AMBARI-7570. Add Storm Kerberos Support.

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/params.py

@@ -42,7 +42,6 @@ conf_dir = "/etc/storm/conf"
 local_dir = config['configurations']['storm-site']['storm.local.dir']
 user_group = config['configurations']['cluster-env']['user_group']
 java64_home = config['hostLevelParams']['java_home']
-nimbus_host = config['configurations']['storm-site']['nimbus.host']
 nimbus_port = config['configurations']['storm-site']['nimbus.thrift.port']
 nimbus_host = config['configurations']['storm-site']['nimbus.host']
 rest_api_port = "8745"
@@ -58,11 +57,25 @@ if 'ganglia_server_host' in config['clusterHostInfo'] and \
 else:
   ganglia_installed = False
 
+is_compatible_to_2_2_stack = str(config['hostLevelParams']['stack_version']).startswith('2.2')
+
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 
 if security_enabled:
   _hostname_lowercase = config['hostname'].lower()
-  _kerberos_domain = config['configurations']['cluster-env']['kerberos_domain']
+  kerberos_domain = config['configurations']['cluster-env']['kerberos_domain']
   _storm_principal_name = config['configurations']['storm-env']['storm_principal_name']
   storm_jaas_principal = _storm_principal_name.replace('_HOST',_hostname_lowercase)
   storm_keytab_path = config['configurations']['storm-env']['storm_keytab']
+  
+  if is_compatible_to_2_2_stack:
+    storm_ui_keytab_path = config['configurations']['storm-env']['strom_ui_keytab']
+    _storm_ui_jaas_principal_name = config['configurations']['storm-env']['strom_ui_principal_name']
+    storm_ui_host = default("/clusterHostInfo/storm_ui_server_hosts", [])
+    storm_ui_jaas_principal = _storm_ui_jaas_principal_name.replace('_HOST',storm_ui_host[0].lower())
+    
+    
+    _nimbus_principal_name = config['configurations']['storm-env']['nimbus_principal_name']
+    nimbus_jaas_principal = _nimbus_principal_name.replace('_HOST',nimbus_host.lower())
+    nimbus_bare_jaas_principal = _nimbus_principal_name.replace('/_HOST','').replace('@'+kerberos_domain,'')
+    nimbus_keytab_path = config['configurations']['storm-env']['nimbus_keytab']

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/storm.py

@@ -19,10 +19,9 @@ limitations under the License.
 """
 
 from resource_management import *
-from yaml_config import yaml_config
+from yaml_utils import escape_yaml_propetry
 import sys
 
-
 def storm():
   import params
 
@@ -38,11 +37,15 @@ def storm():
        group=params.user_group
   )
 
-  yaml_config("storm.yaml",
-              conf_dir=params.conf_dir,
-              configurations=params.config['configurations']['storm-site'],
-              owner=params.storm_user,
-              group=params.user_group
+  configurations = params.config['configurations']['storm-site']
+  
+  File(format("{conf_dir}/storm.yaml"),
+       content=Template(
+                        "storm.yaml.j2", 
+                         extra_imports=[escape_yaml_propetry], 
+                        configurations = configurations),
+       owner=params.storm_user,
+       group=params.user_group
   )
 
   File(format("{conf_dir}/storm-env.sh"),
@@ -53,4 +56,4 @@ def storm():
   if params.security_enabled:
     TemplateConfig(format("{conf_dir}/storm_jaas.conf"),
                    owner=params.storm_user
-    )
+    )

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/supervisor.py

@@ -20,7 +20,6 @@ limitations under the License.
 
 import sys
 from resource_management import *
-from yaml_config import yaml_config
 from storm import storm
 from service import service
 

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/yaml_config.py → ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/yaml_utils.py

@@ -19,12 +19,10 @@ limitations under the License.
 """
 
 import re
-from resource_management import *
 
 def escape_yaml_propetry(value):
   unquouted = False
   unquouted_values = ["null","Null","NULL","true","True","TRUE","false","False","FALSE","YES","Yes","yes","NO","No","no","ON","On","on","OFF","Off","off"]
-  
   if value in unquouted_values:
     unquouted = True
 
@@ -48,25 +46,4 @@ def escape_yaml_propetry(value):
     value = value.replace("'","''")
     value = "'"+value+"'"
     
-  return value
-
-def yaml_inline_template(configurations):
-  return source.InlineTemplate('''{% for key, value in configurations_dict.items() %}{{ key }}: {{ escape_yaml_propetry(value) }}
-{% endfor %}''', configurations_dict=configurations, extra_imports=[escape_yaml_propetry])
-
-def yaml_config(
-  filename,
-  configurations = None,
-  conf_dir = None,
-  mode = None,
-  owner = None,
-  group = None
-):
-    config_content = yaml_inline_template(configurations)
-
-    File (format("{conf_dir}/{filename}"),
-      content = config_content,
-      owner = owner,
-      group = group,
-      mode = mode
-    )
+  return value

