logfeeder_kerberos_keytab", + "file":"${keytab_dir}/logfeeder.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"root" + } + }, + "name":"logfeeder", + "principal":{ + "configuration":"logfeeder-env/logfeeder_kerberos_principal", + "type":"service", + "value":"logfeeder/_HOST@${realm}" + } + } + ], + "name":"LOGSEARCH_LOGFEEDER" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"logsearch-env/logsearch_kerberos_keytab", + "file":"${keytab_dir}/logsearch.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${logsearch-env/logsearch_user}" + } + }, + "name":"logsearch", + "principal":{ + "configuration":"logsearch-env/logsearch_kerberos_principal", + "type":"service", + "value":"logsearch/_HOST@${realm}" + } + }, + { + "name":"logsearch_logsearch_server_infra-solr", + "reference":"/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "when":{ + "contains":[ + "services", + "AMBARI_INFRA" + ] + } + } + ], + "name":"LOGSEARCH_SERVER" + } + ], + "identities":[ + { + "name":"logsearch_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"LOGSEARCH" + }, + { + "components":[ + { + "identities":[ + { + "name":"mahout_mahout_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"MAHOUT" + } + ], + "identities":[ + { + "name":"mahout_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"MAHOUT" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"mapred-site/mapreduce.jobhistory.keytab", + "file":"${keytab_dir}/jhs.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${mapred-env/mapred_user}" + } + }, + "name":"history_server_jhs", + "principal":{ + "configuration":"mapred-site/mapreduce.jobhistory.principal", + "local_username":"${mapred-env/mapred_user}", + "type":"service", + "value":"jhs/_HOST@${realm}" + } + }, + { + "name":"mapreduce2_historyserver_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file" + }, + "name":"mapreduce2_historyserver_spnego", + "principal":{ + "configuration":"mapred-site/mapreduce.jobhistory.webapp.spnego-principal" + }, + "reference":"/spnego" + } + ], + "name":"HISTORYSERVER" + } + ], + "identities":[ + { + "name":"mapreduce2_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"mapreduce2_spnego", + "reference":"/spnego" + } + ], + "name":"MAPREDUCE2" + }, + { + "auth_to_local_properties":[ + "oozie-site/oozie.authentication.kerberos.name.rules" + ], + "components":[ + { + "identities":[ + { + "name":"oozie_oozie_server_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"oozie-site/oozie.authentication.kerberos.keytab" + }, + "name":"oozie_oozie_server_spnego", + "principal":{ + "configuration":"oozie-site/oozie.authentication.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"oozie-site/oozie.service.HadoopAccessorService.keytab.file", + "file":"${keytab_dir}/oozie.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${oozie-env/oozie_user}" + } + }, + "name":"oozie_server", + "principal":{ + "configuration":"oozie-site/oozie.service.HadoopAccessorService.kerberos.principal", + "local_username":"${oozie-env/oozie_user}", + "type":"service", + "value":"oozie/_HOST@${realm}" + } + } + ], + "name":"OOZIE_SERVER" + } + ], + "configurations":[ + { + "oozie-site":{ + "local.realm":"${realm}", + "oozie.authentication.type":"kerberos", + "oozie.credentials.credentialclasses":"hcat\u003dorg.apache.oozie.action.hadoop.HCatCredentials,hive2\u003dorg.apache.oozie.action.hadoop.Hive2Credentials", + "oozie.service.AuthorizationService.authorization.enabled":"true", + "oozie.service.HadoopAccessorService.kerberos.enabled":"true", + "oozie.zookeeper.secure":"true" + } + } + ], + "identities":[ + { + "name":"oozie_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"oozie_spnego", + "reference":"/spnego" + } + ], + "name":"OOZIE" + }, + { + "components":[ + { + "identities":[ + { + "name":"pig_pig_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"PIG" + } + ], + "name":"PIG" + }, + { + "components":[ + { + "identities":[ + { + "name":"ranger_ranger_admin_infra-solr", + "reference":"/AMBARI_INFRA/INFRA_SOLR/infra-solr", + "when":{ + "contains":[ + "services", + "AMBARI_INFRA" + ] + } + }, + { + "keytab":{ + "configuration":"ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"ranger_ranger_admin_rangeradmin", + "principal":{ + "configuration":"ranger-admin-site/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/RANGER/RANGER_ADMIN/rangeradmin" + }, + { + "keytab":{ + "configuration":"ranger-admin-site/ranger.spnego.kerberos.keytab" + }, + "name":"ranger_ranger_admin_spnego", + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"ranger-admin-site/ranger.admin.kerberos.keytab", + "file":"${keytab_dir}/rangeradmin.service.keytab", + "group":{ + + }, + "owner":{ + "access":"r", + "name":"${ranger-env/ranger_user}" + } + }, + "name":"rangeradmin", + "principal":{ + "configuration":"ranger-admin-site/ranger.admin.kerberos.principal", + "local_username":"${ranger-env/ranger_user}", + "type":"service", + "value":"rangeradmin/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-admin-site/ranger.lookup.kerberos.keytab", + "file":"${keytab_dir}/rangerlookup.service.keytab", + "group":{ + + }, + "owner":{ + "access":"r", + "name":"${ranger-env/ranger_user}" + } + }, + "name":"rangerlookup", + "principal":{ + "configuration":"ranger-admin-site/ranger.lookup.kerberos.principal", + "type":"service", + "value":"rangerlookup/_HOST@${realm}" + } + } + ], + "name":"RANGER_ADMIN" + }, + { + "configurations":[ + { + "tagsync-application-properties":{ + "atlas.jaas.KafkaClient.loginModuleControlFlag":"required", + "atlas.jaas.KafkaClient.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "atlas.jaas.KafkaClient.option.serviceName":"kafka", + "atlas.jaas.KafkaClient.option.storeKey":"true", + "atlas.jaas.KafkaClient.option.useKeyTab":"true", + "atlas.kafka.sasl.kerberos.service.name":"kafka", + "atlas.kafka.security.protocol":"PLAINTEXTSASL" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab" + }, + "name":"ranger_ranger_tagsync_rangertagsync", + "principal":{ + "configuration":"tagsync-application-properties/atlas.jaas.KafkaClient.option.principal" + }, + "reference":"/RANGER/RANGER_TAGSYNC/rangertagsync" + }, + { + "keytab":{ + "configuration":"ranger-tagsync-site/ranger.tagsync.kerberos.keytab", + "file":"${keytab_dir}/rangertagsync.service.keytab", + "group":{ + + }, + "owner":{ + "access":"r", + "name":"${ranger-env/ranger_user}" + } + }, + "name":"rangertagsync", + "principal":{ + "configuration":"ranger-tagsync-site/ranger.tagsync.kerberos.principal", + "local_username":"rangertagsync", + "type":"service", + "value":"rangertagsync/_HOST@${realm}" + } + } + ], + "name":"RANGER_TAGSYNC" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"ranger-ugsync-site/ranger.usersync.kerberos.keytab", + "file":"${keytab_dir}/rangerusersync.service.keytab", + "group":{ + + }, + "owner":{ + "access":"r", + "name":"${ranger-env/ranger_user}" + } + }, + "name":"rangerusersync", + "principal":{ + "configuration":"ranger-ugsync-site/ranger.usersync.kerberos.principal", + "local_username":"rangerusersync", + "type":"service", + "value":"rangerusersync/_HOST@${realm}" + } + } + ], + "name":"RANGER_USERSYNC" + } + ], + "configurations":[ + { + "ranger-admin-site":{ + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "name":"ranger_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"ranger_spnego", + "reference":"/spnego" + } + ], + "name":"RANGER" + }, + { + "auth_to_local_properties":[ + "kms-site/hadoop.kms.authentication.kerberos.name.rules" + ], + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"ranger_kms_ranger_kms_server_rangerkms", + "principal":{ + "configuration":"ranger-kms-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/RANGER_KMS/RANGER_KMS_SERVER/rangerkms" + }, + { + "keytab":{ + "configuration":"kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab" + }, + "name":"ranger_kms_ranger_kms_server_spnego", + "principal":{ + "configuration":"kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"dbks-site/ranger.ks.kerberos.keytab", + "file":"${keytab_dir}/rangerkms.service.keytab", + "group":{ + + }, + "owner":{ + "access":"r", + "name":"${kms-env/kms_user}" + } + }, + "name":"rangerkms", + "principal":{ + "configuration":"dbks-site/ranger.ks.kerberos.principal", + "local_username":"keyadmin", + "type":"service", + "value":"rangerkms/_HOST@${realm}" + } + } + ], + "name":"RANGER_KMS_SERVER" + } + ], + "configurations":[ + { + "kms-site":{ + "hadoop.kms.authentication.kerberos.principal":"*", + "hadoop.kms.authentication.type":"kerberos" + } + }, + { + "ranger-kms-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"kms-site/hadoop.kms.authentication.kerberos.keytab" + }, + "name":"ranger_kms_spnego", + "reference":"/spnego" + } + ], + "name":"RANGER_KMS" + }, + { + "components":[ + { + "identities":[ + { + "name":"slider_slider_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"SLIDER" + } + ], + "name":"SLIDER" + }, + { + "components":[ + { + "configurations":[ + { + "ams-hbase-site":{ + "hbase.superuser":"${activity-conf/global.activity.analyzer.user},${activity-conf/activity.explorer.user},${ams-env/ambari_metrics_user}" + } + }, + { + "yarn-site":{ + "yarn.admin.acl":"${activity-conf/global.activity.analyzer.user},dr.who,${yarn-env/yarn_user}" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"activity-conf/global.activity.analyzer.user.keytab", + "file":"${keytab_dir}/activity-analyzer.headless.keytab", + "group":{ + + }, + "owner":{ + "access":"r" + } + }, + "name":"activity_analyzer", + "principal":{ + "configuration":"activity-conf/global.activity.analyzer.user.principal", + "local_username":"${activity-conf/global.activity.analyzer.user}", + "type":"service", + "value":"${activity-conf/global.activity.analyzer.user}/_HOST@${realm}" + } + } + ], + "name":"ACTIVITY_ANALYZER" + }, + { + "configurations":[ + { + "ams-hbase-site":{ + "hbase.superuser":"${activity-conf/global.activity.analyzer.user},${activity-conf/activity.explorer.user},${ams-env/ambari_metrics_user}" + } + }, + { + "yarn-site":{ + "yarn.admin.acl":"${activity-conf/global.activity.analyzer.user},dr.who,${yarn-env/yarn_user}" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"activity-conf/activity.explorer.user.keytab", + "file":"${keytab_dir}/activity-explorer.headless.keytab", + "group":{ + + }, + "owner":{ + "access":"r" + } + }, + "name":"activity_explorer", + "principal":{ + "configuration":"activity-conf/activity.explorer.user.principal", + "local_username":"${activity-conf/activity.explorer.user}", + "type":"service", + "value":"${activity-conf/activity.explorer.user}/_HOST@${realm}" + } + } + ], + "name":"ACTIVITY_EXPLORER" + } + ], + "name":"SMARTSENSE" + }, + { + "components":[ + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"livy-conf/livy.server.auth.kerberos.keytab" + }, + "name":"livy_spnego", + "principal":{ + "configuration":"livy-conf/livy.server.auth.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"livy-conf/livy.server.launch.kerberos.keytab", + "file":"${keytab_dir}/livy.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${livy-env/livy_user}" + } + }, + "name":"livyuser", + "principal":{ + "configuration":"livy-conf/livy.server.launch.kerberos.principal", + "local_username":"${livy-env/livy_user}", + "type":"service", + "value":"${livy-env/livy_user}/_HOST@${realm}" + } + } + ], + "name":"LIVY_SERVER" + }, + { + "name":"SPARK_CLIENT" + }, + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"SPARK_JOBHISTORYSERVER" + }, + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "name":"hive_server_hive", + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + } + ], + "name":"SPARK_THRIFTSERVER" + } + ], + "configurations":[ + { + "core-site":{ + "hadoop.proxyuser.