Home Explore Help
Register Sign In
apache
/
ambari
mirror of https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

AMBARI-1763. Integrate Frontend security work to enable security on HBase and ZooKeeper. (jaimin)

git-svn-id: https://svn.apache.org/repos/asf/incubator/ambari/trunk@1463323 13f79535-47bb-0310-9956-ffa450edef68
Jaimin Jetly 12 years ago
parent
b5fa1f35aa
commit
84b06faab2
10 changed files with 52 additions and 49 deletions
Unified View Show Diff Stats
  1. 3 0
      CHANGES.txt
  2. 0 3
      ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp
  3. 1 1
      ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp
  4. 1 1
      ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp
  5. 1 1
      ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml
  6. 4 1
      ambari-web/app/controllers/main/admin/security/add/step2.js
  7. 3 0
      ambari-web/app/controllers/wizard/step8_controller.js
  8. 1 5
      ambari-web/app/data/secure_configs.js
  9. 6 6
      ambari-web/app/data/secure_mapping.js
  10. 32 31
      ambari-web/app/data/secure_properties.js

+ 3 - 0
CHANGES.txt
View File 

@@ -12,6 +12,9 @@ Trunk (unreleased changes):
 
 
 
  NEW FEATURES
 
  NEW FEATURES
 
 
 
+ AMBARI-1763. Integrate Frontend security work to enable security on
 
+ HBase and ZooKeeper. (jaimin)
 
+
 
  AMBARI-1754. Add support to ensure that Ambari Server/Agent/Store are all of 
  AMBARI-1754. Add support to ensure that Ambari Server/Agent/Store are all of 
  compatible version. (smohanty)
 
  compatible version. (smohanty)

+ 0 - 3
ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp
View File 

@@ -49,9 +49,6 @@ class hdp-oozie(
 
     }
 
     }
 
   }
 
   }
 
 
 
-  $oozie-site = $configuration['oozie-site']
 
-  $oozie_principal = $oozie-site["oozie.service.HadoopAccessorService.kerberos.principal"]
 
-
 
   if ($service_state == 'uninstalled') {
 
   if ($service_state == 'uninstalled') {
 
     hdp::package { 'oozie-client' : 
     hdp::package { 'oozie-client' : 
       ensure => 'uninstalled'
 
       ensure => 'uninstalled'

+ 1 - 1
ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp
View File 

@@ -37,7 +37,7 @@ class hdp-oozie::service(
 
 
 
   $security = $hdp::params::security_enabled
 
   $security = $hdp::params::security_enabled
 
   $oozie_keytab = $hdp-oozie::params::oozie_service_keytab
 
   $oozie_keytab = $hdp-oozie::params::oozie_service_keytab
 
-  $oozie_principal = $hdp-oozie::oozie_principal
 
+  $oozie_principal = $configuration['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal']
 
   
   
   $jdbc_driver_name = $configuration['oozie-site']['oozie.service.JPAService.jdbc.driver']
 
   $jdbc_driver_name = $configuration['oozie-site']['oozie.service.JPAService.jdbc.driver']
 
   if ($jdbc_driver_name == "com.mysql.jdbc.Driver"){
 
   if ($jdbc_driver_name == "com.mysql.jdbc.Driver"){

+ 1 - 1
ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp
View File 

@@ -28,7 +28,7 @@ class hdp-templeton::templeton::service_check()
 
   } else {
 
   } else {
 
     $security = "false"
 
     $security = "false"
 
   }
 
   }
 
-  $kinit_path_local = $hdp::param::kinit_path_local
 
+  $kinit_path_local = $hdp::params::kinit_path_local
 
   $smoke_user_keytab = "${hdp-templeton::params::keytab_path}/${smoke_test_user}.headless.keytab"
 
   $smoke_user_keytab = "${hdp-templeton::params::keytab_path}/${smoke_test_user}.headless.keytab"
 
 
 