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/templates/storm.yaml.j2

@@ -0,0 +1,60 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+{% macro replace_jaas_placeholder(name) -%}
+{% if name.find('_JAAS_PLACEHOLDER') > -1 -%}
+    {%- if security_enabled -%}
+        {{ name.replace('_JAAS_PLACEHOLDER', '-Djava.security.auth.login.config=' +conf_dir + '/storm_jaas.conf') }}
+    {%- else -%}
+        {{ name.replace('_JAAS_PLACEHOLDER', '') }}
+    {%- endif -%}
+{%- else -%}
+    {{name}}
+{%- endif -%}
+{%- endmacro %}
+
+{% for key, value in configurations|dictsort if not key.startswith('_') %}
+{{key}} : {{ escape_yaml_propetry(replace_jaas_placeholder(value)) }}
+{% endfor %}
+
+{% if is_compatible_to_2_2_stack %}
+storm.thrift.transport : "{% if security_enabled %}{{configurations['_storm.thrift.secure.transport']}}{% else %}{{configurations['_storm.thrift.nonsecure.transport']}}{% endif %}"  
+{% endif %}
+
+{% if security_enabled and is_compatible_to_2_2_stack %}
+#
+# Kerberos security section. For the reference please use: https://github.com/hortonworks/storm/blob/champlain/SECURITY.md for details
+#
+
+storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"
+storm.zookeeper.superACL: "sasl:{{storm_user}}"
+java.security.auth.login.config: "{{conf_dir}}/storm_jaas.conf"
+nimbus.admins:
+  - "{{storm_user}}"
+nimbus.supervisor.users:
+  - "{{storm_user}}"
+nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"
+drpc.authorizer: "backtype.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer"
+
+ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
+ui.filter.params:
+  "type": "kerberos"
+  "kerberos.principal": "{{storm_ui_jaas_principal}}"
+  "kerberos.keytab": "{{storm_ui_keytab_path}}"
+  "kerberos.name.rules": "DEFAULT"
+supervisor.enable: true
+{% endif %}

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/templates/storm_jaas.conf.j2

@@ -15,7 +15,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #}
-
+{% if is_compatible_to_2_2_stack %}
+StormServer {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{nimbus_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   principal="{{nimbus_jaas_principal}}";
+};
+StormClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{storm_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="{{nimbus_bare_jaas_principal}}"
+   debug=true
+   principal="{{storm_jaas_principal}}";
+};
+{% endif %}
 Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
@@ -23,5 +42,6 @@ Client {
    storeKey=true
    useTicketCache=false
    serviceName="zookeeper"
+   debug=true
    principal="{{storm_jaas_principal}}";
 };

ambari-server/src/main/resources/stacks/HDP/2.2.1/services/STORM/configuration/storm-site.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="true">
+  
+  <property>
+    <name>storm.thrift.transport</name>
+    <deleted>true</deleted>
+    <description>This is calculated field that is based of security state and _storm.thrift.nonsecure.transport and _storm.thrift.secure.transport
+    </description> 
+  </property>
+  <property>
+    <name>_storm.thrift.nonsecure.transport</name>
+    <value>backtype.storm.security.auth.SimpleTransportPlugin</value>
+    <description>The transport plug-in that used for non-secure mode for for Thrift client/server communication.</description>
+  </property>
+  <property>
+    <name>_storm.thrift.secure.transport</name>
+    <value>backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin</value>
+    <description>The transport plug-in that used for secure mode for Thrift client/server communication.</description>
+  </property>
+
+  <property>
+    <name>nimbus.childopts</name>
+    <value>-Xmx1024m _JAAS_PLACEHOLDER -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8649,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value>
+    <description>
+	    This parameter is used by the storm-deploy project to configure the jvm options for the 
+	    nimbus daemon. _JAAS_PLACEHOLDER will be replaced by -Djava.security.auth.login.config=path/to/jaas.conf 
+	    when security is enabled and empty string otherwise
+    </description>
+  </property>
+
+  <property>
+    <name>worker.childopts</name>
+    <value>-Xmx768m _JAAS_PLACEHOLDER -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM</value>
+    <description>The jvm opts provided to workers launched by this supervisor. All \"%ID%\" substrings are replaced with an identifier for this worker.</description>
+  </property>
+
+  <property>
+    <name>ui.childopts</name>
+    <value>-Xmx768m _JAAS_PLACEHOLDER</value>
+    <description>Childopts for Storm UI Java process.</description>
+  </property>
+  
+  <property>
+    <name>supervisor.childopts</name>
+    <value>-Xmx256m _JAAS_PLACEHOLDER -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/lib/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/lib/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value>
+    <description>This parameter is used by the storm-deploy project to configure the jvm options for the supervisor daemon.</description>
+  </property>
+
+  <property>
+    <name>logviewer.childopts</name>
+    <value>-Xmx128m _JAAS_PLACEHOLDER</value>
+    <description>Childopts for log viewer java process.</description>
+  </property>
+
+  <property>
+    <name>drpc.childopts</name>
+    <value>-Xmx768m _JAAS_PLACEHOLDER</value>
+    <description>Childopts for Storm DRPC Java process.</description>
+  </property>
+
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/storm-site.xml

@@ -22,6 +22,24 @@
 
 <configuration supports_final="true">
 
+  <property>
+    <name>storm.thrift.transport</name>
+    <value>--</value>
+    <deleted>true</deleted>
+    <description>This is calculated field that is based of security state and _storm.thrift.nonsecure.transport and _storm.thrift.secure.transport
+    </description> 
+  </property>
+  <property>
+    <name>_storm.thrift.nonsecure.transport</name>
+    <value>backtype.storm.security.auth.SimpleTransportPlugin</value>
+    <description>The transport plug-in that used for non-secure mode for for Thrift client/server communication.</description>
+  </property>
+  <property>
+    <name>_storm.thrift.secure.transport</name>
+    <value>backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin</value>
+    <description>The transport plug-in that used for secure mode for Thrift client/server communication.</description>
+  </property>
+
   <property>
     <name>java.library.path</name>
     <value>/usr/local/lib:/opt/local/lib:/usr/lib:/usr/hdp/current/storm/lib</value>
@@ -33,26 +51,38 @@
 