${livy-env/livy_user}.groups":"*", + "hadoop.proxyuser.${livy-env/livy_user}.hosts":"*" + } + }, + { + "livy-conf":{ + "livy.impersonation.enabled":"true", + "livy.server.auth.type":"kerberos" + } + }, + { + "spark-defaults":{ + "spark.history.kerberos.enabled":"true" + } + }, + { + "spark-thrift-sparkconf":{ + "spark.yarn.keytab":"${spark-env/hive_kerberos_keytab}", + "spark.yarn.principal":"${spark-env/hive_kerberos_principal}" + } + } + ], + "identities":[ + { + "name":"spark_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"spark-defaults/spark.history.kerberos.keytab", + "file":"${keytab_dir}/spark.headless.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${spark-env/spark_user}" + } + }, + "name":"sparkuser", + "principal":{ + "configuration":"spark-defaults/spark.history.kerberos.principal", + "local_username":"${spark-env/spark_user}", + "type":"user", + "value":"${spark-env/spark_user}${principal_suffix}@${realm}" + } + } + ], + "name":"SPARK" + }, + { + "components":[ + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"livy2-conf/livy.server.auth.kerberos.keytab" + }, + "name":"livy_spnego", + "principal":{ + "configuration":"livy2-conf/livy.server.auth.kerberos.principal" + }, + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"livy2-conf/livy.server.launch.kerberos.keytab", + "file":"${keytab_dir}/livy.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${livy2-env/livy2_user}" + } + }, + "name":"livyuser", + "principal":{ + "configuration":"livy2-conf/livy.server.launch.kerberos.principal", + "local_username":"${livy2-env/livy2_user}", + "type":"service", + "value":"${livy2-env/livy2_user}/_HOST@${realm}" + } + } + ], + "name":"LIVY2_SERVER" + }, + { + "name":"SPARK2_CLIENT" + }, + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"SPARK2_JOBHISTORYSERVER" + }, + { + "identities":[ + { + "name":"hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "name":"hive_server_hive", + "reference":"/HIVE/HIVE_SERVER/hive_server_hive" + } + ], + "name":"SPARK2_THRIFTSERVER" + } + ], + "configurations":[ + { + "core-site":{ + "hadoop.proxyuser.${livy2-env/livy2_user}.groups":"*", + "hadoop.proxyuser.${livy2-env/livy2_user}.hosts":"*" + } + }, + { + "livy2-conf":{ + "livy.impersonation.enabled":"true", + "livy.server.auth.type":"kerberos" + } + }, + { + "spark2-defaults":{ + "spark.history.kerberos.enabled":"true" + } + }, + { + "spark2-thrift-sparkconf":{ + "spark.yarn.keytab":"${spark2-env/hive_kerberos_keytab}", + "spark.yarn.principal":"${spark2-env/hive_kerberos_principal}" + } + } + ], + "identities":[ + { + "name":"spark2_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"spark2-defaults/spark.history.kerberos.keytab", + "file":"${keytab_dir}/spark.headless.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${spark2-env/spark_user}" + } + }, + "name":"spark2user", + "principal":{ + "configuration":"spark2-defaults/spark.history.kerberos.principal", + "local_username":"${spark2-env/spark_user}", + "type":"user", + "value":"${spark2-env/spark_user}${principal_suffix}@${realm}" + } + } + ], + "name":"SPARK2" + }, + { + "components":[ + { + "name":"SQOOP" + } + ], + "configurations":[ + { + "sqoop-atlas-application.properties":{ + "atlas.jaas.KafkaClient.option.renewTicket":"true", + "atlas.jaas.KafkaClient.option.useTicketCache":"true" + } + } + ], + "name":"SQOOP" + }, + { + "components":[ + { + "identities":[ + { + "name":"drpc_server", + "reference":"/STORM/NIMBUS/nimbus_server" + } + ], + "name":"DRPC_SERVER" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"storm-env/nimbus_keytab", + "file":"${keytab_dir}/nimbus.