   $templeton_host = $hdp::params::webhcat_server_host
 
   $templeton_host = $hdp::params::webhcat_server_host

+ 1 - 1
ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml
View File 

@@ -252,7 +252,7 @@
 
   <!-- Additional configuration specific to HBase security -->
 
   <!-- Additional configuration specific to HBase security -->
 
   <property>
 
   <property>
 
     <name>hbase.superuser</name>
 
     <name>hbase.superuser</name>
 
-    <value>hbase</value>
 
+    <value></value>
 
     <description>List of users or groups (comma-separated), who are allowed
 
     <description>List of users or groups (comma-separated), who are allowed
 
     full privileges, regardless of stored ACLs, across the cluster.
 
     full privileges, regardless of stored ACLs, across the cluster.
 
     Only used when HBase security is enabled.
 
     Only used when HBase security is enabled.

+ 4 - 1
ambari-web/app/controllers/main/admin/security/add/step2.js
View File 

@@ -80,9 +80,12 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
 
         serviceName: _serviceConfig.serviceName,
 
         serviceName: _serviceConfig.serviceName,
 
         displayName: _serviceConfig.displayName,
 
         displayName: _serviceConfig.displayName,
 
         configCategories: _serviceConfig.configCategories,
 
         configCategories: _serviceConfig.configCategories,
 
-        showConfig: true,
 
+        showConfig: false,
 
         configs: []
 
         configs: []
 
       });
 
       });
 
+      if (serviceConfigs.someProperty('serviceName', serviceConfig.serviceName)) {
 
+        serviceConfig.showConfig = true;
 
+      }
 
 
 
       this.loadComponentConfigs(_serviceConfig, serviceConfig);
 
       this.loadComponentConfigs(_serviceConfig, serviceConfig);

+ 3 - 0
ambari-web/app/controllers/wizard/step8_controller.js
View File 

@@ -1094,6 +1094,9 @@ App.WizardStep8Controller = Em.Controller.extend({
 
               masterHosts.filterProperty('component', 'NAGIOS_SERVER').filterProperty('isInstalled', false).forEach(function (_masterHost) {
 
               masterHosts.filterProperty('component', 'NAGIOS_SERVER').filterProperty('isInstalled', false).forEach(function (_masterHost) {
 
                 hostNames.pushObject(_masterHost.hostName);
 
                 hostNames.pushObject(_masterHost.hostName);
 
               }, this);
 
               }, this);
 
+              masterHosts.filterProperty('component', 'HIVE_SERVER').filterProperty('isInstalled', false).forEach(function (_masterHost) {
 
+                hostNames.pushObject(_masterHost.hostName);
 
+              }, this);
 
               break;
 
               break;
 
 
 
             case 'HCAT':
 
             case 'HCAT':

+ 1 - 5
ambari-web/app/data/secure_configs.js
View File 

@@ -90,21 +90,17 @@ module.exports = [
 
       App.ServiceConfigCategory.create({ name: 'RegionServer', displayName: 'RegionServer'})
 
       App.ServiceConfigCategory.create({ name: 'RegionServer', displayName: 'RegionServer'})
 
     ],
 
     ],
 
     sites: ['hbase-site'],
 
     sites: ['hbase-site'],
 
-
 
     configs: configProperties.filterProperty('serviceName', 'HBASE')
 
     configs: configProperties.filterProperty('serviceName', 'HBASE')
 
   },
 
   },
 
-  /*
 
   {
 
   {
 
     serviceName: 'ZOOKEEPER',
 
     serviceName: 'ZOOKEEPER',
 
     displayName: 'ZooKeeper',
 
     displayName: 'ZooKeeper',
 
     configCategories: [
 
     configCategories: [
 
-      App.ServiceConfigCategory.create({ name: 'ZooKeeper'})
 
+      App.ServiceConfigCategory.create({ name: 'ZooKeeper Server'})
 
     ],
 
     ],
 
     configs: configProperties.filterProperty('serviceName', 'ZOOKEEPER')
 
     configs: configProperties.filterProperty('serviceName', 'ZOOKEEPER')
 
