Accueil Explorer Aide
Connexion
apache
/
ambari
miroir de https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

AMBARI-8012. Slider View: Creating apps with default user (yarn) wont work on secured HDP cluster (srimanth)

Srimanth Gunturi il y a 10 ans
Parent
e1ad9d3f38
commit
54cba9cac6
2 fichiers modifiés avec 20 ajouts et 6 suppressions
Vue séparée Afficher les stats Diff
  1. 10 6
      contrib/views/slider/docs/index.md
  2. 10 0
      contrib/views/slider/src/main/java/org/apache/ambari/view/slider/SliderAppsViewControllerImpl.java

+ 10 - 6
contrib/views/slider/docs/index.md
Voir le fichier 

@@ -120,12 +120,14 @@ By default, the following keytabs have to be created for specific Apps. This use
 
 #### HBase
 
 For each host `host-name` in the cluster, do the following 
 
-*  ```
 
+* 
+```
 
 kadmin.local -q "addprinc -randkey slider-user/[host-name]@EXAMPLE.COM"
 
 ```
 
-Next, extract identity into a single keytab file 
+Next, extract identities on all hosts into a single keytab file 
 
-*  ```
 
+* 
+```
 
 kadmin.local -q "xst -k /path/to/keytab/slider-user.HBASE.service.keytab slider-user/[host-name]@EXAMPLE.COM"
 
 ```
 
 
@@ -140,12 +142,14 @@ Change file permissions so that only necessary users can access it.
 
 #### Storm
 
 For each host `host-name` in the cluster, do the following 
 
-*  ```
 
+* 
+```
 
 kadmin.local -q "addprinc -randkey slider-user/[host-name]@EXAMPLE.COM"
 
 ```
 
-Next, extract keytab file 
+Next, extract all identities into a single keytab file 
 
-*  ```
 
+* 
+```
 
 kadmin.local -q "xst -k /path/to/keytab/slider-user.STORM.nimbus.keytab slider-user/[host-name]@EXAMPLE.COM"
 
 kadmin.local -q "xst -k /path/to/keytab/slider-user.STORM.client.keytab slider-user/[host-name]@EXAMPLE.COM"
 
 ```

+ 10 - 0
contrib/views/slider/src/main/java/org/apache/ambari/view/slider/SliderAppsViewControllerImpl.java
Voir le fichier 

@@ -218,6 +218,16 @@ public class SliderAppsViewControllerImpl implements SliderAppsViewController {
 
               newHadoopConfigs.put("yarn_user", yarnUser); // YARN service user
 
             }
 
             newHadoopConfigs.put("slider.user", getUserToRunAs(newHadoopConfigs)); // Slider user
 
+            if (newHadoopConfigs.containsKey("security_enabled")) {
 
+              boolean securityEnabled = Boolean.valueOf(newHadoopConfigs.get("security_enabled"));
 
+              if (securityEnabled) {
 
+                String yarnUser = newHadoopConfigs.get("yarn_user");
 
+                if (yarnUser != null && yarnUser.equals(newHadoopConfigs.get("slider.user"))) {
 
+                  status.getValidations().add(
 
+                      new ViewStatus.Validation("Slider view does not support accessing secured YARN cluster as YARN superuser (" + yarnUser + ")"));
 
+                }
 
+              }
 
+            }
 
             if (cluster.getDesiredConfigs().containsKey("zookeeper-env")) {
 
               Map<String, String> zkEnvConfigs = ambariClient.getConfiguration(
 
                   cluster, "zookeeper-env",