   <property>
     <name>nimbus.childopts</name>
-    <value>-Xmx1024m -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8649,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value>
+    <value>-Xmx1024m _JAAS_PLACEHOLDER -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8649,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM</value>
     <description>This parameter is used by the storm-deploy project to configure the jvm options for the nimbus daemon.</description>
   </property>
 
   <property>
     <name>worker.childopts</name>
-    <value>-Xmx768m -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM</value>
+    <value>-Xmx768m _JAAS_PLACEHOLDER -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM</value>
     <description>The jvm opts provided to workers launched by this supervisor. All \"%ID%\" substrings are replaced with an identifier for this worker.</description>
   </property>
 
   <property>
     <name>ui.childopts</name>
-    <value>-Xmx768m</value>
+    <value>-Xmx768m _JAAS_PLACEHOLDER</value>
     <description>Childopts for Storm UI Java process.</description>
   </property>
 
   <property>
     <name>supervisor.childopts</name>
-    <value>-Xmx256m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value>
+    <value>-Xmx256m _JAAS_PLACEHOLDER -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/hdp/current/storm/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM</value>
     <description>This parameter is used by the storm-deploy project to configure the jvm options for the supervisor daemon.</description>
   </property>
+  
+   <property>
+    <name>logviewer.childopts</name>
+    <value>-Xmx128m _JAAS_PLACEHOLDER</value>
+    <description>Childopts for log viewer java process.</description>
+  </property>
+
+  <property>
+    <name>drpc.childopts</name>
+    <value>-Xmx768m _JAAS_PLACEHOLDER</value>
+    <description>Childopts for Storm DRPC Java process.</description>
+  </property>
 
 </configuration>

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_base.py

@@ -0,0 +1,119 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+
+from mock.mock import MagicMock, call, patch
+from stacks.utils.RMFTestCase import *
+import resource_management.core.source
+import re
+
+
+class TestStormBase(RMFTestCase):
+  def assert_configure_default(self):
+    import params
+    self.assertResourceCalled('Directory', '/var/log/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/var/run/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/hadoop/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/etc/storm/conf',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
+      owner = 'storm',
+      content = Template('config.yaml.j2'),
+      group = 'hadoop',
+    )
+    
+    storm_yarn_content = self.call_storm_template_and_assert()
+    
+    self.assertTrue(storm_yarn_content.find('_JAAS_PLACEHOLDER') == -1, 'Placeholder have to be substituted')
+    
+    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
+                              owner = 'storm',
+                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
+                              )
+    return storm_yarn_content
+
+  def assert_configure_secured(self):
+    import params
+    self.assertResourceCalled('Directory', '/var/log/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/var/run/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/hadoop/storm',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('Directory', '/etc/storm/conf',
+      owner = 'storm',
+      group = 'hadoop',
+      recursive = True,
+    )
+    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
+      owner = 'storm',
+      content = Template('config.yaml.j2'),
+      group = 'hadoop',
+    )
+    storm_yarn_content = self.call_storm_template_and_assert()
+    
+    self.assertTrue(storm_yarn_content.find('_JAAS_PLACEHOLDER') == -1, 'Placeholder have to be substituted')
+    
+    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
+                              owner = 'storm',
+                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
+                              )
+    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
+      owner = 'storm',
+    )
+    return storm_yarn_content
+    
+  def call_storm_template_and_assert(self):
+    import yaml_utils
+    storm_yarn_template = Template(
+                        "storm.yaml.j2", 
+                        extra_imports=[yaml_utils.escape_yaml_propetry], 
+                        configurations = self.getConfig()['configurations']['storm-site'])
+    storm_yarn_content = storm_yarn_template.get_content()
+    
+    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
+      owner = 'storm',
+      content= storm_yarn_template, 
+      group = 'hadoop'
+    )
+    return storm_yarn_content