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${storm-env/storm_user}" + } + }, + "name":"nimbus_server", + "principal":{ + "configuration":"storm-env/nimbus_principal_name", + "type":"service", + "value":"nimbus/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"storm_numbus_storm_components", + "principal":{ + "configuration":"ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/STORM/storm_components" + } + ], + "name":"NIMBUS" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"storm-env/storm_ui_keytab" + }, + "name":"storm_storm_ui_server_spnego", + "principal":{ + "configuration":"storm-env/storm_ui_principal_name" + }, + "reference":"/spnego" + } + ], + "name":"STORM_UI_SERVER" + }, + { + "name":"SUPERVISOR" + } + ], + "configurations":[ + { + "ranger-storm-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + }, + { + "storm-site":{ + "drpc.authorizer":"org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer", + "java.security.auth.login.config":"{{conf_dir}}/storm_jaas.conf", + "nimbus.admins":"[\u0027{{storm_bare_jaas_principal}}\u0027, \u0027{{ambari_bare_jaas_principal}}\u0027]", + "nimbus.authorizer":"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer", + "nimbus.impersonation.acl":"{ {{storm_bare_jaas_principal}} : {hosts: [\u0027*\u0027], groups: [\u0027*\u0027]}}", + "nimbus.impersonation.authorizer":"org.apache.storm.security.auth.authorizer.ImpersonationAuthorizer", + "nimbus.supervisor.users":"[\u0027{{storm_bare_jaas_principal}}\u0027]", + "storm.principal.tolocal":"org.apache.storm.security.auth.KerberosPrincipalToLocal", + "storm.zookeeper.superACL":"sasl:{{storm_bare_jaas_principal}}", + "supervisor.enable":"true", + "ui.filter":"org.apache.hadoop.security.authentication.server.AuthenticationFilter", + "ui.filter.params":"{\u0027type\u0027: \u0027kerberos\u0027, \u0027kerberos.principal\u0027: \u0027{{storm_ui_jaas_principal}}\u0027, \u0027kerberos.keytab\u0027: \u0027{{storm_ui_keytab_path}}\u0027, \u0027kerberos.name.rules\u0027: \u0027DEFAULT\u0027}" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"storm-env/storm_keytab", + "file":"${keytab_dir}/storm.headless.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${storm-env/storm_user}" + } + }, + "name":"storm_components", + "principal":{ + "configuration":"storm-env/storm_principal_name", + "type":"user", + "value":"${storm-env/storm_user}${principal_suffix}@${realm}" + } + }, + { + "name":"storm_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"storm_spnego", + "reference":"/spnego" + }, + { + "keytab":{ + "configuration":"storm-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab" + }, + "name":"storm_storm_components", + "principal":{ + "configuration":"storm-atlas-application.properties/atlas.jaas.KafkaClient.option.principal" + }, + "reference":"/STORM/storm_components" + } + ], + "name":"STORM" + }, + { + "components":[ + { + "name":"SUPERSET" + } + ], + "configurations":[ + { + "superset":{ + "ENABLE_KERBEROS_AUTHENTICATION":"True", + "KERBEROS_REINIT_TIME_SEC":"3600" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"superset/KERBEROS_KEYTAB", + "file":"${keytab_dir}/superset.headless.keytab", + "group":{ + "access":"r", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${superset-env/superset_user}" + } + }, + "name":"superset", + "principal":{ + "configuration":"superset/KERBEROS_PRINCIPAL", + "local_username":"${superset-env/superset_user}", + "type":"user", + "value":"${superset-env/superset_user}${principal_suffix}@${realm}" + } + }, + { + "name":"superset_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"SUPERSET" + }, + { + "components":[ + { + "configurations":[ + { + "tez-site":{ + "tez.am.view-acls":"" + } + } + ], + "identities":[ + { + "name":"tez_tez_client_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + } + ], + "name":"TEZ_CLIENT" + } + ], + "name":"TEZ" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"yarn-site/yarn.timeline-service.keytab", + "file":"${keytab_dir}/yarn.