[jira] [Commented] (AMBARI-7976) Ambari: Add oozie install user as an Oozie admin user

Sun, 26 Oct 2014 10:08:15 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-7976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184545#comment-14184545
 ] 

Hudson commented on AMBARI-7976:
--------------------------------

SUCCESS: Integrated in Ambari-branch-1.7.0 #219 (See 
[https://builds.apache.org/job/Ambari-branch-1.7.0/219/])
AMBARI-7976. Ambari: Add oozie install user as an Oozie admin user (aonishuk) 
(aonishuk: 
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=07fc52128c614320f6a9ccffc9096cc08ae0bc36)
* ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py
* ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml
* 
ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml
* 
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py
* 
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
* 
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py
* 
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2


> Ambari: Add oozie install user as an Oozie admin user
> -----------------------------------------------------
>
>                 Key: AMBARI-7976
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7976
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 1.6.0
>
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>   * have write access to all jobs
>   * have write access to admin operations
> When authorization server security is enabled by config property  
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to