AMBARI-11307. Non-secure clusters should not install the linux task controller (aonishuk)

ambari-common/src/main/python/resource_management/core/providers/system.py

@@ -35,9 +35,11 @@ from resource_management.core.providers import Provider
 from resource_management.core.logger import Logger
 
 def _ensure_metadata(path, user, group, mode=None, cd_access=None):
-  stat = sudo.stat(path)
   user_entity = group_entity = None
-  
+
+  if user or group:
+    stat = sudo.stat(path)
+
   if user:
     _user_entity = pwd.getpwnam(user)
     if stat.st_uid != _user_entity.pw_uid:
@@ -53,8 +55,9 @@ def _ensure_metadata(path, user, group, mode=None, cd_access=None):
         "Changing group for %s from %d to %s" % (path, stat.st_gid, group))
   
   sudo.chown(path, user_entity, group_entity)
-      
+
   if mode:
+    stat = sudo.stat(path)
     if stat.st_mode != mode:
       Logger.info("Changing permission for %s from %o to %o" % (
       path, stat.st_mode, mode))

ambari-common/src/main/python/resource_management/core/sudo.py

@@ -31,7 +31,7 @@ if os.geteuid() == 0:
   def chown(path, owner, group):
     uid = owner.pw_uid if owner else -1
     gid = group.gr_gid if group else -1
-    if uid != -1 or gid != 1:
+    if uid != -1 or gid != -1:
       return os.chown(path, uid, gid)
   
   def chmod(path, mode):

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py

@@ -116,6 +116,9 @@ smokeuser_principal = config['configurations']['cluster-env']['smokeuser_princip
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 yarn_executor_container_group = config['configurations']['yarn-site']['yarn.nodemanager.linux-container-executor.group']
+yarn_nodemanager_container_executor_class =  config['configurations']['yarn-site']['yarn.nodemanager.container-executor.class']
+is_linux_container_executor = (yarn_nodemanager_container_executor_class == 'org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor')
+container_executor_mode = 06050 if is_linux_container_executor else 02050
 kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
 rm_hosts = config['clusterHostInfo']['rm_host']
 rm_host = rm_hosts[0]

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py

@@ -218,7 +218,7 @@ def yarn(name = None):
   container_executor = format("{yarn_container_bin}/container-executor")
   File(container_executor,
       group=params.yarn_executor_container_group,
-      mode=06050
+      mode=params.container_executor_mode
   )
 
   File(format("{hadoop_conf_dir}/container-executor.cfg"),

ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py

@@ -302,7 +302,7 @@ class TestHistoryServer(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),

ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py

@@ -143,7 +143,7 @@ class TestMapReduce2Client(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),

ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py

@@ -272,7 +272,7 @@ class TestNodeManager(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),

ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py

@@ -317,7 +317,7 @@ class TestResourceManager(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),

ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py

@@ -143,7 +143,7 @@ class TestYarnClient(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),
@@ -467,7 +467,7 @@ class TestYarnClient(RMFTestCase):
     )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),

ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py

@@ -193,7 +193,7 @@ class TestAppTimelineServer(RMFTestCase):
                               )
     self.assertResourceCalled('File', '/usr/lib/hadoop-yarn/bin/container-executor',
                               group = 'hadoop',
-                              mode = 06050,
+                              mode = 02050,
                               )
     self.assertResourceCalled('File', '/etc/hadoop/conf/container-executor.cfg',
                               content = Template('container-executor.cfg.j2'),