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${yarn-env/yarn_user}" + } + }, + "name":"app_timeline_server_yarn", + "principal":{ + "configuration":"yarn-site/yarn.timeline-service.principal", + "local_username":"${yarn-env/yarn_user}", + "type":"service", + "value":"yarn/_HOST@${realm}" + } + }, + { + "name":"yarn_app_timeline_server_hdfs", + "reference":"/HDFS/NAMENODE/hdfs" + }, + { + "keytab":{ + "configuration":"yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab" + }, + "name":"yarn_app_timeline_server_spnego", + "principal":{ + "configuration":"yarn-site/yarn.timeline-service.http-authentication.kerberos.principal" + }, + "reference":"/spnego" + } + ], + "name":"APP_TIMELINE_SERVER" + }, + { + "configurations":[ + { + "yarn-site":{ + "yarn.nodemanager.container-executor.class":"org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor" + } + } + ], + "identities":[ + { + "keytab":{ + "configuration":"yarn-site/yarn.nodemanager.keytab", + "file":"${keytab_dir}/nm.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${yarn-env/yarn_user}" + } + }, + "name":"nodemanager_nm", + "principal":{ + "configuration":"yarn-site/yarn.nodemanager.principal", + "local_username":"${yarn-env/yarn_user}", + "type":"service", + "value":"nm/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"yarn-site/yarn.nodemanager.webapp.spnego-keytab-file" + }, + "name":"yarn_nodemanager_spnego", + "principal":{ + "configuration":"yarn-site/yarn.nodemanager.webapp.spnego-principal" + }, + "reference":"/spnego" + } + ], + "name":"NODEMANAGER" + }, + { + "identities":[ + { + "keytab":{ + "configuration":"yarn-site/yarn.resourcemanager.keytab", + "file":"${keytab_dir}/rm.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${yarn-env/yarn_user}" + } + }, + "name":"resource_manager_rm", + "principal":{ + "configuration":"yarn-site/yarn.resourcemanager.principal", + "local_username":"${yarn-env/yarn_user}", + "type":"service", + "value":"rm/_HOST@${realm}" + } + }, + { + "keytab":{ + "configuration":"ranger-yarn-audit/xasecure.audit.jaas.Client.option.keyTab" + }, + "name":"yarn_resourcemanager_resource_manager_rm", + "principal":{ + "configuration":"ranger-yarn-audit/xasecure.audit.jaas.Client.option.principal" + }, + "reference":"/YARN/RESOURCEMANAGER/resource_manager_rm" + }, + { + "keytab":{ + "configuration":"yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file" + }, + "name":"yarn_resourcemanager_spnego", + "principal":{ + "configuration":"yarn-site/yarn.resourcemanager.webapp.spnego-principal" + }, + "reference":"/spnego" + } + ], + "name":"RESOURCEMANAGER" + } + ], + "configurations":[ + { + "capacity-scheduler":{ + "yarn.scheduler.capacity.root.acl_administer_jobs":"${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.acl_administer_queue":"${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_jobs":"${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_administer_queue":"${yarn-env/yarn_user}", + "yarn.scheduler.capacity.root.default.acl_submit_applications":"${yarn-env/yarn_user}" + } + }, + { + "core-site":{ + "hadoop.proxyuser.${yarn-env/yarn_user}.groups":"*", + "hadoop.proxyuser.