AMBARI-5060. Security Wizard: enable Kerberos setup for Storm. (jaimin)

ambari-server/src/main/resources/stacks/HDP/2.1/services/STORM/package/scripts/params.py

@@ -54,7 +54,5 @@ if security_enabled:
   _hostname_lowercase = config['hostname'].lower()
   _kerberos_domain = config['configurations']['global']['kerberos_domain']
   _storm_principal_name = config['configurations']['global']['storm_principal_name']
-  
-  storm_jaas_principal = format("{_storm_principal_name}/{_hostname_lowercase}@{_kerberos_domain}")
+  storm_jaas_principal = _storm_principal_name.replace('_HOST',_hostname_lowercase)
   storm_keytab_path = config['configurations']['global']['storm_keytab']
-

ambari-web/app/controllers/main/admin/security/add/step2.js

@@ -253,19 +253,16 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
     this.setHostsToConfig(zooKeeperService, 'zookeeperserver_hosts', 'ZOOKEEPER_SERVER');
     this.setHostsToConfig(falconService, 'falcon_server_host', 'FALCON_SERVER');
     if (stormService) {
-      var stormMasterComponents = [
-        {
-          configName: 'storm_ui_server_host',
-          componentName: 'STORM_UI_SERVER'
-        },
-        {
-          configName: 'nimbus_host',
-          componentName: 'NIMBUS'
-        }
-      ];
-      stormMasterComponents.forEach(function(masterComponent) {
-        this.setHostsToConfig(stormService, masterComponent.configName, masterComponent.componentName);
+      var stormComponents = ['STORM_UI_SERVER','NIMBUS','SUPERVISOR'];
+      var stormHosts = [];
+      stormComponents.forEach(function(componentName) {
+        stormHosts.pushObjects(App.Service.find(stormService.serviceName)
+          .get('hostComponents')
+          .filterProperty('componentName', componentName)
+          .mapProperty('host.hostName'));
       }, this);
+      var hosts = stormService.configs.findProperty('name', 'storm_host');
+      hosts.defaultValue  = stormHosts.uniq();
     }
 
     // Oozie, Falcon, WebHcat and Nagios does not support _HOST in the principal name. Actual hostname should be set instead of _HOST

ambari-web/app/controllers/main/admin/security/add/step3.js

@@ -77,7 +77,6 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
     var smokeUserKeytabPath = generalConfigs.findProperty('name', 'smokeuser_keytab').value;
     var hdfsUserKeytabPath = generalConfigs.findProperty('name', 'hdfs_user_keytab').value;
     var hbaseUserKeytabPath = generalConfigs.findProperty('name', 'hbase_user_keytab').value;
-    var stormUserKeytabPath = generalConfigs.findProperty('name', 'storm_keytab').value;
 
     var hadoopHttpPrincipal = hdfsConfigs.findProperty('name', 'hadoop_http_principal_name');
     var hadoopHttpKeytabPath = hdfsConfigs.findProperty('name', 'hadoop_http_keytab').value;
@@ -138,18 +137,6 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
           acl: '440'
         });
       }
-      if (isStormInstalled) {
-        result.push({
-          host: host.get('hostName'),
-          component: Em.I18n.t('admin.addSecurity.user.stormUser'),
-          principal: stormUser,
-          keytabFile: stringUtils.getFileFromPath(stormUserKeytabPath),
-          keytab: stringUtils.getPath(stormUserKeytabPath),
-          owner: stormUserId,
-          group: hadoopGroupId,
-          acl: '440'
-        });
-      }
 
       this.setComponentConfig(result,host,'NAMENODE','HDFS','hadoop_http_principal_name','hadoop_http_keytab',Em.I18n.t('admin.addSecurity.hdfs.user.httpUser'),hadoopGroupId);
       this.setComponentConfig(result,host,'SECONDARY_NAMENODE','HDFS','hadoop_http_principal_name','hadoop_http_keytab',Em.I18n.t('admin.addSecurity.hdfs.user.httpUser'),hadoopGroupId);

