Re: Review Request 27208: Ambari: Add oozie install user as an Oozie admin user

Sun, 26 Oct 2014 09:06:54 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/
-----------------------------------------------------------

(Updated Oct. 26, 2014, 4:06 p.m.)


Review request for Ambari, Andrew Onischuk and Dmytro Sen.


Bugs: AMBARI-7976
    https://issues.apache.org/jira/browse/AMBARI-7976


Repository: ambari


Description
-------

Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users

  * have write access to all jobs
  * have write access to admin operations

When authorization server security is enabled by config property  
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.

Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt

See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration

Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.

We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt

This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.


Diffs (updated)
-----

  
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
 3d92d64 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 
9d4247e 
  
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py
 bba2e09 
  
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py
 3960904 
  
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2
 PRE-CREATION 
  
ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml
 4a8eab7 
  ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96 

Diff: https://reviews.apache.org/r/27208/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk

Reply via email to