Repository: bigtop Updated Branches: refs/heads/master e6261d80f -> b2d94ebec
BIGTOP-2028: Enhance puppet config of zookeeper to support kerberized clients Project: http://git-wip-us.apache.org/repos/asf/bigtop/repo Commit: http://git-wip-us.apache.org/repos/asf/bigtop/commit/b2d94ebe Tree: http://git-wip-us.apache.org/repos/asf/bigtop/tree/b2d94ebe Diff: http://git-wip-us.apache.org/repos/asf/bigtop/diff/b2d94ebe Branch: refs/heads/master Commit: b2d94ebecc4fe31fe2c343184ffc14167a4ccca2 Parents: e6261d8 Author: Olaf Flebbe <o.fle...@science-computing.de> Authored: Thu Oct 8 13:54:25 2015 +0000 Committer: Olaf Flebbe <o...@ofleb.be> Committed: Fri Nov 6 21:44:53 2015 +0100 ---------------------------------------------------------------------- .../modules/hadoop_zookeeper/files/java.env | 3 +- .../modules/hadoop_zookeeper/manifests/init.pp | 58 ++++++++++++++------ .../hadoop_zookeeper/templates/client-jaas.conf | 22 ++++++++ .../hadoop_zookeeper/templates/jaas.conf | 25 --------- .../hadoop_zookeeper/templates/server-jaas.conf | 25 +++++++++ 5 files changed, 89 insertions(+), 44 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env ---------------------------------------------------------------------- diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env index 6aca488..0bde871 100644 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env @@ -12,4 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/jaas.conf" +export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/server-jaas.conf" +export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/client-jaas.conf" http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp ---------------------------------------------------------------------- diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp index 7bbfcfd..6965090 100644 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp @@ -13,7 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -class hadoop_zookeeper { +class hadoop_zookeeper ( + $kerberos_realm = "", +) { class deploy ($roles) { if ("zookeeper-client" in $roles) { @@ -25,19 +27,45 @@ class hadoop_zookeeper { } } - class client { + class common ( + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + if ($kerberos_realm) { + file { '/etc/zookeeper/conf/java.env': + source => 'puppet:///modules/hadoop_zookeeper/java.env', + } + Package<| title == 'zookeeper' |> -> File['/etc/zookeeper/conf/java.env'] + Package<| title == 'zookeeper-server' |> -> File['/etc/zookeeper/conf/java.env'] + File['/etc/zookeeper/conf/java.env'] ~> Service<| title == 'zookeeper-server' |> + } + } + + class client ( + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + include common + package { "zookeeper": ensure => latest, require => Package["jdk"], - } + } + + if ($kerberos_realm) { + file { '/etc/zookeeper/conf/client-jaas.conf': + content => template('hadoop_zookeeper/client-jaas.conf'), + require => Package['zookeeper'], + } + } } class server($myid, $port = "2181", $datadir = "/var/lib/zookeeper", $ensemble = ["localhost:2888:3888"], - $kerberos_realm = "") - { + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + include common + package { "zookeeper-server": ensure => latest, require => Package["jdk"], @@ -45,13 +73,13 @@ class hadoop_zookeeper { service { "zookeeper-server": ensure => running, - require => [ Package["zookeeper-server"], + require => [ Package["zookeeper-server"], Exec["zookeeper-server-initialize"] ], subscribe => [ File["/etc/zookeeper/conf/zoo.cfg"], File["/var/lib/zookeeper/myid"] ], hasrestart => true, hasstatus => true, - } + } file { "/etc/zookeeper/conf/zoo.cfg": content => template("hadoop_zookeeper/zoo.cfg"), @@ -62,7 +90,7 @@ class hadoop_zookeeper { content => inline_template("<%= @myid %>"), require => Package["zookeeper-server"], } - + exec { "zookeeper-server-initialize": command => "/usr/bin/zookeeper-server-initialize", user => "zookeeper", @@ -74,19 +102,13 @@ class hadoop_zookeeper { require kerberos::client kerberos::host_keytab { "zookeeper": - spnego => true, - notify => Service["zookeeper-server"], + spnego => true, require => Package["zookeeper-server"], + before => Service["zookeeper-server"], } - file { "/etc/zookeeper/conf/java.env": - source => "puppet:///modules/hadoop_zookeeper/java.env", - require => Package["zookeeper-server"], - notify => Service["zookeeper-server"], - } - - file { "/etc/zookeeper/conf/jaas.conf": - content => template("hadoop_zookeeper/jaas.conf"), + file { "/etc/zookeeper/conf/server-jaas.conf": + content => template("hadoop_zookeeper/server-jaas.conf"), require => Package["zookeeper-server"], notify => Service["zookeeper-server"], } http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf ---------------------------------------------------------------------- diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf new file mode 100644 index 0000000..55ff396 --- /dev/null +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf @@ -0,0 +1,22 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +Client { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=false + useTicketCache=true; +}; http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf ---------------------------------------------------------------------- diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf deleted file mode 100644 index 61b2eac..0000000 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * <p/> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p/> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -Server { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=true - keyTab="/etc/zookeeper.keytab" - storeKey=true - useTicketCache=false - principal="zookeeper/<%= @fqdn %>@<%= @kerberos_realm %>"; -}; http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf ---------------------------------------------------------------------- diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf new file mode 100644 index 0000000..61b2eac --- /dev/null +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +Server { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="/etc/zookeeper.keytab" + storeKey=true + useTicketCache=false + principal="zookeeper/<%= @fqdn %>@<%= @kerberos_realm %>"; +};