This is an automated email from the ASF dual-hosted git repository.
vbrodetskyi pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 1d90d11 [AMBARI-25093] "Spark2 Thrift Server alert does not work with
HTTPS/SSL (apappu) (#2883)
1d90d11 is described below
commit 1d90d1136f1b231e31d894fb089db56bf526838c
Author: amarnathreddy pappu <[email protected]>
AuthorDate: Mon Apr 1 06:16:06 2019 -0700
[AMBARI-25093] "Spark2 Thrift Server alert does not work with HTTPS/SSL
(apappu) (#2883)
* [AMBARI-25093] Spark2 Thrift Server alert does not work with HTTPS
(apappu)
* [AMBARI-25093] Spark2 Thrift Server alert does not work with HTTPS/SSL
(apappu)
---
.../scripts/alerts/alert_spark2_thrift_port.py | 32 +++++++++++++++++++---
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git
a/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/alerts/alert_spark2_thrift_port.py
b/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/alerts/alert_spark2_thrift_port.py
index d3660de..dbbbabf 100644
---
a/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/alerts/alert_spark2_thrift_port.py
+++
b/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/alerts/alert_spark2_thrift_port.py
@@ -36,6 +36,8 @@ OK_MESSAGE = "TCP OK - {0:.3f}s response on port {1}"
CRITICAL_MESSAGE = "Connection failed on host {0}:{1} ({2})"
HIVE_SERVER_THRIFT_PORT_KEY =
'{{spark2-hive-site-override/hive.server2.thrift.port}}'
+HIVE_SERVER_THRIFT_HTTP_PORT_KEY =
'{{spark2-hive-site-override/hive.server2.thrift.http.port}}'
+
HIVE_SERVER_TRANSPORT_MODE_KEY =
'{{spark2-hive-site-override/hive.server2.transport.mode}}'
SECURITY_ENABLED_KEY = '{{cluster-env/security_enabled}}'
@@ -43,6 +45,10 @@ HIVE_SERVER2_AUTHENTICATION_KEY =
'{{hive-site/hive.server2.authentication}}'
HIVE_SERVER2_KERBEROS_KEYTAB =
'{{hive-site/hive.server2.authentication.kerberos.keytab}}'
HIVE_SERVER2_PRINCIPAL_KEY =
'{{hive-site/hive.server2.authentication.kerberos.principal}}'
+SPARK_SSL_ENABLED = '{{spark2-defaults/spark.ssl.enabled}}'
+SPARK_TRUST_STORE_PATH = '{{spark2-defaults/spark.ssl.trustStore}}'
+SPARK_TRUST_STORE_PASS = '{{spark2-defaults/spark.ssl.trustStorePassword}}'
+
# The configured Kerberos executable search paths, if any
KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY =
'{{kerberos-env/executable_search_paths}}'
@@ -63,7 +69,7 @@ def get_tokens():
to build the dictionary passed into execute
"""
return (HIVE_SERVER_THRIFT_PORT_KEY, HIVE_SERVER_TRANSPORT_MODE_KEY,
SECURITY_ENABLED_KEY, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY,
- HIVEUSER_DEFAULT, HIVE_SERVER2_KERBEROS_KEYTAB,
HIVE_SERVER2_PRINCIPAL_KEY)
+ HIVEUSER_DEFAULT, HIVE_SERVER2_KERBEROS_KEYTAB,
HIVE_SERVER2_PRINCIPAL_KEY, SPARK_SSL_ENABLED, SPARK_TRUST_STORE_PATH,
SPARK_TRUST_STORE_PASS, HIVE_SERVER_THRIFT_HTTP_PORT_KEY)
@OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
def execute(configurations={}, parameters={}, host_name=None):
@@ -88,7 +94,9 @@ def execute(configurations={}, parameters={}, host_name=None):
port = THRIFT_PORT_DEFAULT
if transport_mode.lower() == 'binary' and HIVE_SERVER_THRIFT_PORT_KEY in
configurations:
port = int(configurations[HIVE_SERVER_THRIFT_PORT_KEY])
-
+ elif transport_mode.lower() == 'http' and HIVE_SERVER_THRIFT_HTTP_PORT_KEY
in configurations:
+ port = int(configurations[HIVE_SERVER_THRIFT_HTTP_PORT_KEY])
+
security_enabled = False
if SECURITY_ENABLED_KEY in configurations:
security_enabled = str(configurations[SECURITY_ENABLED_KEY]).upper()
== 'TRUE'
@@ -105,6 +113,15 @@ def execute(configurations={}, parameters={},
host_name=None):
hive_principal = configurations[HIVE_SERVER2_PRINCIPAL_KEY]
hive_principal = hive_principal.replace('_HOST',host_name.lower())
+ # Get the Trust store and pass
+ spark_truststore_path = None
+ spark_truststore_pass = None
+ spark_ssl_enabled = False
+ if SPARK_SSL_ENABLED in configurations:
+ spark_truststore_path = configurations[SPARK_TRUST_STORE_PATH]
+ spark_truststore_pass = configurations[SPARK_TRUST_STORE_PASS]
+ spark_ssl_enabled = str(configurations[SPARK_SSL_ENABLED]).upper() ==
'TRUE'
+
# Get the configured Kerberos executable search paths, if any
if KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY in configurations:
kerberos_executable_search_paths =
configurations[KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY]
@@ -131,9 +148,16 @@ def execute(configurations={}, parameters={},
host_name=None):
host_name = socket.getfqdn()
if security_enabled:
- beeline_url =
["'jdbc:hive2://{host_name}:{port}/default;principal={hive_principal}'","transportMode={transport_mode}"]
+ if spark_ssl_enabled:
+ beeline_url =
['"jdbc:hive2://{host_name}:{port}/default;principal={hive_principal};transportMode={transport_mode};ssl=true;sslTrustStore={spark_truststore_path};trustStorePassword={spark_truststore_pass!p};httpPath=cliservice"']
+ else:
+ beeline_url =
["jdbc:hive2://{host_name}:{port}/default;principal={hive_principal}","transportMode={transport_mode}"]
else:
- beeline_url =
["'jdbc:hive2://{host_name}:{port}/default'","transportMode={transport_mode}"]
+ if spark_ssl_enabled:
+ beeline_url =
['"jdbc:hive2://{host_name}:{port}/default;transportMode={transport_mode};ssl=true;sslTrustStore={spark_truststore_path};trustStorePassword={spark_truststore_pass!p};httpPath=cliservice"']
+ else:
+ beeline_url =
["jdbc:hive2://{host_name}:{port}/default","transportMode={transport_mode}"]
+
# append url according to used transport
beeline_cmd = os.path.join(spark_home, "bin", "beeline")
