Repository: incubator-slider Updated Branches: refs/heads/develop 7506d930a -> 01f1e7d10
SLIDER-560 default secure config files for use by ambari slider view Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/01f1e7d1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/01f1e7d1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/01f1e7d1 Branch: refs/heads/develop Commit: 01f1e7d101616ccf5276d7446d494aa0e95277e9 Parents: 7506d93 Author: Jon Maron <[email protected]> Authored: Mon Oct 27 16:13:45 2014 -0400 Committer: Jon Maron <[email protected]> Committed: Mon Oct 27 16:14:47 2014 -0400 ---------------------------------------------------------------------- .../hbase/appConfig-secured-default.json | 63 +++++++++++++++++ .../storm/appConfig-secured-default.json | 71 ++++++++++++++++++++ 2 files changed, 134 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/01f1e7d1/app-packages/hbase/appConfig-secured-default.json ---------------------------------------------------------------------- diff --git a/app-packages/hbase/appConfig-secured-default.json b/app-packages/hbase/appConfig-secured-default.json new file mode 100644 index 0000000..2f3465f --- /dev/null +++ b/app-packages/hbase/appConfig-secured-default.json @@ -0,0 +1,63 @@ +{ + "schema": "http://example.org/specification/v2.0.0";, + "metadata": { + }, + "global": { + "application.def": ".slider/package/HBASE/slider-hbase-app-package-0.98.4.2.2.0.0-830-hadoop2.zip", + "create.default.zookeeper.node": "true", + "java_home": "/usr/jdk64/jdk1.7.0_67", + "system_configs": "core-site,hdfs-site", + + "site.global.app_user": "${USER_NAME}", + "site.global.app_root": "${AGENT_WORK_ROOT}/app/install/hbase-0.98.4.2.2.0.0-830-hadoop2", + + "site.global.ganglia_server_host": "${NN_HOST}", + "site.global.ganglia_server_port": "8667", + "site.global.ganglia_server_id": "Application1", + "site.global.ganglia_enabled":"true", + + "site.global.hbase_instance_name": "instancename", + "site.global.hbase_root_password": "secret", + "site.global.user_group": "hadoop", + "site.global.security_enabled": "false", + "site.global.monitor_protocol": "http", + "site.global.hbase_thrift_port": "${HBASE_THRIFT.ALLOCATED_PORT}", + "site.global.hbase_thrift2_port": "${HBASE_THRIFT2.ALLOCATED_PORT}", + "site.global.hbase_rest_port": "${HBASE_REST.ALLOCATED_PORT}", + + "site.hbase-env.hbase_master_heapsize": "1024m", + "site.hbase-env.hbase_regionserver_heapsize": "1024m", + + "site.hbase-site.hbase.rootdir": "${DEFAULT_DATA_DIR}", + "site.hbase-site.hbase.superuser": "${USER_NAME}", + "site.hbase-site.hbase.tmp.dir": "${AGENT_WORK_ROOT}/work/app/tmp", + "site.hbase-site.hbase.local.dir": "${hbase.tmp.dir}/local", + "site.hbase-site.hbase.zookeeper.quorum": "${ZK_HOST}", + "site.hbase-site.zookeeper.znode.parent": "${DEFAULT_ZK_PATH}", + "site.hbase-site.hbase.regionserver.info.port": "0", + "site.hbase-site.hbase.master.info.port": "${HBASE_MASTER.ALLOCATED_PORT}", + "site.hbase-site.hbase.regionserver.port": "0", + "site.hbase-site.hbase.master.port": "0", + + "site.hbase-site.hbase.security.authentication": "kerberos", + "site.hbase-site.hbase.security.authorization": "true", + "site.hbase-site.hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController", + "site.hbase-site.hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController", + "site.hbase-site.hbase.regionserver.kerberos.principal": "${USER_NAME}/[email protected]", + "site.hbase-site.hbase.regionserver.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab", + "site.hbase-site.hbase.master.kerberos.principal": "${USER_NAME}/[email protected]", + "site.hbase-site.hbase.master.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab", + "site.hbase-site.hbase.rest.kerberos.principal": "${USER_NAME}/[email protected]", + "site.hbase-site.hbase.rest.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab", + "site.hbase-site.hbase.thrift.kerberos.principal": "${USER_NAME}/[email protected]", + "site.hbase-site.hbase.thrift.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab" + }, + "components": { + "slider-appmaster": { + "jvm.heapsize": "256M", + "slider.hdfs.keytab.dir": ".slider/keytabs/hbase", + "slider.am.login.keytab.name": "hbase.headless.keytab", + "slider.keytab.principal.name": "${USER_NAME}" + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/01f1e7d1/app-packages/storm/appConfig-secured-default.json ---------------------------------------------------------------------- diff --git a/app-packages/storm/appConfig-secured-default.json b/app-packages/storm/appConfig-secured-default.json new file mode 100644 index 0000000..48e9447 --- /dev/null +++ b/app-packages/storm/appConfig-secured-default.json @@ -0,0 +1,71 @@ +{ + "schema": "http://example.org/specification/v2.0.0";, + "metadata": { + }, + "global": { + "application.def": "/user/jon/slider/Apache_Storm_v_0_9_3.zip", + "java_home": "/usr/jdk64/jdk1.7.0_45", + "create.default.zookeeper.node": "true", + + "site.global.app_user": "${USER_NAME}", + "site.global.app_root": "${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100", + "site.global.user_group": "hadoop", + "site.global.security_enabled": "true", + "site.global.ganglia_server_host": "${NN_HOST}", + "site.global.ganglia_server_id": "Application2", + "site.global.ganglia_enabled":"true", + "site.global.ganglia_server_port": "8668", + "site.global.rest_api_port": "${STORM_REST_API.ALLOCATED_PORT}", + "site.global.rest_api_admin_port": "${STORM_REST_API.ALLOCATED_PORT}", + + "site.storm-site.storm.log.dir" : "${AGENT_LOG_ROOT}", + "site.storm-site.storm.zookeeper.servers": "['${ZK_HOST}']", + "site.storm-site.nimbus.thrift.port": "${NIMBUS.ALLOCATED_PORT}", + "site.storm-site.storm.local.dir": "${AGENT_WORK_ROOT}/app/tmp/storm", + "site.storm-site.transactional.zookeeper.root": "/transactional", + "site.storm-site.storm.zookeeper.port": "2181", + "site.storm-site.nimbus.childopts": "-Xmx1024m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${@//site/global/ganglia_server_host},port=${@//site/global/ganglia_server_port},wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM", + "site.storm-site.supervisor.childopts": "-Xmx256m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=0 -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${NN_HOST},port=8668,wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM", + "site.storm-site.ui.childopts": "-Xmx768m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf", + "site.storm-site.worker.childopts": "-Xmx768m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${@//site/global/ganglia_server_host},port=${@//site/global/ganglia_server_port},wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM", + "site.storm-site.dev.zookeeper.path": "${AGENT_WORK_ROOT}/app/tmp/dev-storm-zookeeper", + "site.storm-site.drpc.invocations.port": "0", + "site.storm-site.storm.zookeeper.root": "${DEF_ZK_PATH}", + "site.storm-site.transactional.zookeeper.port": "null", + "site.storm-site.nimbus.host": "${NIMBUS_HOST}", + "site.storm-site.ui.port": "${STORM_UI_SERVER.ALLOCATED_PORT}", + "site.storm-site.supervisor.slots.ports": "[${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE},${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE}]", + "site.storm-site.drpc.port": "0", + "site.storm-site.drpc.servers": "['${NIMBUS_HOST}']", + "site.storm-site.logviewer.port": "${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE}", + + "site.storm-site.nimbus.authorizer": "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer", + "site.storm-site.storm.thrift.transport": "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin", + "site.storm-site.java.security.auth.login.config": "${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf", + "site.storm-site.storm.principal.tolocal": "backtype.storm.security.auth.KerberosPrincipalToLocal", + "site.storm-site.storm.zookeeper.superACL": "PLACE_JAAS_CLIENT_PRINCIPAL_HERE", + "site.storm-site.nimbus.admins": "['${USER_NAME}', 'PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE']", + "site.storm-site.nimbus.users": "['${USER_NAME}']", + "site.storm-site.nimbus.supervisor.users": "['PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE']", + "site.storm-site.nimubs.authorizer": "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer", + "site.storm-site.storm.thrift.transport": "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin", + "site.storm-site.storm.principal.tolocal": "backtype.storm.security.auth.KerberosPrincipalToLocal", + "site.storm-site.ui.filter": "org.apache.hadoop.security.authentication.server.AuthenticationFilter", + "site.storm-site.ui.filter.params": "{'type': 'kerberos', 'kerberos.principal': 'HTTP/_HOST', 'kerberos.keytab': '/etc/security/keytabs/spnego.service.keytab', 'kerberos.name.rules': 'RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/DEFAULT'}", + + "site.storm-env.kerberos_domain": "EXAMPLE.COM", + "site.storm-env.storm_client_principal_name": "PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE/_HOST", + "site.storm-env.storm_server_principal_name": "PLACE_JAAS_STORMSERVER_PRINCIPAL_HERE/_HOST", + "site.storm-env.storm_client_keytab": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.keytab", + "site.storm-env.storm_server_keytab": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.keytab" + + }, + "components": { + "slider-appmaster": { + "jvm.heapsize": "256M", + "slider.hdfs.keytab.dir": ".slider/keytabs/storm", + "slider.am.login.keytab.name": "${USER_NAME}.keytab", + "slider.keytab.principal.name": "${USER_NAME}" + } + } +}
