[6/8] incubator-trafodion git commit: TRAFODION [109] Instrument Trafodion to work with Secure Hadoop (Kerberos)

Thu, 23 Jun 2016 15:18:04 -0700 

TRAFODION [109] Instrument Trafodion to work with Secure Hadoop (Kerberos)

The Jenkins environment is not able to setup LDAP.  Made the following changes:

- Moved configuring LDAP until after sqgen is called
- Fixed a bug when copying LDAP conf file for multi-node environment
- Displays contents of LDAP conf file when an error occurs to help debugging
- Couple minor edits


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/a7f9c83f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/a7f9c83f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/a7f9c83f

Branch: refs/heads/master
Commit: a7f9c83fae1009e997b56bb1aca5d383d28493a5
Parents: 1946255
Author: Roberta Marton <[email protected]>
Authored: Fri Jun 17 18:19:29 2016 +0000
Committer: Roberta Marton <[email protected]>
Committed: Fri Jun 17 18:19:29 2016 +0000

----------------------------------------------------------------------
 install/installer/traf_add_kerberos        |  2 +-
 install/installer/traf_add_ldap            | 36 ++++++++++++++++---------
 install/installer/trafodion_config_default |  4 +--
 install/installer/trafodion_install        | 24 ++++++++++++-----
 install/installer/trafodion_uninstaller    |  4 +--
 5 files changed, 45 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/traf_add_kerberos
----------------------------------------------------------------------
diff --git a/install/installer/traf_add_kerberos 
b/install/installer/traf_add_kerberos
index e055dd4..0ff1e74 100755
--- a/install/installer/traf_add_kerberos
+++ b/install/installer/traf_add_kerberos
@@ -183,7 +183,7 @@ if [[ $? -ne 0 ]]; then
   rm $LOCAL_WORKDIR/kerberos.tmp
 fi
 
-# Grant all privileges to the Trafodion principle in HBase
+# Grant all privileges to the Trafodion principal in HBase
 echo "***INFO: Grant HBase privileges to $TRAF_USER user" 
 sudo -u $HBASE_USER  kinit -kt $HBASE_KEYTAB $HBASE_PRINCIPAL
 if [[ $? -ne 0 ]]; then

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/traf_add_ldap
----------------------------------------------------------------------
diff --git a/install/installer/traf_add_ldap b/install/installer/traf_add_ldap
index be85389..652326f 100755
--- a/install/installer/traf_add_ldap
+++ b/install/installer/traf_add_ldap
@@ -44,28 +44,38 @@ echo
 echo "***INFO: Running LDAP installation"
 
 echo "***INFO: Copy $LDAP_AUTH_FILE to all nodes" 
-sudo cp -r $LOCAL_WORKDIR/$LDAP_AUTH_FILE $HOME_DIR/$TRAF_USER
-sudo chown $TRAF_USER.$TRAF_GROUP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
-sudo chmod 750 $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
-
+# Copy traf_authentication_config file to correct location and change to 
official name
+if [[ "$all_node_count" -eq "1" ]]; then
+  sudo cp -r $LOCAL_WORKDIR/$LDAP_AUTH_FILE 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
+  sudo chown $TRAF_USER.$TRAF_GROUP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
+  sudo su $TRAF_USER --command "cp $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE 
$SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 
+  sudo su $TRAF_USER --command "chmod 750 
$SQ_ROOT/sql/scripts/.traf_authentication_config"
+else
+  $TRAF_PDCP $LOCAL_WORKDIR/$LDAP_AUTH_FILE $HOME
+  $TRAF_PDSH sudo cp $HOME/$LDAP_AUTH_FILE $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
+  $TRAF_PDSH sudo chown $TRAF_USER:$TRAF_GROUP 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE
+  sudo su $TRAF_USER --command "$TRAF_PDSH cp 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE 
$SQ_ROOT/sql/scripts/.traf_authentication_config" 
+  sudo su $TRAF_USER --command "$TRAF_PDSH chmod 750 
$SQ_ROOT/sql/scripts/.traf_authentication_config"
+fi
+  
 # Check traf_authentication_config for errors
 echo "***INFO: Checking LDAP Configuration file for errors."
-sudo su $TRAF_USER --login --command "ldapconfigcheck -file 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" | tee -a $INSTALL_LOG
+sudo su $TRAF_USER --login --command "ldapconfigcheck -file 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" 
 if [ ${PIPESTATUS[0]} != "0" ]; then
   echo "***ERROR: traf_authentication_config not configured correctly."
+  echo "***ERROR: Configuration file LDAP_AUTH_FILE located 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE"
+  echo "***ERROR: Contents of the configuration file is:"
+  echo "`sudo cat $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE | grep -v '#' | awk NF`"
   exit -1
 fi
 