ambari-web/app/controllers/main/admin/security/add/step4.js

@@ -353,6 +353,10 @@ App.MainAdminSecurityAddStep4Controller = App.MainAdminSecurityProgressControlle
             var zkPrincipalName = this.get('globalProperties').findProperty('name', 'zookeeper_principal_name');
             zkPrincipalName.value = zkPrincipalName.value + '@' + realmName.value;
           }
+          if (this.get('secureServices').someProperty('serviceName', 'STORM')) {
+            var stormPrincipalName = this.get('globalProperties').findProperty('name', 'storm_principal_name');
+            stormPrincipalName.value = stormPrincipalName.value + '@' + realmName.value;
+          }
           this.get('globalProperties').forEach(function (_globalProperty) {
             if (!/_hosts?$/.test(_globalProperty.name)) {
               _serviceConfigTags.configs[_globalProperty.name] = _globalProperty.value;
@@ -402,7 +406,6 @@ App.MainAdminSecurityAddStep4Controller = App.MainAdminSecurityProgressControlle
     console.warn('Error: Can\'t delete APP_TIMELINE_SERVER');
   },
 
-
   onJsError: function () {
     App.ModalPopup.show({
       header: Em.I18n.t('common.error'),

ambari-web/app/data/HDP2/secure_configs.js

@@ -132,9 +132,7 @@ module.exports = [
     displayName: 'Storm',
     filename: 'storm-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'NIMBUS', displayName:  'Nimbus'}),
-      App.ServiceConfigCategory.create({ name: 'STORM_UI_SERVER', displayName:  'Storm UI Server'}),
-      App.ServiceConfigCategory.create({ name: 'SUPERVISOR', displayName:  'Supervisor'})
+      App.ServiceConfigCategory.create({ name: 'Storm Topology', displayName:  'Storm Topology'})
     ],
     sites: ['storm-site'],
     configs: configProperties.filterProperty('serviceName', 'STORM')

