This is an automated email from the ASF dual-hosted git repository.
echekanskiy pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new c37068a AMBARI-22847. Let HBase use ZK principal name set by users
when enabling Kerberos (until now it's been hardcoded to 'zookeeper')
c37068a is described below
commit c37068ae4f700dc96900adf5b0e8bc36b8cd2fd3
Author: Sandor Molnar <smol...@hortonworks.com>
AuthorDate: Fri Jan 26 13:36:33 2018 +0100
AMBARI-22847. Let HBase use ZK principal name set by users when enabling
Kerberos (until now it's been hardcoded to 'zookeeper')
---
.../common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml | 2 +-
.../common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
index b36ac00..ff9d6fa 100644
---
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
+++
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/configuration/hbase-env.xml
@@ -230,7 +230,7 @@ JDK_DEPENDED_OPTS="-XX:PermSize=128m -XX:MaxPermSize=128m"
{% endif %}
{% if security_enabled %}
-export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC
-XX:ErrorFile={{log_dir}}/hs_err_pid%p.log
-Djava.security.auth.login.config={{client_jaas_config_file}}
-Djava.io.tmpdir={{java_io_tmpdir}}"
+export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC
-XX:ErrorFile={{log_dir}}/hs_err_pid%p.log
-Djava.security.auth.login.config={{client_jaas_config_file}}
-Djava.io.tmpdir={{java_io_tmpdir}} {{zk_security_opts}}"
export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}}
-Djava.security.auth.login.config={{master_jaas_config_file}}
-Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS
-Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70
-XX:ReservedCodeCacheSize=256m -Xms{{regionserver_heapsize}}
-Xmx{{regionserver_heapsize}}
-Djava.security.auth.login.config={{regionserver_jaas_config_file}}
-Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
export PHOENIX_QUERYSERVER_OPTS="$PHOENIX_QUERYSERVER_OPTS
-Djava.security.auth.login.config={{queryserver_jaas_config_file}}"
diff --git
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
index b7e2b89..d8b26fc 100644
---
a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
+++
b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/package/scripts/params_linux.py
@@ -184,6 +184,9 @@ service_check_data = get_unique_id_and_date()
user_group = config['configurations']['cluster-env']["user_group"]
if security_enabled:
+ zk_principal_name =
default("/configurations/zookeeper-env/zookeeper_principal_name",
"zookeeper/_h...@example.com")
+ zk_principal_user = zk_principal_name.split('/')[0]
+ zk_security_opts = format('-Dzookeeper.sasl.client=true
-Dzookeeper.sasl.client.username={zk_principal_user}
-Dzookeeper.sasl.clientconfig=Client')
_hostname_lowercase = config['hostname'].lower()
master_jaas_princ =
config['configurations']['hbase-site']['hbase.master.kerberos.principal'].replace('_HOST',_hostname_lowercase)
master_keytab_path =
config['configurations']['hbase-site']['hbase.master.keytab.file']
--
To stop receiving notification emails like this one, please contact
echekans...@apache.org.