-# Copy traf_authentication_config file to correct location and change to 
official name
-if [[ "$all_node_count" -eq "1" ]]; then
-  sudo su $TRAF_USER --login --command "cp 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE 
$SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 
-else
-  sudo su $TRAF_USER --command "$TRAF_PDCP 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE 
$SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 
-fi
-  
-sudo su $TRAF_USER --login --command "ldapcheck --username=$DB_ROOT_NAME" | 
tee -a $INSTALL_LOG 
+echo "***INFO: Verifying that LDAP username \"$DB_ROOT_NAME\" exists"
+sudo su $TRAF_USER --login --command "ldapcheck --username=$DB_ROOT_NAME" 
 if [ ${PIPESTATUS[0]} != "0" ]; then
   echo "***ERROR: traf_authentication_config not configured correctly."
+  echo "***ERROR: Configuration file LDAP_AUTH_FILE located 
$HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE"
+  echo "***ERROR: Contents of the configuration file is:" 
+  echo "`sudo cat $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE | grep -v '#' | awk NF`"
   exit -1
 fi
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_config_default
----------------------------------------------------------------------
diff --git a/install/installer/trafodion_config_default 
b/install/installer/trafodion_config_default
index 981d2cf..00eed16 100755
--- a/install/installer/trafodion_config_default
+++ b/install/installer/trafodion_config_default
@@ -130,8 +130,6 @@ export INIT_TRAFODION="N"
 # Default is to leave as is and this file will be created.
 export SQCONFIG=""
 
-export CONFIG_COMPLETE="true"
-
 #-----------------  security configuration information -----------------
 #Enter in Kerberos details if Kerberos is enabled on your cluster
 
@@ -170,6 +168,8 @@ export 
LDAP_AUTH_FILE="traf_authentication_config_${HOSTNAME}"
 DB_ROOT_NAME="trafodion"
 #-----------------      end security configuration     -----------------
 
+export CONFIG_COMPLETE="true"
+
 #HA configuraton enabled, if want to enable set to true and add valid floating 
IP address.
 export ENABLE_HA="false"
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_install
----------------------------------------------------------------------
diff --git a/install/installer/trafodion_install 
b/install/installer/trafodion_install
index 452995f..bd12188 100755
--- a/install/installer/trafodion_install
+++ b/install/installer/trafodion_install
@@ -725,11 +725,27 @@ if [[ "$SECURE_HADOOP" == "Y" ]]; then
       echo "***ERROR: Kerberos not enabled" | tee -a $INSTALL_LOG
       exit -1
    fi
+else
+  echo "***INFO: Skipping Kerberos setup for Trafodion"
 fi
 
 echo "***INFO: Secure Hadoop setup for Trafodion ran successfully."
 
-# setup identity store (LDAP) stuff
+# Install and configure CLI for Cloud environments
+if  [ "$ENABLE_HA" == "true" ] && [[ $CLOUD_CONFIG == "Y" ]] && [[ 
$all_node_count -gt 1 ]]; then
+  echo "***INFO: Install and configure CLI for Cloud"
+  $TRAF_WORKDIR/installer/cloud_cli_setup
+fi
+
+sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_sqgen" 2>&1 
| tee -a $INSTALL_LOG
+if [ ${PIPESTATUS[0]} != "0" ]; then
+   echo "***ERROR: Error while running traf_sqgen" | tee -a $INSTALL_LOG
+   echo "***ERROR: Setup not complete, review logs." | tee -a $INSTALL_LOG
+   echo "***ERROR: Exiting...." | tee -a $INSTALL_LOG
+  exit -1
+fi
+
+# setup identity store (LDAP) stuff - has to be done after traf_sqgen completes
 if [[ "$LDAP_SECURITY" == "Y" ]]; then
    $LOCAL_WORKDIR/traf_add_ldap | tee -a $INSTALL_LOG
    if [ ${PIPESTATUS[0]} != "0" ]; then
@@ -739,14 +755,8 @@ if [[ "$LDAP_SECURITY" == "Y" ]]; then
    fi
 fi
 
-# Install and configure CLI for Cloud environments
-if  [ "$ENABLE_HA" == "true" ] && [[ $CLOUD_CONFIG == "Y" ]] && [[ 
$all_node_count -gt 1 ]]; then
-  echo "***INFO: Install and configure CLI for Cloud"
-  $TRAF_WORKDIR/installer/cloud_cli_setup
-fi
 
 if [[ $START_ALL == "Y" ]]; then
-   sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_sqgen" 
2>&1 | tee -a $INSTALL_LOG
    sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_start" 
2>&1 | tee -a $INSTALL_LOG
 
    if [ ${PIPESTATUS[0]} != "0" ]; then

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_uninstaller
----------------------------------------------------------------------
diff --git a/install/installer/trafodion_uninstaller 
b/install/installer/trafodion_uninstaller
index b0ec497..553cacd 100755
--- a/install/installer/trafodion_uninstaller
+++ b/install/installer/trafodion_uninstaller
@@ -110,9 +110,9 @@ if [[ "$SECURE_HADOOP" == "Y" ]]; then
 
    echo "***INFO: Stopping Kerberos ticket monitoring process"
    if [ $all_node_count -eq 1 ]; then
-      sudo su $TRAF_USER --login --command "$SQ_ROOT/sql/scripts/krb5service 
stop"
+      sudo su $TRAF_USER --login --command "$SQ_ROOT/sql/scripts/krb5service 
stop 2>/dev/null"
    else
-      $TRAF_PDSH "sudo su $TRAF_USER --login --command 
\"$SQ_ROOT/sql/scripts/krb5service stop\""
+      $TRAF_PDSH "sudo su $TRAF_USER --login --command 
\"$SQ_ROOT/sql/scripts/krb5service stop 2>/dev/null\""
    fi 
 fi

Reply via email to