 
 
   },
 
   },
 
-   */
 
-
 
   {
 
   {
 
     serviceName: 'OOZIE',
 
     serviceName: 'OOZIE',
 
     displayName: 'Oozie',
 
     displayName: 'Oozie',

+ 6 - 6
ambari-web/app/data/secure_mapping.js
View File 

@@ -34,9 +34,9 @@ module.exports = [
 
 
 
   {
 
   {
 
     "name": "hadoop.security.auth_to_local",
 
     "name": "hadoop.security.auth_to_local",
 
-    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user", "regionserver_primary_name"],
 
+    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
 
     "foreignKey": null,
 
     "foreignKey": null,
 
-    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ RULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
 
+    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
 
     "filename": "core-site.xml"
 
     "filename": "core-site.xml"
 
   },
 
   },
 
   {
 
   {
 
@@ -153,7 +153,7 @@ module.exports = [
 
   },
 
   },
 
   {
 
   {
 
     "name": "hbase.master.kerberos.principal",
 
     "name": "hbase.master.kerberos.principal",
 
-    "templateName": ["hbase_master_primary_name", "kerberos_domain"],
 
+    "templateName": ["hbase_primary_name", "kerberos_domain"],
 
     "foreignKey": null,
 
     "foreignKey": null,
 
     "value": "<templateName[0]>@<templateName[1]>",
 
     "value": "<templateName[0]>@<templateName[1]>",
 
     "filename": "hbase-site.xml"
 
     "filename": "hbase-site.xml"
 
@@ -167,7 +167,7 @@ module.exports = [
 
   },
 
   },
 
   {
 
   {
 
     "name": "hbase.regionserver.kerberos.principal",
 
     "name": "hbase.regionserver.kerberos.principal",
 
-    "templateName": ["regionserver_primary_name", "kerberos_domain"],
 
+    "templateName": ["hbase_primary_name", "kerberos_domain"],
 
     "foreignKey": null,
 
     "foreignKey": null,
 
     "value": "<templateName[0]>@<templateName[1]>",
 
     "value": "<templateName[0]>@<templateName[1]>",
 
     "filename": "hbase-site.xml"
 
     "filename": "hbase-site.xml"
 
@@ -279,9 +279,9 @@ module.exports = [
 
   },
 
   },
 
   {
 
   {
 
     "name": "oozie.authentication.kerberos.name.rules",
 
     "name": "oozie.authentication.kerberos.name.rules",
 
-    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user", "regionserver_primary_name"],
 
+    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
 
     "foreignKey": null,
 
     "foreignKey": null,
 
-    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ RULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
 
+    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
 
     "filename": "oozie-site.xml"
 
     "filename": "oozie-site.xml"
 
   },
 
   },
 
   {
 
   {

+ 32 - 31
ambari-web/app/data/secure_properties.js
View File 

@@ -149,20 +149,6 @@ module.exports =
 
       "serviceName": "HDFS",
 
       "serviceName": "HDFS",
 
       "category": "General"
 
       "category": "General"
 
     },
 
     },
 
-    /*
 
-     {
 
-     "id": "puppet var",
 
-     "name": "snamenode_primary_name",
 
-     "displayName": "Primary name",
 
-     "value": "",
 
-     "defaultValue": "sn",
 
-     "description": "Primary name for SecondaryNameNode",
 
-     "displayType": "principal",
 
-     "isVisible": true,
 
-     "serviceName": "HDFS",
 
-     "category": "SNameNode"
 