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py

@@ -21,8 +21,9 @@ limitations under the License.
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
 import  resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormDrpcServer(RMFTestCase):
+class TestStormDrpcServer(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/drpc_server.py",
@@ -76,7 +77,7 @@ class TestStormDrpcServer(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/drpc.pid')
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/drpc_server.py",
                        classname = "DrpcServer",
                        command = "configure",
@@ -126,88 +127,3 @@ class TestStormDrpcServer(RMFTestCase):
     )
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/drpc.pid')
     self.assertNoMoreResources()
-
-  def assert_configure_default(self):
-
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content']),
-                              )
-
-
-  def assert_configure_secured(self):
-
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              content=InlineTemplate(self.getConfig()['configurations']['storm-env']['content']),
-                              owner='storm',
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-                              owner='storm',
-                              )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_jaas_configuration.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+
+from mock.mock import MagicMock, call, patch
+from stacks.utils.RMFTestCase import *
+import resource_management.core.source
+from test_storm_base import TestStormBase
+
+class TestStormJaasConfiguration(TestStormBase):
+
+  def test_configure_default(self):
+    self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "configure",
+                       config_file = "default-storm-start.json"
+    )
+    self.assert_configure_default()
+  def test_start_default(self):
+
+    self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "start",
+                       config_file = "default-storm-start.json"
+    )
+    self.assert_configure_default()
+
+
+  def test_configure_secured(self):
+    self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "configure",
+                       config_file = "secured-storm-start.json"
+    )
+    self.assert_configure_secured()
+
+  def test_start_secured(self):
+    self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "start",
+                       config_file = "secured-storm-start.json"
+    )
+    self.assert_configure_secured()
+
+  def assert_configure_default(self):
+    storm_yarn_content = super(TestStormJaasConfiguration, self).assert_configure_default()
+    
+    self.assertTrue(storm_yarn_content.find('_JAAS_PLACEHOLDER') == -1, 'Placeholder have to be substituted')
+      
+    self.assertTrue(storm_yarn_content.find('-Djava.security.auth.login.config') == -1, 'JAAS security settings has not to be present')
+    self.assertTrue(storm_yarn_content.find('NON_SECURED_TRANSPORT_CLASS') >= 0, 'Non secured transport class should be used')
+  
+
+  def assert_configure_secured(self):
+    storm_yarn_content = super(TestStormJaasConfiguration, self).assert_configure_secured()
+    
+    self.assertTrue(storm_yarn_content.find('_JAAS_PLACEHOLDER') == -1, 'Placeholder have to be substituted')
+    self.assertTrue(storm_yarn_content.find('_storm') == -1, 'pairs start with _strom has to be removed')
+    
+    self.assertTrue(storm_yarn_content.find('-Djava.security.auth.login.config') >= 0, 'JAAS security settings has to be present')
+    self.assertTrue(storm_yarn_content.find('SECURED_TRANSPORT_CLASS') >= 0, 'Secured transport class should be used')

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py

@@ -20,9 +20,11 @@ limitations under the License.
 
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
-import  resource_management.core.source
+import resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormNimbus(RMFTestCase):
+
+class TestStormNimbus(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
@@ -75,7 +77,7 @@ class TestStormNimbus(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/nimbus.pid')
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/nimbus.py",
                        classname = "Nimbus",
                        command = "configure",
@@ -126,85 +128,18 @@ class TestStormNimbus(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/nimbus.pid')
     self.assertNoMoreResources()
 
-  def assert_configure_default(self):
-
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-
-  def assert_configure_secured(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-      owner = 'storm',
-    )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)
+    
+#   def call_storm_template_and_assert(self):
+#     import yaml_utils
+#     storm_yarn_template = Template(
+#                         "storm.yaml.j2", 
+#                         extra_imports=[yaml_utils.escape_yaml_propetry], 
+#                         configurations = self.getConfig()['configurations']['storm-site'])
+#     storm_yarn_content = storm_yarn_template.get_content()
+#     
+#     self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
+#       owner = 'storm',
+#       content= storm_yarn_template, 
+#       group = 'hadoop'
+#     )
+#     return storm_yarn_content

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus_prod.py

@@ -21,8 +21,9 @@ limitations under the License.
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
 import resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormNimbus(RMFTestCase):
+class TestStormNimbus(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/nimbus_prod.py",
@@ -58,7 +59,7 @@ class TestStormNimbus(RMFTestCase):
     )
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/nimbus_prod.py",
                        classname = "Nimbus",
                        command = "configure",
@@ -90,86 +91,4 @@ class TestStormNimbus(RMFTestCase):
     self.assertResourceCalled('Execute', 'supervisorctl stop storm-nimbus',
                               wait_for_finish = False,
     )
-    self.assertNoMoreResources()
-
-  def assert_configure_default(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-
-  def assert_configure_secured(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-      owner = 'storm',
-    )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)
+    self.assertNoMoreResources()

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_rest_api_service.py

@@ -21,8 +21,9 @@ limitations under the License.
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
 import  resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormRestApi(RMFTestCase):
+class TestStormRestApi(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/rest_api.py",
@@ -75,7 +76,7 @@ class TestStormRestApi(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/restapi.pid')
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/rest_api.py",
                        classname = "StormRestApi",
                        command = "configure",
@@ -126,85 +127,3 @@ class TestStormRestApi(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/restapi.pid')
     self.assertNoMoreResources()
 
-  def assert_configure_default(self):
-
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-
-  def assert_configure_secured(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-      owner = 'storm',
-    )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_supervisor.py

@@ -21,8 +21,9 @@ limitations under the License.
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
 import  resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormSupervisor(RMFTestCase):
+class TestStormSupervisor(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/supervisor.py",
@@ -97,7 +98,7 @@ class TestStormSupervisor(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/logviewer.pid')
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/supervisor.py",
                        classname = "Supervisor",
                        command = "configure",
@@ -196,12 +197,8 @@ class TestStormSupervisor(RMFTestCase):
       content = Template('config.yaml.j2'),
       group = 'hadoop',
     )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
+    #assert that storm.yam was properly configured
+    self.call_storm_template_and_assert()
     self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
                               owner = 'storm',
                               content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
@@ -233,12 +230,15 @@ class TestStormSupervisor(RMFTestCase):
       content = Template('config.yaml.j2'),
       group = 'hadoop',
     )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
+#     self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
+#       owner = 'storm',
+#       content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
+#       group = 'hadoop',
+#       mode = None,
+#     )
+    #assert that storm.yam was properly configured
+    self.call_storm_template_and_assert()
+    
     self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
                               owner = 'storm',
                               content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
@@ -247,7 +247,13 @@ class TestStormSupervisor(RMFTestCase):
       owner = 'storm',
     )
 
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)
+#   def get_yaml_inline_template(self, configurations):
+#     with self.env:
+#       from yaml_config import yaml_inline_template
+#       from storm import enrich_kerberos_settings
+#       import params
+#       
+#       if params.security_enabled:
+#         return yaml_inline_template(enrich_kerberos_settings(configurations, params.conf_dir, "EXAMPLE.COM"))
+#       else:
+#         return yaml_inline_template(configurations)

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_supervisor_prod.py

@@ -20,9 +20,10 @@ limitations under the License.
 
