AMBARI-11839. 'Oozie Server Status' alert fails on non-root agent (aonishuk)

ambari-common/src/main/python/resource_management/core/shell.py

@@ -232,6 +232,7 @@ def _call(command, logoutput=None, throw_on_failure=True, stdout=subprocess.PIPE
       proc.stdout: "",
       proc.stderr: ""
     }
+    all_output = ""
                   
     while read_set:
       ready, _, _ = select.select(read_set, [], [])
@@ -245,6 +246,7 @@ def _call(command, logoutput=None, throw_on_failure=True, stdout=subprocess.PIPE
             continue
           
           fd_to_string[out_fd] += line
+          all_output += line
             
           if on_new_line:
             try:
@@ -263,6 +265,7 @@ def _call(command, logoutput=None, throw_on_failure=True, stdout=subprocess.PIPE
       
   out = fd_to_string[proc.stdout].strip('\n')
   err = fd_to_string[proc.stderr].strip('\n')
+  all_output = all_output.strip('\n')
   
   if timeout: 
     if not timeout_event.is_set():
@@ -275,7 +278,7 @@ def _call(command, logoutput=None, throw_on_failure=True, stdout=subprocess.PIPE
   code = proc.returncode
   
   if throw_on_failure and code:
-    err_msg = Logger.filter_text(("Execution of '%s' returned %d. %s") % (command_alias, code, out))
+    err_msg = Logger.filter_text(("Execution of '%s' returned %d. %s") % (command_alias, code, all_output))
     raise Fail(err_msg)
   
   # if separate stderr is enabled (by default it's redirected to out)

ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py

@@ -22,7 +22,6 @@ Ambari Agent
 import re
 import os
 from resource_management.core.environment import Environment
-from resource_management.core import sudo
 from resource_management.core.base import Fail
 from resource_management.core.resources.system import Execute
 from resource_management.core.resources.system import File
@@ -37,7 +36,6 @@ from resource_management.libraries.functions import namenode_ha_utils
 import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
 import subprocess
 
-ERR_FILE = "hdfs_resource.err"
 JSON_PATH = '/var/lib/ambari-agent/data/hdfs_resources.json'
 JAR_PATH = '/var/lib/ambari-agent/lib/fast-hdfs-resource.jar'
 
@@ -177,9 +175,7 @@ class WebHDFSUtil:
     if file_to_put and not os.path.exists(file_to_put):
       raise Fail(format("File {file_to_put} is not found."))
     
-    err_file = os.path.join(Script.get_tmp_dir(), ERR_FILE)
-    
-    cmd = ["curl", "-L", "-w", "%{http_code}", "-X", method]
+    cmd = ["curl", "-sS","-L", "-w", "%{http_code}", "-X", method]
     
     if file_to_put:
       cmd += ["-T", file_to_put]
@@ -189,7 +185,7 @@ class WebHDFSUtil:
       cmd += ["-k"]
       
     cmd.append(url)
-    _, out = shell.checked_call(cmd, user=self.run_user, logoutput=self.logoutput, quiet=False, stderr=err_file)
+    _, out, err = shell.checked_call(cmd, user=self.run_user, logoutput=self.logoutput, quiet=False, stderr=subprocess.PIPE)
     status_code = out[-3:]
     out = out[:-3] # remove last line from output which is status code
     
@@ -200,7 +196,7 @@ class WebHDFSUtil:
           
     if status_code not in WebHDFSUtil.valid_status_codes+ignore_status_codes or assertable_result and result_dict and not result_dict['boolean']:
       formatted_output = json.dumps(result_dict, indent=2) if isinstance(result_dict, dict) else result_dict
-      formatted_output = sudo.read_file(err_file) + formatted_output
+      formatted_output = err + "\n" + formatted_output
       err_msg = "Execution of '%s' returned status_code=%s. %s" % (shell.string_cmd_from_args_list(cmd), status_code, formatted_output)
       raise Fail(err_msg)
     

ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py

@@ -39,6 +39,7 @@ OOZIE_URL_KEY = '{{oozie-site/oozie.base.url}}'
 SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
 OOZIE_PRINCIPAL = '{{oozie-site/oozie.authentication.kerberos.principal}}'
 OOZIE_KEYTAB = '{{oozie-site/oozie.authentication.kerberos.keytab}}'
+OOZIE_USER = '{{oozie-env/oozie_user}}'
 OOZIE_CONF_DIR = '/usr/hdp/current/oozie-server/conf'
 OOZIE_CONF_DIR_LEGACY = '/etc/oozie/conf'
 
@@ -58,7 +59,7 @@ def get_tokens():
   Returns a tuple of tokens in the format {{site/property}} that will be used
   to build the dictionary passed into execute
   """
-  return (OOZIE_URL_KEY, OOZIE_PRINCIPAL, SECURITY_ENABLED, OOZIE_KEYTAB, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY)
+  return (OOZIE_URL_KEY, OOZIE_PRINCIPAL, SECURITY_ENABLED, OOZIE_KEYTAB, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY, OOZIE_USER)
 
 @OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
 def get_check_command(oozie_url, host_name, configurations):
@@ -67,10 +68,15 @@ def get_check_command(oozie_url, host_name, configurations):
   oozie_home = os.environ['OOZIE_HOME']
   oozie_cmd = os.path.join(oozie_home, 'bin', 'oozie.cmd')
   command = format("cmd /c {oozie_cmd} admin -oozie {oozie_url} -status")
-  return (command, None)
+  return (command, None, None)
 
 @OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
 def get_check_command(oozie_url, host_name, configurations):
+  if OOZIE_USER in configurations:
+    oozie_user = configurations[OOZIE_USER]
+  else:
+    raise Exception("Oozie user is required")
+    
   security_enabled = False
   if SECURITY_ENABLED in configurations:
     security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
@@ -103,13 +109,16 @@ def get_check_command(oozie_url, host_name, configurations):
     # Determine if we need to kinit by testing to see if the relevant cache exists and has
     # non-expired tickets.  Tickets are marked to expire after 5 minutes to help reduce the number
     # it kinits we do but recover quickly when keytabs are regenerated
-    return_code, _ = call(klist_command)
+    return_code, _ = call(klist_command, user=oozie_user)
     if return_code != 0:
       kinit_path_local = get_kinit_path(kerberos_executable_search_paths)
       kinit_command = format("{kinit_path_local} -l 5m -kt {oozie_keytab} {oozie_principal}; ")
 
       # kinit
-      Execute(kinit_command, environment=kerberos_env)
+      Execute(kinit_command, 
+              environment=kerberos_env,
+              user=oozie_user,
+      )
 
   # oozie configuration directory uses a symlink when > HDP 2.2
   oozie_config_directory = OOZIE_CONF_DIR_LEGACY
@@ -119,7 +128,7 @@ def get_check_command(oozie_url, host_name, configurations):
   command = "source {0}/oozie-env.sh ; oozie admin -oozie {1} -status".format(
     oozie_config_directory, oozie_url)
 
-  return (command, kerberos_env)
+  return (command, kerberos_env, oozie_user)
 
 def execute(configurations={}, parameters={}, host_name=None):
   """
@@ -145,9 +154,12 @@ def execute(configurations={}, parameters={}, host_name=None):
   oozie_url = oozie_url.replace(urlparse(oozie_url).hostname,localhost_address)
 
   try:
-    command, env = get_check_command(oozie_url, host_name, configurations)
+    command, env, oozie_user = get_check_command(oozie_url, host_name, configurations)
     # execute the command
-    Execute(command, environment=env)
+    Execute(command, 
+            environment=env,
+            user=oozie_user,
+    )
 
     return (RESULT_CODE_OK, ["Successful connection to {0}".format(oozie_url)])
   except KerberosPropertiesNotFound, ex: