AMBARI-8174. Ambari-deployed cluster can't start datanode as root from command line. (swagle)

ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py

@@ -136,3 +136,5 @@ if has_nagios:
 
 user_list = json.loads(config['hostLevelParams']['user_list'])
 group_list = json.loads(config['hostLevelParams']['group_list'])
+
+dn_proc_user=hdfs_user

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/hdfs.py

@@ -81,3 +81,25 @@ def hdfs(name=None):
   
   if params.lzo_enabled:
     Package(params.lzo_packages_for_current_host)
+
+def setup_hadoop_env(replace=False):
+  import params
+
+  if params.security_enabled:
+    tc_owner = "root"
+  else:
+    tc_owner = params.hdfs_user
+  Directory(params.hadoop_conf_empty_dir,
+            recursive=True,
+            owner='root',
+            group='root'
+  )
+  Link(params.hadoop_conf_dir,
+       to=params.hadoop_conf_empty_dir,
+       not_if=format("ls {hadoop_conf_dir}")
+  )
+  File(os.path.join(params.hadoop_conf_dir, 'hadoop-env.sh'),
+       owner=tc_owner,
+       content=InlineTemplate(params.hadoop_env_sh_template),
+       replace=replace
+  )

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/params.py

@@ -253,3 +253,5 @@ ttnode_heapsize = "1024m"
 dtnode_heapsize = config['configurations']['hadoop-env']['dtnode_heapsize']
 mapred_pid_dir_prefix = default("/configurations/mapred-env/mapred_pid_dir_prefix","/var/run/hadoop-mapreduce")
 mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefix","/var/log/hadoop-mapreduce")
+
+dn_proc_user=hdfs_user

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/utils.py

@@ -20,7 +20,7 @@ import os
 
 from resource_management import *
 import re
-
+import hdfs
 
 def service(action=None, name=None, user=None, create_pid_dir=False,
             create_log_dir=False):
@@ -100,7 +100,15 @@ def service(action=None, name=None, user=None, create_pid_dir=False,
           pass  # Pid file content is invalid
         except OSError:
           pass  # Process is not running
-
+    pass
+
+    # Set HADOOP_SECURE_DN_USER correctly in hadoop-env if DN is running as root
+    # in secure mode.
+    if user == 'root':
+      params.dn_proc_user = 'root'
+      hdfs.setup_hadoop_env(replace=True)
+    pass
+  pass
 
   hadoop_env_exports_str = ''
   for exp in hadoop_env_exports.items():

ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hadoop-env.xml

@@ -134,6 +134,13 @@ export HADOOP_LIBEXEC_DIR={{hadoop_libexec_dir}}
 export JAVA_LIBRARY_PATH=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64
 
 export HADOOP_OPTS="-Dhdp.version=$HDP_VERSION $HADOOP_OPTS"
+
+HDFS_DN_PROC_USER={{dn_proc_user}}
+if [ $HDFS_DN_PROC_USER="root" ]; then
+  export HADOOP_SECURE_DN_USER="{{hdfs_user}}"
+else
+  export HADOOP_SECURE_DN_USER=""
+fi
     </value>
   </property>
   

ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py

@@ -19,6 +19,7 @@ limitations under the License.
 '''
 from ambari_commons import OSCheck
 import json
+import os
 from mock.mock import MagicMock, patch
 from stacks.utils.RMFTestCase import *
 
@@ -108,6 +109,20 @@ class TestDatanode(RMFTestCase):
                               owner = 'hdfs',
                               recursive = True,
                               )
+    self.assertResourceCalled('Directory', '/etc/hadoop/conf.empty',
+                              recursive=True,
+                              owner='root',
+                              group='root'
+    )
+    self.assertResourceCalled('Link', '/etc/hadoop/conf',
+                              to='/etc/hadoop/conf.empty',
+                              not_if='ls /etc/hadoop/conf'
+    )
+    self.assertResourceCalled('File', os.path.join('/etc/hadoop/conf', 'hadoop-env.sh'),
+                              owner='root',
+                              content=InlineTemplate(self.getConfig()['configurations']['hadoop-env']['content']),
+                              replace=True
+    )
     self.assertResourceCalled('File', '/var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid',
                               action = ['delete'],
                               not_if='ls /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid >/dev/null 2>&1 && ps -p `cat /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid` >/dev/null 2>&1',
@@ -138,6 +153,20 @@ class TestDatanode(RMFTestCase):
                               owner = 'hdfs',
                               recursive = True,
                               )
+    self.assertResourceCalled('Directory', '/etc/hadoop/conf.empty',
+                              recursive=True,
+                              owner='root',
+                              group='root'
+    )
+    self.assertResourceCalled('Link', '/etc/hadoop/conf',
+                              to='/etc/hadoop/conf.empty',
+                              not_if='ls /etc/hadoop/conf'
+    )
+    self.assertResourceCalled('File', os.path.join('/etc/hadoop/conf', 'hadoop-env.sh'),
+                              owner='root',
+                              content=InlineTemplate(self.getConfig()['configurations']['hadoop-env']['content']),
+                              replace=True
+    )
     self.assertResourceCalled('File', '/var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid',
                               action = ['delete'],
                               not_if='ls /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid >/dev/null 2>&1 && ps -p `cat /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid` >/dev/null 2>&1',
@@ -195,6 +224,20 @@ class TestDatanode(RMFTestCase):
                               owner = 'hdfs',
                               recursive = True,
                               )
+    self.assertResourceCalled('Directory', '/etc/hadoop/conf.empty',
+                              recursive=True,
+                              owner='root',
+                              group='root'
+    )
+    self.assertResourceCalled('Link', '/etc/hadoop/conf',
+                              to='/etc/hadoop/conf.empty',
+                              not_if='ls /etc/hadoop/conf'
+    )
+    self.assertResourceCalled('File', os.path.join('/etc/hadoop/conf', 'hadoop-env.sh'),
+                              owner='root',
+                              content=InlineTemplate(self.getConfig()['configurations']['hadoop-env']['content']),
+                              replace=True
+    )
     self.assertResourceCalled('File', '/var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid',
                               action = ['delete'],
                               not_if='ls /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid >/dev/null 2>&1 && ps -p `cat /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid` >/dev/null 2>&1',
@@ -229,6 +272,20 @@ class TestDatanode(RMFTestCase):
                               owner = 'hdfs',
                               recursive = True,
                               )
+    self.assertResourceCalled('Directory', '/etc/hadoop/conf.empty',
+                              recursive=True,
+                              owner='root',
+                              group='root'
+    )
+    self.assertResourceCalled('Link', '/etc/hadoop/conf',
+                              to='/etc/hadoop/conf.empty',
+                              not_if='ls /etc/hadoop/conf'
+    )
+    self.assertResourceCalled('File', os.path.join('/etc/hadoop/conf', 'hadoop-env.sh'),
+                              owner='root',
+                              content=InlineTemplate(self.getConfig()['configurations']['hadoop-env']['content']),
+                              replace=True
+    )
     self.assertResourceCalled('File', '/var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid',
                               action = ['delete'],
                               not_if='ls /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid >/dev/null 2>&1 && ps -p `cat /var/run/hadoop/hdfs/hadoop-hdfs-datanode.pid` >/dev/null 2>&1',