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
-import  resource_management.core.source
+import resource_management.core.source
+from test_storm_base import TestStormBase
 
-class TestStormSupervisor(RMFTestCase):
+class TestStormSupervisor(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/supervisor_prod.py",
@@ -141,84 +142,3 @@ class TestStormSupervisor(RMFTestCase):
 
     self.assertNoMoreResources()
 
-  def assert_configure_default(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-
-  def assert_configure_secured(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-      owner = 'storm',
-  )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)

ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py

@@ -20,9 +20,9 @@ limitations under the License.
 
 from mock.mock import MagicMock, call, patch
 from stacks.utils.RMFTestCase import *
-import  resource_management.core.source
-
-class TestStormUiServer(RMFTestCase):
+import resource_management.core.source
+from test_storm_base import TestStormBase
+class TestStormUiServer(TestStormBase):
 
   def test_configure_default(self):
     self.executeScript("2.1/services/STORM/package/scripts/ui_server.py",
@@ -75,7 +75,7 @@ class TestStormUiServer(RMFTestCase):
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/ui.pid')
     self.assertNoMoreResources()
 
-  def test_configure_default(self):
+  def test_configure_secured(self):
     self.executeScript("2.1/services/STORM/package/scripts/ui_server.py",
                        classname = "UiServer",
                        command = "configure",
@@ -124,87 +124,4 @@ class TestStormUiServer(RMFTestCase):
                               ignore_failures=True
                               )
     self.assertResourceCalled('Execute', 'rm -f /var/run/storm/ui.pid')
-    self.assertNoMoreResources()
-
-  def assert_configure_default(self):
-
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-
-  def assert_configure_secured(self):
-    self.assertResourceCalled('Directory', '/var/log/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/var/run/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/hadoop/storm',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('Directory', '/etc/storm/conf',
-      owner = 'storm',
-      group = 'hadoop',
-      recursive = True,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/config.yaml',
-      owner = 'storm',
-      content = Template('config.yaml.j2'),
-      group = 'hadoop',
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm.yaml',
-      owner = 'storm',
-      content = self.get_yaml_inline_template(self.getConfig()['configurations']['storm-site']),
-      group = 'hadoop',
-      mode = None,
-    )
-    self.assertResourceCalled('File', '/etc/storm/conf/storm-env.sh',
-                              owner = 'storm',
-                              content = InlineTemplate(self.getConfig()['configurations']['storm-env']['content'])
-                              )
-    self.assertResourceCalled('TemplateConfig', '/etc/storm/conf/storm_jaas.conf',
-      owner = 'storm',
-    )
-
-  def get_yaml_inline_template(self, configurations):
-    with self.env:
-      from yaml_config import yaml_inline_template
-      return yaml_inline_template(configurations)
+    self.assertNoMoreResources()

ambari-web/app/app.js

@@ -80,8 +80,11 @@ module.exports = Em.Application.create({
   }.property('currentStackVersion', 'currentStackName'),
 
   isHadoop2Stack: function () {
-    return (stringUtils.compareVersions(this.get('currentStackVersionNumber'), "2.0") === 1 ||
-      stringUtils.compareVersions(this.get('currentStackVersionNumber'), "2.0") === 0)
+    return (stringUtils.compareVersions(this.get('currentStackVersionNumber'), "2.0") > -1);
+  }.property('currentStackVersionNumber'),
+
+  isHadoop22Stack: function () {
+    return (stringUtils.compareVersions(this.get('currentStackVersionNumber'), "2.2") > -1);
   }.property('currentStackVersionNumber'),
 
   /**

ambari-web/app/controllers/main/admin/security/add/step2.js

@@ -17,6 +17,7 @@
  */
 
 var App = require('app');
+var stringUtils = require('utils/string_utils');
 
 App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
 
@@ -139,6 +140,11 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
       serviceName: 'STORM',
       configName: 'storm_host',
       components: ['STORM_UI_SERVER', 'NIMBUS', 'SUPERVISOR']
+    },
+    {
+      serviceName: 'STORM',
+      configName: 'nimbus_host',
+      components: ['NIMBUS']
     }
   ],
 
