-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56671/
-----------------------------------------------------------
(Updated Feb. 16, 2017, 3:57 p.m.)
Review request for Ambari, Miklos Gergely, Mugdha Varadkar, and Robert
Nettleton.
Changes
-------
small additions:
- make sure both security.json are generated
- do not accept spaces for custom-security.json
- change both security.json files permission
Bugs: AMBARI-20013
https://issues.apache.org/jira/browse/AMBARI-20013
Repository: ambari
Description
-------
- make sure solr keytab and solr user is created on logsearch/ranger/atlas hosts
- created a new solr_cloud_util method called add roles (curl for adding user
roles)
- updated secure znode method (adding infra-solr by default)
- move generated security.json into a static file
- added a custom security.json which can be used instead of the generated
security.json
In ranger/atlas stack, the following calls can be used for securing znode and
update user-roles:
solr_cloud_util.secure_znode(config=params.config,
zookeeper_quorum=params.zookeeper_quorum,
solr_znode=format("{infra_solr_znode}/collections/mycollectionznode"),
jaas_file=params.logsearch_jaas_file,
java64_home=params.java64_home,
sasl_users=["myuser1@HOST", "myuser2"])
and
solr_cloud_util.add_solr_roles(params.config,
roles = ["ranger_audit_user"],
new_service_principals = ["audituser1",
"audituser2"])
about ranger plugins:
there is a way to use these methods in other services like storm etc. , the
problem is its needed to infra-solr be started, so if we include these in a lot
of other services, it can really slows down the deployment. that is the reason
why i kept the property dependencies in infra-solr-security-json config. other
then that, with the changes ranger can start successfully if its added later to
the cluster, and for plugins, infra-solr will be flagged to be restarted.
Diffs (updated)
-----
ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
4628211
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-security-json.xml
e193a8c
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py
ab9aa61
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py
8d72f42
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2
PRE-CREATION
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-security.json.j2
ed764f0
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py
2232bb2
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
682fc9f
ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
bc8e351
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
49d1b10
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
fecd802
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
ba91e20
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
0b4532b
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
ae49c4f
ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
253e32e
ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py
1bbf75e
ambari-server/src/test/python/stacks/2.3/configs/secure.json 4501b81
ambari-server/src/test/python/stacks/2.4/AMBARI_INFRA/test_infra_solr.py
cd88fec
ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py db9cbb9
ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py b01e7da
ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py 8dda363
Diff: https://reviews.apache.org/r/56671/diff/
Testing
-------
unit tests done.
Thanks,
Oliver Szabo
