Home Esplora Aiuto
Registrati Accedi
apache
/
ambari
mirror da https://gitee.com/freeshow_me/ambari
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

AMBARI-11888. Enable kerberos, add service prompts to change Hive configs (Emil Anca via rlevas)

Emil Anca 10 anni fa
parent
61e3392113
commit
776a45d2a9
3 ha cambiato i file con 11 aggiunte e 6 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 4 3
      ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
  2. 7 2
      ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
  3. 0 1
      ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py

+ 4 - 3
ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
Vedi File 

@@ -363,12 +363,13 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
 
     # Security
 
     putHiveEnvProperty("hive_security_authorization", "None")
 
     # hive_security_authorization == 'none'
 
+    # this property is unrelated to Kerberos
 
     if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "none":
 
-      putHiveSiteProperty("hive.security.authorization.enabled", "false")
 
       putHiveSiteProperty("hive.security.authorization.manager", "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory")
 
       putHiveServerPropertyAttribute("hive.security.authorization.manager", "delete", "true")
 
-      putHiveServerPropertyAttribute("hive.security.authorization.enabled", "delete", "true")
 
       putHiveServerPropertyAttribute("hive.security.authenticator.manager", "delete", "true")
 
+      if "KERBEROS" not in servicesList: # Kerberos security depends on this property
 
+        putHiveSiteProperty("hive.security.authorization.enabled", "false")
 
     else:
 
       putHiveSiteProperty("hive.security.authorization.enabled", "true")
 
 
@@ -423,7 +424,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
 
     if hive_server2_auth == "kerberos":
 
       putHiveSiteProperty("hive.server2.authentication.kerberos.keytab", "")
 
       putHiveSiteProperty("hive.server2.authentication.kerberos.principal", "")
 
-    else:
 
+    elif "KERBEROS" not in servicesList: # Since 'hive_server2_auth' cannot be relied on within the default, empty recommendations request
 
       putHiveSitePropertyAttribute("hive.server2.authentication.kerberos.keytab", "delete", "true")
 
       putHiveSitePropertyAttribute("hive.server2.authentication.kerberos.principal", "delete", "true")

+ 7 - 2
ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
Vedi File 

@@ -931,6 +931,11 @@ class TestHDP22StackAdvisor(TestCase):
 
         "properties": {
 
           "yarn.scheduler.capacity.root.queues": "queue1,queue2"
 
         }
 
+      },
 
+      "hive-site": {
 
+        "properties": {
 
+          "hive.server2.authentication": "none"
 
+        }
 
       }
 
     }
 
     clusterData = {
 
@@ -1001,7 +1006,8 @@ class TestHDP22StackAdvisor(TestCase):
 
           'hive.vectorized.execution.enabled': 'true',
 
           'hive.vectorized.execution.reduce.enabled': 'false',
 
           'hive.security.metastore.authorization.manager': 'org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider',
 
-          'hive.security.authorization.manager': 'org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory'
 
+          'hive.security.authorization.manager': 'org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory',
 
+          "hive.server2.authentication": "none"
 
         },
 
        'property_attributes': {
 
          'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'},
 
@@ -1021,7 +1027,6 @@ class TestHDP22StackAdvisor(TestCase):
 
         },
 
         'property_attributes': {
 
          'hive.security.authorization.manager': {'delete': 'true'},
 
-         'hive.security.authorization.enabled': {'delete': 'true'},
 
          'hive.security.authenticator.manager': {'delete': 'true'}
 
         }
 
       }

+ 0 - 1
ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
Vedi File 

@@ -340,7 +340,6 @@ class TestHDP23StackAdvisor(TestCase):
 
         },
 
         'property_attributes': {
 
          'hive.security.authorization.manager': {'delete': 'true'},
 
-         'hive.security.authorization.enabled': {'delete': 'true'},
 
          'hive.security.authenticator.manager': {'delete': 'true'}
 
         }
 
       }