@@ -198,6 +204,23 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
    */
   loadStep: function () {
     console.log("TRACE: Loading addSecurity step2: Configure Services");
+    var versionNumber = App.get('currentStackVersionNumber');
+    if( stringUtils.compareVersions(versionNumber, "2.2") >= 0){
+      // Add Nimbus config options
+      var masterComponentMap = this.get('masterComponentMap');
+      masterComponentMap.filterProperty('configName', 'storm_host').components = ["SUPERVISOR", "STORM_UI_SERVER", "DRPC_SERVER", "STORM_REST_API"];
+      masterComponentMap.pushObject({
+        serviceName: 'STORM',
+        configName: 'nimbus_host',
+        components: ['NIMBUS']
+      });
+      this.get('hostToPrincipalMap').pushObject({
+        serviceName: 'STORM',
+        configName: 'nimbus_host',
+        principalName: 'storm_principal_name',
+        primaryName: 'storm'
+      });
+    }
     this.clearStep();
     this.loadUsers();
     this.addUserPrincipals(this.get('content.services'), this.get('securityUsers'));
@@ -305,13 +328,15 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
     if (service) {
       var host = service.configs.findProperty('name', hostConfigName);
       var principal = service.configs.findProperty('name', principalConfigName);
-      if (host && principal) {
-        if (Array.isArray(host.defaultValue)) {
-          host.defaultValue = host.defaultValue[0];
-        }
-        principal.defaultValue = defaultPrimaryName + host.defaultValue.toLowerCase();
+      var versionNumber = App.get('currentStackVersionNumber');
+      if( principalConfigName == 'storm_principal_name' && stringUtils.compareVersions(versionNumber, "2.2") >= 0){
+        principal.defaultValue = defaultPrimaryName;
         return true;
-      }
+      } else if (host && principal) {
+        var host_defaultValue = Array.isArray(host.defaultValue) ? host.defaultValue[0] : host.defaultValue;
+        principal.defaultValue = defaultPrimaryName + host_defaultValue;
+        return true;
+       }
       return false;
     }
     return false;

ambari-web/app/controllers/main/admin/security/add/step3.js

@@ -47,79 +47,91 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
     'FALCON_SERVER': 'falcon_user'
   },
   // The componentName, principal, and keytab have to coincide with the values in secure_properties.js
-  componentToConfigMap: [
-    {
-      componentName: 'NAMENODE',
-      principal: 'hadoop_http_principal_name',
-      keytab: 'hadoop_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
-    },
-    {
-      componentName: 'SECONDARY_NAMENODE',
-      principal: 'hadoop_http_principal_name',
-      keytab: 'hadoop_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
-    },
-    {
-      componentName: 'JOURNALNODE',
-      principal: 'hadoop_http_principal_name',
-      keytab: 'hadoop_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
-    },
-    {
-      componentName: 'WEBHCAT_SERVER',
-      principal: 'webHCat_http_principal_name',
-      keytab: 'webhcat_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.webhcat.user.httpUser')
-    },
-    {
-      componentName: 'OOZIE_SERVER',
-      principal: 'oozie_http_principal_name',
-      keytab: 'oozie_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.oozie.user.httpUser')
-    },
-    {
-      componentName: 'FALCON_SERVER',
-      principal: 'falcon_http_principal_name',
-      keytab: 'falcon_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.falcon.user.httpUser')
-    },
-    {
-      componentName: 'HISTORYSERVER',
-      principal: 'jobhistory_http_principal_name',
-      keytab: 'jobhistory_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.historyServer.user.httpUser'),
-      isHadoop2Stack: true
-    },
-    {
-      componentName: 'RESOURCEMANAGER',
-      principal: 'resourcemanager_http_principal_name',
-      keytab: 'resourcemanager_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.rm.user.httpUser'),
-      isHadoop2Stack: true
-    },
-    {
-      componentName: 'NODEMANAGER',
-      principal: 'nodemanager_http_principal_name',
-      keytab: 'nodemanager_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.nm.user.httpUser'),
-      isHadoop2Stack: true
-    },
-    {
-      componentName: 'APP_TIMELINE_SERVER',
-      principal: 'apptimelineserver_principal_name',
-      keytab: 'apptimelineserver_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.user.yarn.atsUser'),
-      isHadoop2Stack: true
-    },
-    {
-      componentName: 'APP_TIMELINE_SERVER',
-      principal: 'apptimelineserver_http_principal_name',
-      keytab: 'apptimelineserver_http_keytab',
-      displayName: Em.I18n.t('admin.addSecurity.user.yarn.atsHTTPUser'),
-      isHadoop2Stack: true
+  componentToConfigMap: function () {
+    var hdp2map = [
+      {
+        componentName: 'NAMENODE',
+        principal: 'hadoop_http_principal_name',
+        keytab: 'hadoop_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
+      },
+      {
+        componentName: 'SECONDARY_NAMENODE',
+        principal: 'hadoop_http_principal_name',
+        keytab: 'hadoop_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
+      },
+      {
+        componentName: 'JOURNALNODE',
+        principal: 'hadoop_http_principal_name',
+        keytab: 'hadoop_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser')
+      },
+      {
+        componentName: 'WEBHCAT_SERVER',
+        principal: 'webHCat_http_principal_name',
+        keytab: 'webhcat_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.webhcat.user.httpUser')
+      },
+      {
+        componentName: 'OOZIE_SERVER',
+        principal: 'oozie_http_principal_name',
+        keytab: 'oozie_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.oozie.user.httpUser')
+      },
+      {
+        componentName: 'FALCON_SERVER',
+        principal: 'falcon_http_principal_name',
+        keytab: 'falcon_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.falcon.user.httpUser')
+      },
+      {
+        componentName: 'HISTORYSERVER',
+        principal: 'jobhistory_http_principal_name',
+        keytab: 'jobhistory_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.historyServer.user.httpUser'),
+        isHadoop2Stack: true
+      },
+      {
+        componentName: 'RESOURCEMANAGER',
+        principal: 'resourcemanager_http_principal_name',
+        keytab: 'resourcemanager_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.rm.user.httpUser'),
+        isHadoop2Stack: true
+      },
+      {
+        componentName: 'NODEMANAGER',
+        principal: 'nodemanager_http_principal_name',
+        keytab: 'nodemanager_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.nm.user.httpUser'),
+        isHadoop2Stack: true
+      },
+      {
+        componentName: 'APP_TIMELINE_SERVER',
+        principal: 'apptimelineserver_principal_name',
+        keytab: 'apptimelineserver_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.user.yarn.atsUser'),
+        isHadoop2Stack: true
+      },
+      {
+        componentName: 'APP_TIMELINE_SERVER',
+        principal: 'apptimelineserver_http_principal_name',
+        keytab: 'apptimelineserver_http_keytab',
+        displayName: Em.I18n.t('admin.addSecurity.user.yarn.atsHTTPUser'),
+        isHadoop2Stack: true
+      }
+    ];
+    if (App.get('isHadoop22Stack')) {
+      hdp2map.push({
+        componentName: 'DRPC_SERVER',
+        principal: 'nimbus_principal_name',
+        keytab: 'nimbus_keytab',
+        displayName: 'DRPC_SERVER',
+        isHadoop2Stack: true
+      });
     }
-  ],
+    return hdp2map;
+  }.property('App.isHadoop22Stack'),
 