ambari-web/app/data/HDP2/secure_properties.js

@@ -924,143 +924,30 @@ module.exports =
   /**********************************************STORM***************************************/
     {
       "id": "puppet var",
-      "name": "supervisor_hosts",
-      "displayName": "Supervisor hosts",
+      "name": "storm_host",
+      "displayName": "Storm component hosts",
       "value": "",
       "defaultValue": "",
-      "description": "The host that the master server is running on.",
+      "description": "Storm component hosts",
       "displayType": "slaveHosts",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "STORM",
-      "category": "SUPERVISOR"
+      "category": "Storm Topology"
     },
     {
       "id": "puppet var",
-      "name": "storm_ui_server_host",
-      "displayName": "Storm UI Server host",
-      "value": "",
-      "defaultValue": "",
-      "description": "Storm UI Server host",
-      "displayType": "masterHost",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "STORM_UI_SERVER"
-    },
-    {
-      "id": "puppet var",
-      "name": "nimbus_host",
-      "displayName": "Nimbus host",
-      "value": "",
-      "defaultValue": "",
-      "description": "Nimbus host",
-      "displayType": "masterHost",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "NIMBUS"
-    },
-    {
-      "id": "puppet var",
-      "name": "supervisor_keytab",
-      "displayName": "Path to Supervisor keytab file",
-      "value": "",
-      "defaultValue": "/etc/security/keytabs/storm.service.keytab",
-      "description": "Path to the Storm Service keytab file",
-      "displayType": "directory",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "SUPERVISOR",
-      "component": "SUPERVISOR"
-    },
-    {
-      "id": "puppet var",
-      "name": "supervisor_principal_name",
-      "displayName": "Supervisor principal name",
-      "value": "",
-      "defaultValue": "storm/_HOST",
-      "description": "Principal name for Supervisor. _HOST will get automatically replaced with actual hostname at an instance of Supervisor.",
-      "displayType": "principal",
-      "isVisible": true,
-      "isOverridable": false,
-      "isConfigurable": false,
-      "serviceName": "STORM",
-      "category": "SUPERVISOR",
-      "component": "SUPERVISOR"
-    },
-    {
-      "id": "puppet var",
-      "name": "nimbus_keytab",
-      "displayName": "Path to Nimbus keytab file",
-      "value": "",
-      "defaultValue": "/etc/security/keytabs/storm.service.keytab",
-      "description": "Path to the Nimbus keytab file",
-      "displayType": "directory",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "NIMBUS",
-      "component": "NIMBUS"
-    },
-    {
-      "id": "puppet var",
-      "name": "nimbus_principal_name",
-      "displayName": "Nimbus principal name",
-      "value": "",
-      "defaultValue": "storm/_HOST",
-      "description": "Principal name for Nimbus. _HOST will get automatically replaced with actual hostname at an instance of Nimbus.",
-      "displayType": "principal",
-      "isVisible": true,
-      "isOverridable": false,
-      "isConfigurable": false,
-      "serviceName": "STORM",
-      "category": "NIMBUS",
-      "component": "NIMBUS"
-    },
-    {
-      "id": "puppet var",
-      "name": "storm_ui_server_keytab",
-      "displayName": "Path to Storm UI Server keytab file",
-      "value": "",
-      "defaultValue": "/etc/security/keytabs/storm.service.keytab",
-      "description": "Path to the Storm UI Server keytab file",
-      "displayType": "directory",
-      "isVisible": true,
-      "isOverridable": false,
-      "serviceName": "STORM",
-      "category": "STORM_UI_SERVER",
-      "component": "STORM_UI_SERVER"
-    },
-    {
-      "id": "puppet var",
-      "name": "storm_ui_server_principal_name",
-      "displayName": "Storm UI Server principal name",
+      "name": "storm_principal_name",
+      "displayName": " Storm principal name",
       "value": "",
       "defaultValue": "storm/_HOST",
-      "description": "Principal name for Storm UI Server. _HOST will get automatically replaced with actual hostname at an instance of Storm UI Server.",
+      "description": "Principal name for Supervisor. _HOST will get automatically replaced with actual hostname at an instance of every storm component.",
       "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
-      "isConfigurable": false,
       "serviceName": "STORM",
-      "category": "STORM_UI_SERVER",
-      "component": "STORM_UI_SERVER"
-    },
-    {
-      "id": "puppet var",
-      "name": "storm_principal_name",
-      "displayName": "Storm principal name",
-      "value": "",
-      "defaultValue": "storm",
-      "description": "This is the principal name for Storm user",
-      "displayType": "principal",
-      "isVisible": true,
-      "isOverridable": false,
-      "isConfigurable": false,
-      "serviceName": "GENERAL",
-      "category": "AMBARI"
+      "category": "Storm Topology",
+      "components": ["SUPERVISOR", "NIMBUS", "STORM_UI_SERVER"]
     },
     {
       "id": "puppet var",
@@ -1068,12 +955,13 @@ module.exports =
       "displayName": "Path to Storm keytab file",
       "value": "",
       "defaultValue": "/etc/security/keytabs/storm.service.keytab",
-      "description": "Path to the Storm Service keytab file",
+      "description": "Path to the storm keytab file",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
-      "serviceName": "GENERAL",
-      "category": "AMBARI"
+      "serviceName": "STORM",
+      "category": "Storm Topology",
+      "components": ["SUPERVISOR", "NIMBUS"]
     },
 
   /**********************************************Falcon***************************************/

ambari-web/app/utils/configs/defaults_providers/storm_defaults_provider.js

@@ -41,7 +41,8 @@ App.STORMDefaultsProvider = App.DefaultsProvider.extend({
       return configs;
     }
     configs['drpc.childopts'] = '-Xmx768m';
-    configs['ui.childopts'] = '-Xmx768m';
+    //ui childopts value should be taken from stack
+    //configs['ui.childopts'] = '-Xmx768m';
     configs['logviewer.childopts'] = '-Xmx128m';
     return configs;
   },