> On June 9, 2016, 8:42 a.m., Andrew Onischuk wrote:
> > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logfeeder.py,
> >  line 47
> > <https://reviews.apache.org/r/48348/diff/2/?file=1411328#file1411328line47>
> >
> >     Why do we run logsearch components as root? This is not recommended and 
> > our users don't have this sudo permission
> 
> Andrew Onischuk wrote:
>     We can ensure that logs are readable by hadoop group. And run logsearch 
> as before (having logsearch user in hadoop group)

>From our skype discussion I found out that the problem with this apporach is 
>because we need to read ambari-server and ambari-agent logs.
Since some customers are very cautious about running things as root, especially 
daemons. I propose do some way around to fix this.
Here is my proposal:

Add logfeeder user to hadoop group, ambari-server user default group, 
ambari-agent default group.
We can do that pre-start of logfeeder to make sure we get the lastest actual 
group.

How to know the ambari groups.
- ambari-agent is easy to know while starting logfeeder. It is the group of the 
user running the process
- ambari-server group is a little bit trickier to know. We can we group of the 
owner of /var/log/ambari-server

@Oliver @Sumit Mohanty let's discuss here if we need to implement this in such 
a way.


- Andrew


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48348/#review136775
-----------------------------------------------------------


On June 9, 2016, 8:19 a.m., Oliver Szabo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48348/
> -----------------------------------------------------------
> 
> (Updated June 9, 2016, 8:19 a.m.)
> 
> 
> Review request for Ambari, Andrew Onischuk, Don Bosco Durai, Miklos Gergely, 
> Robert Nettleton, Sumit Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-17089
>     https://issues.apache.org/jira/browse/AMBARI-17089
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> - Change logfeeder process/files to use sudo user instead of 
> logfeeder/logfeeder user/group (to make sure logfeeder can read any kind of 
> the logs).
> - solr and logsearch user both moved to hadoop group
> 
> 
> Diffs
> -----
> 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
>  b099a1e 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py
>  5799288 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
>  09a86f2 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logfeeder-env.xml
>  46ac4c2 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-env.xml
>  7943cd0 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
>  65dc378 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-solr-env.xml
>  73fecb6 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logfeeder.py
>  c0689f3 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch.py
>  2b5fdf7 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch_common.py
>  d0ac389 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch_solr.py
>  b55f3d6 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
>  7acdec2 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py
>  5ca2bd5 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
>  58239c7 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch_solr.py
>  6e71334 
>   ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 
> bfd07b2 
>   ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logfeeder.py 
> 54e08e4 
>   ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py 
> bfe6921 
>   ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_solr.py 0590dca 
>   ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py 7127451 
>   ambari-server/src/test/python/stacks/2.5/configs/default.json 1015593 
>   ambari-web/app/data/HDP2/site_properties.js 794da25 
> 
> Diff: https://reviews.apache.org/r/48348/diff/
> 
> 
> Testing
> -------
> 
> FT: tested locally with 4 node cluster with umask 0027.
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Reply via email to