   mandatoryConfigs: [
     {

ambari-web/app/data/HDP2.2/site_properties.js

@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+var App = require('app');
+var hdp2properties = require('data/HDP2/site_properties').configProperties;
+var hdp22properties = hdp2properties.filter(function (item){
+  //In HDP2.2 storm.thrift.transport property is computed on server
+  return item.name !== 'storm.thrift.transport';
+});
+
+module.exports =
+{
+  "configProperties": hdp22properties
+};

ambari-web/app/data/HDP2/secure_configs.js

@@ -36,7 +36,7 @@ if (isATSInstalled && doesATSSupportKerberos) {
   yarnConfigProperties.push(App.ServiceConfigCategory.create({ name: 'AppTimelineServer', displayName : 'ApplicationTimelineService'}));
 }
 
-module.exports = [
+var configs = [
   {
     serviceName: 'GENERAL',
     displayName: 'General',
@@ -135,7 +135,7 @@ module.exports = [
     displayName: 'Storm',
     filename: 'storm-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'Storm Topology', displayName:  'Storm Topology'})
+      App.ServiceConfigCategory.create({ name: 'Storm Topology', displayName:  'Storm Client'})
     ],
     sites: ['storm-env','storm-site'],
     configs: configProperties.filterProperty('serviceName', 'STORM')
@@ -152,4 +152,16 @@ module.exports = [
   }
 ];
 
+if(App.get('isHadoop22Stack')){
+  for(var i = 0; i < configs.length; i++){
+    var config = configs[i];
+    if( config.serviceName === 'STORM' ){
+      config.configCategories.unshift(App.ServiceConfigCategory.create({ name: 'Nimbus', displayName:  'Nimbus'}));
+    }
+  }
+}
+
+
+module.exports = configs;
+
 