-     },
 
-     */
 
     {
 
     {
 
       "id": "puppet var",
 
       "id": "puppet var",
 
       "name": "snamenode_keytab",
 
       "name": "snamenode_keytab",
 
@@ -259,10 +245,10 @@ module.exports =
 
     //HBASE
 
     //HBASE
 
     {
 
     {
 
       "id": "puppet var",
 
       "id": "puppet var",
 
-      "name": "hbase_master_primary_name",
 
+      "name": "hbase_primary_name",
 
       "displayName": "Primary name",
 
       "displayName": "Primary name",
 
       "value": "",
 
       "value": "",
 
-      "defaultValue": "hm",
 
+      "defaultValue": "hbase",
 
       "description": "Primary name for HBase master",
 
       "description": "Primary name for HBase master",
 
       "displayType": "principal",
 
       "displayType": "principal",
 
       "isVisible": true,
 
       "isVisible": true,
 
@@ -275,7 +261,7 @@ module.exports =
 
       "name": "hbase_master_keytab",
 
       "name": "hbase_master_keytab",
 
       "displayName": "Path to Keytab file",
 
       "displayName": "Path to Keytab file",
 
       "value": "",
 
       "value": "",
 
-      "defaultValue": "/etc/security/keytabs",
 
+      "defaultValue": "/etc/security/keytabs/hm.service.keytab",
 
       "description": "keytab for HBase master",
 
       "description": "keytab for HBase master",
 
       "displayType": "directory",
 
       "displayType": "directory",
 
       "isVisible": true,
 
       "isVisible": true,
 
@@ -283,25 +269,12 @@ module.exports =
 
       "serviceName": "HBASE",
 
       "serviceName": "HBASE",
 
       "category": "HBase Master"
 
       "category": "HBase Master"
 
     },
 
     },
 
-    {
 
-      "id": "puppet var",
 
-      "name": "regionserver_primary_name",
 
-      "displayName": "Primary name",
 
-      "value": "",
 
-      "defaultValue": "rs",
 
-      "description": "Primary name for regionServer",
 
-      "displayType": "principal",
 
-      "isVisible": true,
 
-      "isOverrideable": false,
 
-      "serviceName": "HBASE",
 
-      "category": "RegionServer"
 
-    },
 
     {
 
     {
 
       "id": "puppet var",
 
       "id": "puppet var",
 
       "name": "regionserver_keytab",
 
       "name": "regionserver_keytab",
 
       "displayName": "Path to Keytab file",
 
       "displayName": "Path to Keytab file",
 
       "value": "",
 
       "value": "",
 
-      "defaultValue": "/etc/security/keytabs",
 
+      "defaultValue": "/etc/security/keytabs/rs.service.keytab",
 
       "description": "keytab for RegionServer",
 
       "description": "keytab for RegionServer",
 
       "displayType": "directory",
 
       "displayType": "directory",
 
       "isVisible": true,
 
       "isVisible": true,
 
@@ -478,6 +451,34 @@ module.exports =
 
       "isOverrideable": false,
 
       "isOverrideable": false,
 
       "serviceName": "NAGIOS",
 
       "serviceName": "NAGIOS",
 
       "category": "General"
 
       "category": "General"
 
+    },
 
+
 
+    //ZooKeeper
 
+    {
 
+      "id": "puppet var",
 
+      "name": "zooKeeper_primary_name",
 
+      "displayName": "Primary name",
 
+      "value": "",
 
+      "defaultValue": "zk",
 
+      "description": "Primary name for ZooKeeper",
 
+      "displayType": "principal",
 
+      "isVisible": true,
 
+      "isOverrideable": false,
 
+      "serviceName": "ZOOKEEPER",
 
+      "category": "ZooKeeper Server"
 
+    },
 
+    {
 
+      "id": "puppet var",
 
+      "name": "zooKeeper_keytab",
 
+      "displayName": "Path to keytab file",
 
+      "value": "",
 
+      "defaultValue": "/etc/security/keytabs/zk.service.keytab",
 
+      "description": "Keytab for ZooKeeper",
 
+      "displayType": "directory",
 
+      "isVisible": true,
 
+      "isOverrideable": false,
 
+      "serviceName": "ZOOKEEPER",
 
+      "category": "ZooKeeper Server"
 
     }
 
     }
 
 
 
   ]
 
   ]