AMBARI-2201. Hbase master and regionserver should use same keytab. (jaimin)

git-svn-id: https://svn.apache.org/repos/asf/incubator/ambari/trunk@1487115 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -895,6 +895,8 @@ Trunk (unreleased changes):
 
  BUG FIXES
 
+ AMBARI-2201. Hbase master and regionserver should use same keytab. (jaimin)
+
  AMBARI-2162. HBase master stop fails while stopping all services in
  secure cluster. (jaimin)
 

ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp

@@ -87,9 +87,8 @@ class hdp-hbase::params() inherits hdp::params
   $hbase_master_jaas_config_file = hdp_default("hbase_master_jaas_config_file", "${conf_dir}/hbase_master_jaas.conf")
   $hbase_regionserver_jaas_config_file = hdp_default("hbase_regionserver_jaas_config_file", "${conf_dir}/hbase_regionserver_jaas.conf")
 
-  $hbase_master_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab")
+  $hbase_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab")
   $hbase_master_principal = hdp_default("hbase-site/hbase.master.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
-  $hbase_regionserver_keytab_path = hdp_default("hbase-site/hbase.regionserver.keytab.file", "${keytab_path}/hbase.service.keytab")
   $hbase_regionserver_principal = hdp_default("hbase-site/hbase.regionserver.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
 
   $hbase_primary_name = hdp_default("hbase_primary_name", "hbase")

ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb

@@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 storeKey=true
 useTicketCache=false
-keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_keytab_path")%>"
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>"
 principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>";
 };

ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb

@@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 storeKey=true
 useTicketCache=false
-keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_keytab_path")%>"
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>"
 principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>";
 };

ambari-web/app/data/secure_configs.js

@@ -86,8 +86,7 @@ module.exports = [
     displayName: 'HBase',
     filename: 'hbase-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'HBase Master', displayName: 'HBase Master'}),
-      App.ServiceConfigCategory.create({ name: 'RegionServer', displayName: 'RegionServer'})
+      App.ServiceConfigCategory.create({ name: 'HBase', displayName: 'HBase'})
     ],
     sites: ['hbase-site'],
     configs: configProperties.filterProperty('serviceName', 'HBASE')
@@ -96,7 +95,7 @@ module.exports = [
     serviceName: 'ZOOKEEPER',
     displayName: 'ZooKeeper',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'ZooKeeper Server'})
+      App.ServiceConfigCategory.create({ name: 'ZooKeeper Server', displayName: 'ZooKeeper Server'})
     ],
     configs: configProperties.filterProperty('serviceName', 'ZOOKEEPER')
 
@@ -106,7 +105,7 @@ module.exports = [
     displayName: 'Oozie',
     filename: 'oozie-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'Oozie Server'})
+      App.ServiceConfigCategory.create({ name: 'Oozie Server', displayName:  'Oozie Server'})
     ],
     sites: ['oozie-site'],
     configs: configProperties.filterProperty('serviceName', 'OOZIE')

ambari-web/app/data/secure_mapping.js

@@ -111,16 +111,16 @@ module.exports = [
   },
   {
     "name": "dfs.datanode.address",
-    "templateName": [],
+    "templateName": ["dfs_datanode_address"],
     "foreignKey": null,
-    "value": "0.0.0.0:1019",
+    "value": "0.0.0.0:<templateName[0]>",
     "filename": "hdfs-site.xml"
   },
   {
     "name": "dfs.datanode.http.address",
-    "templateName": [],
+    "templateName": ["dfs_datanode_http_address"],
     "foreignKey": null,
-    "value": "0.0.0.0:1022",
+    "value": "0.0.0.0:<templateName[0]>",
     "filename": "hdfs-site.xml"
   },
   {
@@ -160,7 +160,7 @@ module.exports = [
   },
   {
     "name": "hbase.master.keytab.file",
-    "templateName": ["hbase_master_keytab"],
+    "templateName": ["hbase_service_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hbase-site.xml"
@@ -174,7 +174,7 @@ module.exports = [
   },
   {
     "name": "hbase.regionserver.keytab.file",
-    "templateName": ["regionserver_keytab"],
+    "templateName": ["hbase_service_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hbase-site.xml"
@@ -348,13 +348,6 @@ module.exports = [
     "value": "true",
     "filename": "hbase-site.xml"
   },
-  {
-    "name": "hbase.coprocessor.region.classes",
-    "templateName": [],
-    "foreignKey": null,
-    "value": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController",
-    "filename": "hbase-site.xml"
-  },
   {
     "name": "hbase.bulkload.staging.dir",
     "templateName": [],

ambari-web/app/data/secure_properties.js

@@ -23,7 +23,7 @@ module.exports =
       "name": "security_enabled",
       "displayName": "Enable security",
       "value": "",
-      "defaultValue":true,
+      "defaultValue":"true",
       "description": "Enable kerberos security for the cluster",
       "isVisible": false,
       "isOverridable": false,
@@ -162,6 +162,32 @@ module.exports =
       "serviceName": "HDFS",
       "category": "SNameNode"
     },
+    {
+      "id": "puppet var",
+      "name": "dfs_datanode_address",
+      "displayName": "Datanode address",
+      "value": "",
+      "defaultValue": "1019",
+      "description": "Address for DataNode",
+      "displayType": "principal",
+      "isVisible": false,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "DataNode"
+    },
+    {
+      "id": "puppet var",
+      "name": "dfs_datanode_http_address",
+      "displayName": "Datanode HTTP address",
+      "value": "",
+      "defaultValue": "1022",
+      "description": "Address for DataNode",
+      "displayType": "principal",
+      "isVisible": false,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "DataNode"
+    },
     {
       "id": "puppet var",
       "name": "datanode_primary_name",
@@ -249,7 +275,7 @@ module.exports =
       "displayName": "Primary name",
       "value": "",
       "defaultValue": "hbase",
-      "description": "Primary name for HBase master",
+      "description": "Primary name for HBase",
       "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
@@ -258,29 +284,16 @@ module.exports =
     },
     {
       "id": "puppet var",
-      "name": "hbase_master_keytab",
+      "name": "hbase_service_keytab",
       "displayName": "Path to Keytab file",
       "value": "",
-      "defaultValue": "/etc/security/keytabs/hm.service.keytab",
+      "defaultValue": "/etc/security/keytabs/hbase.service.keytab",
       "description": "keytab for HBase master",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HBASE",
-      "category": "HBase Master"
-    },
-    {
-      "id": "puppet var",
-      "name": "regionserver_keytab",
-      "displayName": "Path to Keytab file",
-      "value": "",
-      "defaultValue": "/etc/security/keytabs/rs.service.keytab",
-      "description": "keytab for RegionServer",
-      "displayType": "directory",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "HBASE",
-      "category": "RegionServer"
+      "category": "HBase"
     },
 
     //HIVE