ambari-web/app/data/HDP2/secure_properties.js

@@ -27,8 +27,7 @@
  * component: Ambari component name
  */
 
-module.exports =
-{
+var props = {
   "configProperties": [
     {
       "id": "puppet var",
@@ -990,51 +989,6 @@ module.exports =
       "category": "Nagios Server",
       "component": "NAGIOS_SERVER"
     },
-  /**********************************************STORM***************************************/
-    {
-      "id": "puppet var",
-      "name": "storm_host",
-      "displayName": "Storm component hosts",
-      "value": "",
-      "defaultValue": "",
-      "description": "Storm component hosts",
-      "displayType": "slaveHosts",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "Storm Topology"
-    },
-    {
-      "id": "puppet var",
-      "name": "storm_principal_name",
-      "displayName": " Storm principal name",
-      "value": "",
-      "defaultValue": "storm/_HOST",
-      "description": "Principal name for Supervisor. _HOST will get automatically replaced with actual hostname at an instance of every storm component.",
-      "displayType": "principal",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "filename": "storm-env.xml",
-      "category": "Storm Topology",
-      "components": ["SUPERVISOR", "NIMBUS", "STORM_UI_SERVER"]
-    },
-    {
-      "id": "puppet var",
-      "name": "storm_keytab",
-      "displayName": "Path to Storm keytab file",
-      "value": "",
-      "defaultValue": "/etc/security/keytabs/storm.service.keytab",
-      "description": "Path to the storm keytab file",
-      "displayType": "directory",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "filename": "storm-env.xml",
-      "category": "Storm Topology",
-      "components": ["SUPERVISOR", "NIMBUS"]
-    },
-
   /**********************************************Falcon***************************************/
     {
       "id": "puppet var",
@@ -1118,3 +1072,162 @@ module.exports =
     }
   ]
 };
+
+var stormProperties = [
+  {
+    "id": "puppet var",
+    "name": "storm_host",
+    "displayName": "Storm component hosts",
+    "value": "",
+    "defaultValue": "",
+    "description": "Storm component hosts",
+    "displayType": "slaveHosts",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "category": "Storm Topology"
+  },
+  {
+    "id": "puppet var",
+    "name": "storm_principal_name",
+    "displayName": " Storm principal name",
+    "value": "",
+    "defaultValue": "storm/_HOST",
+    "description": "Principal name for Supervisor. _HOST will get automatically replaced with actual hostname at an instance of every storm component.",
+    "displayType": "principal",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Storm Topology",
+    "components": ["SUPERVISOR", "NIMBUS", "STORM_UI_SERVER"]
+  },
+  {
+    "id": "puppet var",
+    "name": "storm_keytab",
+    "displayName": "Path to Storm keytab file",
+    "value": "",
+    "defaultValue": "/etc/security/keytabs/storm.service.keytab",
+    "description": "Path to the storm keytab file",
+    "displayType": "directory",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Storm Topology",
+    "components": ["SUPERVISOR", "NIMBUS"]
+  }
+];
+var storm22Properties = [
+  {
+    "id": "puppet var",
+    "name": "storm_principal_name",
+    "displayName": " Storm principal name",
+    "value": "",
+    "defaultValue": "storm/_HOST",
+    "description": "Principal name for Storm components. _HOST will get automatically replaced with actual hostname at an instance of every storm component.",
+    "displayType": "principal",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Storm Topology",
+    "components": ["SUPERVISOR", "STORM_UI_SERVER", "DRPC_SERVER", "STORM_REST_API"]
+  },
+  {
+    "id": "puppet var",
+    "name": "storm_keytab",
+    "displayName": "Path to Storm keytab file",
+    "value": "",
+    "defaultValue": "/etc/security/keytabs/storm.service.keytab",
+    "description": "Path to the storm keytab file",
+    "displayType": "directory",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Storm Topology",
+    "components": ["SUPERVISOR", "STORM_UI_SERVER", "DRPC_SERVER", "STORM_REST_API"]
+  },
+  {
+    "id": "puppet var",
+    "name": "nimbus_host",
+    "displayName": "Nimbus hosts",
+    "value": "",
+    "defaultValue": "",
+    "description": "Nimbus component hosts",
+    "displayType": "slaveHosts",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "category": "Nimbus"
+  },
+  {
+    "id": "puppet var",
+    "name": "nimbus_principal_name",
+    "displayName": " Nimbus principal name",
+    "value": "",
+    "defaultValue": "nimbus/_HOST",
+    "description": "Nimbus Principal name",
+    "displayType": "principal",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Nimbus",
+    "components": ["NIMBUS","DRPC_SERVER"]
+  },
+  {
+    "id": "puppet var",
+    "name": "nimbus_keytab",
+    "displayName": "Path to Nimbus keytab file",
+    "value": "",
+    "defaultValue": "/etc/security/keytabs/nimbus.service.keytab",
+    "description": "Path to the nimbus keytab file",
+    "displayType": "directory",
+    "isVisible": true,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Nimbus",
+    "components": ["NIMBUS","DRPC_SERVER"]
+  },
+  {
+    "id": "puppet var",
+    "name": "strom_ui_principal_name",
+    "displayName": "Storm UI principal name",
+    "value": "",
+    "defaultValue": "HTTP/_HOST",
+    "description": "Principal name for Storm UI",
+    "displayType": "principal",
+    "isVisible": false,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Nimbus",
+    "components": ["STORM_UI_SERVER"]
+  },
+  {
+    "id": "puppet var",
+    "name": "strom_ui_keytab",
+    "displayName": "Path to Nimbus UI keytab file",
+    "value": "",
+    "defaultValue": "/etc/security/keytabs/http.storm.service.keytab",
+    "description": "Path to the Storm UI keytab file",
+    "displayType": "directory",
+    "isVisible": false,
+    "isOverridable": false,
+    "serviceName": "STORM",
+    "filename": "storm-env.xml",
+    "category": "Nimbus",
+    "components": ["STORM_UI_SERVER"]
+  }
+];
+
+if(App.get('isHadoop22Stack')) {
+  props.configProperties.pushObjects(storm22Properties);
+} else {
+  props.configProperties.pushObjects(stormProperties);
+}
+
+module.exports = props;

ambari-web/app/mixins/wizard/addSecurityConfigs.js

@@ -82,20 +82,29 @@ App.AddSecurityConfigs = Em.Mixin.create({
   /**
    * security configs, which values should be modified after APPLY CONFIGURATIONS stage
    */
-  secureConfigs: [
-    {
-      name: 'nagios_principal_name',
-      serviceName: 'NAGIOS'
-    },
-    {
-      name: 'zookeeper_principal_name',
-      serviceName: 'ZOOKEEPER'
-    },
-    {
-      name: 'storm_principal_name',
-      serviceName: 'STORM'
+  secureConfigs: function () {
+    var configs = [
+      {
+        name: 'nagios_principal_name',
+        serviceName: 'NAGIOS'
+      },
+      {
+        name: 'zookeeper_principal_name',
+        serviceName: 'ZOOKEEPER'
+      },
+      {
+        name: 'storm_principal_name',
+        serviceName: 'STORM'
+      }
+    ];
+    if (App.get('isHadoop22Stack')) {
+      configs.push({
+        name: 'nimbus_principal_name',
+        serviceName: 'STORM'
+      })
     }
-  ],
+    return configs;
+  }.property('App.isHadoop22Stack'),
 
   secureServices: function() {
     return  this.get('content.services');

ambari-web/app/utils/config.js

@@ -92,11 +92,13 @@ App.config = Em.Object.create({
   }.property('App.isHadoop2Stack'),
 
   preDefinedSiteProperties: function () {
-    if (App.get('isHadoop2Stack')) {
+    if (App.get('isHadoop22Stack')) {
+      return require('data/HDP2.2/site_properties').configProperties;
+    } else if (App.get('isHadoop2Stack')) {
       return require('data/HDP2/site_properties').configProperties;
     }
     return require('data/site_properties').configProperties;
-  }.property('App.isHadoop2Stack'),
+  }.property('App.isHadoop2Stack', 'App.isHadoop22Stack'),
 
   preDefinedCustomConfigs: function () {
     if (App.get('isHadoop2Stack')) {