cheanges for secure deployment
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/f4871c6f Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/f4871c6f Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/f4871c6f Branch: refs/heads/feature/SLIDER-280_Restart_AM_fun_tests Commit: f4871c6fcd2f093a313933de63107bd7e5c372b3 Parents: 0878e52 Author: Jon Maron <[email protected]> Authored: Tue Sep 2 19:22:27 2014 -0400 Committer: Jon Maron <[email protected]> Committed: Tue Sep 2 19:22:27 2014 -0400 ---------------------------------------------------------------------- app-packages/storm/package/scripts/params.py | 9 ++++----- app-packages/storm/package/scripts/service.py | 4 ++-- app-packages/storm/package/scripts/storm.py | 9 ++++++--- app-packages/storm/package/scripts/yaml_config.py | 10 +++++++++- 4 files changed, 21 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/f4871c6f/app-packages/storm/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/params.py b/app-packages/storm/package/scripts/params.py index 93c6018..a8e36b9 100644 --- a/app-packages/storm/package/scripts/params.py +++ b/app-packages/storm/package/scripts/params.py @@ -47,17 +47,16 @@ if ganglia_installed: ganglia_server = config['configurations']['global']['ganglia_server_host'] ganglia_port = config['configurations']['global']['ganglia_server_port'] -_authentication = config['configurations']['core-site']['hadoop.security.authentication'] -security_enabled = ( not is_empty(_authentication) and _authentication == 'kerberos') +security_enabled = config['configurations']['global']['security_enabled'] +hostname_lowercase = config['hostname'].lower() if security_enabled: - _hostname_lowercase = config['hostname'].lower() _kerberos_domain = config['configurations']['storm-env']['kerberos_domain'] _storm_client_principal_name = config['configurations']['storm-env']['storm_client_principal_name'] _storm_server_principal_name = config['configurations']['storm-env']['storm_server_principal_name'] - storm_jaas_client_principal = _storm_client_principal_name.replace('_HOST', _hostname_lowercase) + storm_jaas_client_principal = _storm_client_principal_name.replace('_HOST', hostname_lowercase) storm_client_keytab_path = config['configurations']['storm-env']['storm_client_keytab'] - storm_jaas_server_principal = _storm_server_principal_name.replace('_HOST', _hostname_lowercase) + storm_jaas_server_principal = _storm_server_principal_name.replace('_HOST', hostname_lowercase) storm_server_keytab_path = config['configurations']['storm-env']['storm_server_keytab'] kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]) http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/f4871c6f/app-packages/storm/package/scripts/service.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/service.py b/app-packages/storm/package/scripts/service.py index dc3c733..50ac44c 100644 --- a/app-packages/storm/package/scripts/service.py +++ b/app-packages/storm/package/scripts/service.py @@ -54,10 +54,10 @@ def service( if params.security_enabled: if name == "nimbus": - Execute(format("{kinit_path_local} -kt {storm_server_keytab_path} {storm_user}"), + Execute(format("{kinit_path_local} -kt {storm_server_keytab_path} {storm_jaas_server_principal}"), user=params.storm_user) else: - Execute(format("{kinit_path_local} -kt {storm_client_keytab_path} {storm_user}"), + Execute(format("{kinit_path_local} -kt {storm_client_keytab_path} {storm_jaas_client_principal}"), user=params.storm_user) Execute(cmd, http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/f4871c6f/app-packages/storm/package/scripts/storm.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/storm.py b/app-packages/storm/package/scripts/storm.py index efca073..8ecb3a1 100644 --- a/app-packages/storm/package/scripts/storm.py +++ b/app-packages/storm/package/scripts/storm.py @@ -50,6 +50,9 @@ def storm(): ) if params.security_enabled: - TemplateConfig( format("{conf_dir}/storm_jaas.conf"), - owner = params.storm_user - ) \ No newline at end of file + File(format("{conf_dir}/storm_jaas.conf"), + content=Template("storm_jaas.conf.j2"), + owner = params.storm_user, + group = params.user_group + ) + http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/f4871c6f/app-packages/storm/package/scripts/yaml_config.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/yaml_config.py b/app-packages/storm/package/scripts/yaml_config.py index d25089c..0a1ffa9 100644 --- a/app-packages/storm/package/scripts/yaml_config.py +++ b/app-packages/storm/package/scripts/yaml_config.py @@ -19,9 +19,13 @@ limitations under the License. """ import re +import socket from resource_management import * def escape_yaml_propetry(value): + # pre-process value for any "_HOST" tokens + value = value.replace('_HOST', socket.getfqdn()) + unquouted = False unquouted_values = ["null","Null","NULL","true","True","TRUE","false","False","FALSE","YES","Yes","yes","NO","No","no","ON","On","on","OFF","Off","off"] @@ -31,7 +35,11 @@ def escape_yaml_propetry(value): # if is list [a,b,c] if re.match('^\w*\[.+\]\w*$', value): unquouted = True - + + # if is map {'a':'b'} + if re.match('^\w*\{.+\}\w*$', value): + unquouted = True + try: int(value) unquouted = True
