> On June 9, 2016, 8:42 a.m., Andrew Onischuk wrote: > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logfeeder.py, > > line 47 > > <https://reviews.apache.org/r/48348/diff/2/?file=1411328#file1411328line47> > > > > Why do we run logsearch components as root? This is not recommended and > > our users don't have this sudo permission > > Andrew Onischuk wrote: > We can ensure that logs are readable by hadoop group. And run logsearch > as before (having logsearch user in hadoop group) > > Andrew Onischuk wrote: > From our skype discussion I found out that the problem with this apporach > is because we need to read ambari-server and ambari-agent logs. > Since some customers are very cautious about running things as root, > especially daemons. I propose do some way around to fix this. > Here is my proposal: > > Add logfeeder user to hadoop group, ambari-server user default group, > ambari-agent default group. > We can do that pre-start of logfeeder to make sure we get the lastest > actual group. > > How to know the ambari groups. > - ambari-agent is easy to know while starting logfeeder. It is the group > of the user running the process > - ambari-server group is a little bit trickier to know. We can we group > of the owner of /var/log/ambari-server > > @Oliver @Sumit Mohanty let's discuss here if we need to implement this in > such a way.
The problem with this approach would be that - if this we change group for ambari-agent or ambari-server we will have to restart logfeeder. - for now ambari-server log files don't have users applied to them. So after upgrade from older Ambari's we will have a problem. drwxr-xr-x. 10 slava root 4096 Jun 9 03:41 ambari-server -rw-r-----. 1 slava root 50099 Jun 9 08:44 ambari-alerts.log -rw-r-----. 1 slava root 2776258 Jun 9 09:36 ambari-audit.log -rw-r-----. 1 slava root 15769 Jun 9 08:55 ambari-config-changes.log -rw-r-----. 1 slava root 14417 Jun 9 08:48 ambari-eclipselink.log -rw-r-----. 1 slava root 8575 Jun 9 08:48 ambari-server-check-database.log -rw-r-----. 1 slava root 5289611 Jun 9 09:36 ambari-server.log -rw-r-----. 1 slava slava 374 Jun 9 07:13 ambari-server.out - Andrew ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48348/#review136775 ----------------------------------------------------------- On June 9, 2016, 8:19 a.m., Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48348/ > ----------------------------------------------------------- > > (Updated June 9, 2016, 8:19 a.m.) > > > Review request for Ambari, Andrew Onischuk, Don Bosco Durai, Miklos Gergely, > Robert Nettleton, Sumit Mohanty, and Sebastian Toader. > > > Bugs: AMBARI-17089 > https://issues.apache.org/jira/browse/AMBARI-17089 > > > Repository: ambari > > > Description > ------- > > - Change logfeeder process/files to use sudo user instead of > logfeeder/logfeeder user/group (to make sure logfeeder can read any kind of > the logs). > - solr and logsearch user both moved to hadoop group > > > Diffs > ----- > > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py > b099a1e > > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py > 5799288 > > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py > 09a86f2 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logfeeder-env.xml > 46ac4c2 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-env.xml > 7943cd0 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml > 65dc378 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-solr-env.xml > 73fecb6 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logfeeder.py > c0689f3 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch.py > 2b5fdf7 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch_common.py > d0ac389 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/logsearch_solr.py > b55f3d6 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py > 7acdec2 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logfeeder.py > 5ca2bd5 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py > 58239c7 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch_solr.py > 6e71334 > ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py > bfd07b2 > ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logfeeder.py > 54e08e4 > ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py > bfe6921 > ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_solr.py 0590dca > ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py 7127451 > ambari-server/src/test/python/stacks/2.5/configs/default.json 1015593 > ambari-web/app/data/HDP2/site_properties.js 794da25 > > Diff: https://reviews.apache.org/r/48348/diff/ > > > Testing > ------- > > FT: tested locally with 4 node cluster with umask 0027. > > > Thanks, > > Oliver Szabo > >