11 年之前 · 674765b6f1
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/configuration/storm-site.xml
@@ -118,7 +118,7 @@
 
				   </property>
			
 
				   <property>
			
 
				     <name>nimbus.childopts</name>
			
 
				-    <value>-Xmx1024m -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8649,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value>
			
 
				+    <value>-Xmx1024m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8649,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value>
			
 
				     <description>This parameter is used by the storm-deploy project to configure the jvm options for the nimbus daemon.</description>
			
 
				   </property>
			
 
				   <property>
			
@@ -188,7 +188,7 @@
 
				   </property>
			
 
				   <property>
			
 
				     <name>ui.childopts</name>
			
 
				-    <value>-Xmx768m</value>
			
 
				+    <value>-Xmx768m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf</value>
			
 
				     <description>Childopts for Storm UI Java process.</description>
			
 
				   </property>
			
 
				   <property>
			
@@ -264,7 +264,7 @@
 
				   </property>
			
 
				   <property>
			
 
				     <name>supervisor.childopts</name>
			
 
				-    <value>-Xmx256m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value>
			
 
				+    <value>-Xmx256m -Djava.security.auth.login.config=/etc/storm/storm_jaas.conf -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host={0},port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value>
			
 
				     <description>This parameter is used by the storm-deploy project to configure the jvm options for the supervisor daemon.</description>
			
 
				   </property>
			
 
				   <property>
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/params.py
@@ -46,5 +46,15 @@ if 'ganglia_server_host' in config['clusterHostInfo'] and \
 
				   ganglia_report_interval = 60
			
 
				 else:
			
 
				   ganglia_installed = False
			
 
				-
			
 
				+  
			
 
				+_authentication = config['configurations']['core-site']['hadoop.security.authentication']
			
 
				+security_enabled = ( not is_empty(_authentication) and _authentication == 'kerberos')
			
 
				+
			
 
				+if security_enabled:
			
 
				+  _hostname_lowercase = config['hostname'].lower()
			
 
				+  _kerberos_domain = config['configurations']['global']['kerberos_domain']
			
 
				+  _storm_principal_name = "storm" # config['configurations']['global']['hbase_master_principal_name']
			
 
				+  
			
 
				+  storm_jaas_principal = format("{_storm_principal_name}/{_hostname_lowercase}@{_kerberos_domain}")
			
 
				+  storm_keytab_path = "/etc/security/keytabs/storm.service.keytab" # config['configurations']['global']['storm_keytab']
			
 
				 
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/scripts/storm.py
@@ -42,4 +42,9 @@ def storm():
 
				                configurations = params.config['configurations']['storm-site'],
			
 
				                owner = params.storm_user,
			
 
				                group = params.user_group
			
 
				-  )
			
 
				+  )
			
 
				+  
			
 
				+  if params.security_enabled:
			
 
				+    TemplateConfig( format("{conf_dir}/storm_jaas.conf"),
			
 
				+      owner = params.storm_user
			
 
				+    )
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.1/services/STORM/package/templates/storm_jaas.conf.j2
@@ -0,0 +1,9 @@
 
				+Client {
			
 
				+   com.sun.security.auth.module.Krb5LoginModule required
			
 
				+   useKeyTab=true
			
 
				+   keyTab="{{storm_keytab_path}}"
			
 
				+   storeKey=true
			
 
				+   useTicketCache=false
			
 
				+   serviceName="zookeeper"
			
 
				+   principal="{{storm_jaas_principal}}";
			
 
				+};