${yarn-env/yarn_user}.hosts":"${clusterHostInfo/rm_host}" + } + }, + { + "ranger-yarn-audit":{ + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true", + "xasecure.audit.jaas.Client.loginModuleControlFlag":"required", + "xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.option.serviceName":"solr", + "xasecure.audit.jaas.Client.option.storeKey":"false", + "xasecure.audit.jaas.Client.option.useKeyTab":"true" + } + }, + { + "yarn-site":{ + "hadoop.registry.client.auth":"kerberos", + "hadoop.registry.jaas.context":"Client", + "hadoop.registry.secure":"true", + "hadoop.registry.system.accounts":"sasl:${principals/YARN/APP_TIMELINE_SERVER/app_timeline_server_yarn|principalPrimary()},sasl:${principals/MAPREDUCE2/HISTORYSERVER/history_server_jhs|principalPrimary()},sasl:${principals/HDFS/NAMENODE/hdfs|principalPrimary()},sasl:${principals/YARN/RESOURCEMANAGER/resource_manager_rm|principalPrimary()},sasl:${principals/HIVE/HIVE_SERVER/hive_server_hive|principalPrimary()}", + "yarn.acl.enable":"true", + "yarn.admin.acl":"${yarn-env/yarn_user},dr.who", + "yarn.resourcemanager.proxy-user-privileges.enabled":"true", + "yarn.resourcemanager.proxyuser.*.groups":"", + "yarn.resourcemanager.proxyuser.*.hosts":"", + "yarn.resourcemanager.proxyuser.*.users":"", + "yarn.resourcemanager.zk-acl":"sasl:${principals/YARN/RESOURCEMANAGER/resource_manager_rm|principalPrimary()}:rwcda", + "yarn.timeline-service.enabled":"true", + "yarn.timeline-service.http-authentication.cookie.domain":"", + "yarn.timeline-service.http-authentication.cookie.path":"", + "yarn.timeline-service.http-authentication.kerberos.name.rules":"", + "yarn.timeline-service.http-authentication.proxyuser.*.groups":"", + "yarn.timeline-service.http-authentication.proxyuser.*.hosts":"", + "yarn.timeline-service.http-authentication.proxyuser.*.users":"", + "yarn.timeline-service.http-authentication.signature.secret":"", + "yarn.timeline-service.http-authentication.signature.secret.file":"", + "yarn.timeline-service.http-authentication.signer.secret.provider":"", + "yarn.timeline-service.http-authentication.signer.secret.provider.object":"", + "yarn.timeline-service.http-authentication.token.validity":"", + "yarn.timeline-service.http-authentication.type":"kerberos" + } + } + ], + "identities":[ + { + "name":"yarn_smokeuser", + "reference":"/smokeuser" + }, + { + "name":"yarn_spnego", + "reference":"/spnego" + } + ], + "name":"YARN" + }, + { + "components":[ + { + "name":"ZEPPELIN_MASTER" + } + ], + "configurations":[ + { + "core-site":{ + "hadoop.proxyuser.${zeppelin-env/zeppelin_user}.groups":"*", + "hadoop.proxyuser.${zeppelin-env/zeppelin_user}.hosts":"*" + } + }, + { + "zeppelin-env":{ + "zeppelin.kerberos.enabled":"true" + } + } + ], + "identities":[ + { + "name":"zeppelin_smokeuser", + "reference":"/smokeuser" + }, + { + "keytab":{ + "configuration":"zeppelin-env/zeppelin.server.kerberos.keytab", + "file":"${keytab_dir}/zeppelin.server.kerberos.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${zeppelin-env/zeppelin_user}" + } + }, + "name":"zeppelin_user", + "principal":{ + "configuration":"zeppelin-env/zeppelin.server.kerberos.principal", + "local_username":"${zeppelin-env/zeppelin_user}", + "type":"user", + "value":"${zeppelin-env/zeppelin_user}${principal_suffix}@${realm}" + } + } + ], + "name":"ZEPPELIN" + }, + { + "components":[ + { + "identities":[ + { + "keytab":{ + "configuration":"zookeeper-env/zookeeper_keytab_path", + "file":"${keytab_dir}/zk.service.keytab", + "group":{ + "access":"", + "name":"${cluster-env/user_group}" + }, + "owner":{ + "access":"r", + "name":"${zookeeper-env/zk_user}" + } + }, + "name":"zookeeper_zk", + "principal":{ + "configuration":"zookeeper-env/zookeeper_principal_name", + "type":"service", + "value":"zookeeper/_HOST@${realm}" + } + } + ], + "name":"ZOOKEEPER_SERVER" + } + ], + "identities":[ + { + "name":"zookeeper_smokeuser", + "reference":"/smokeuser" + } + ], + "name":"ZOOKEEPER" + } + ] +} \ No newline at end of file -- To stop receiving notification emails like this one, please contact oleew...@apache.org.