Inicio Explorar Axuda
Rexistro Iniciar sesión
apache
/
ambari
réplica de https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

AMBARI-6229. After enabling security on cluster with OpenJDK7 can't start any component. This commit reverts d228ca90b6664a26b3df22a206179200cd0a1050 and c6d86439f70edc07e14dd0986b690b62cfe25a43 commits. (jaimin)

Jaimin Jetly %!s(int64=11) %!d(string=hai) anos
pai
0a907e0ab1
achega
d3d583388e
Modificáronse 12 ficheiros con 87 adicións e 130 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 24 0
      ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/shared_initialization.py
  2. 0 1
      ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/hook.py
  3. 0 4
      ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/params.py
  4. 0 32
      ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/shared_initialization.py
  5. 24 0
      ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
  6. 0 1
      ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py
  7. 0 4
      ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/params.py
  8. 0 31
      ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
  9. 21 1
      ambari-server/src/test/python/stacks/1.3.2/hooks/before-INSTALL/test_before_install.py
  10. 0 28
      ambari-server/src/test/python/stacks/1.3.2/hooks/before-START/test_before_start.py
  11. 18 0
      ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py
  12. 0 28
      ambari-server/src/test/python/stacks/2.0.6/hooks/before-START/test_before_start.py

+ 24 - 0
ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/shared_initialization.py
Ver ficheiro 

@@ -170,5 +170,29 @@ def setup_java():
 
           not_if = format("test -e {java_exec}")
 
           not_if = format("test -e {java_exec}")
 
   )
 
   )
 
 
 
+  if params.jce_policy_zip is not None:
 
+    jce_curl_target = format("{artifact_dir}/{jce_policy_zip}")
 
+    download_jce = format("mkdir -p {artifact_dir}; curl -kf "
 
+                          "--retry 10 {jce_location}/{jce_policy_zip} "
 
+                          "-o {jce_curl_target}")
 
+    Execute( download_jce,
 
+             path = ["/bin","/usr/bin/"],
 
+             not_if =format("test -e {jce_curl_target}"),
 
+             environment = environment,
 
+             ignore_failures = True
 
+    )
 
+  elif params.security_enabled:
 
+    # Something weird is happening
 
+    raise Fail("Security is enabled, but JCE policy zip is not specified.")
 
+
 
+  if params.security_enabled:
 
+    security_dir = format("{java_home}/jre/lib/security")
 
+    extract_cmd = format("rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q {jce_curl_target}")
 
+    Execute(extract_cmd,
 
+            only_if = format("test -e {security_dir} && test -f {jce_curl_target}"),
 
+            cwd  = security_dir,
 
+            path = ['/bin/','/usr/bin']
 
+    )
 
+
 
 def install_packages():
 
 def install_packages():
 
   Package(['unzip'])
 
   Package(['unzip'])

+ 0 - 1
ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/hook.py
Ver ficheiro 

@@ -32,7 +32,6 @@ class BeforeConfigureHook(Hook):
 
     setup_hadoop()
 
     setup_hadoop()
 
     setup_database()
 
     setup_database()
 
     setup_configs()
 
     setup_configs()
 
-    setup_jce()
 
     create_javahome_symlink()
 
     create_javahome_symlink()
 
 
 
 if __name__ == "__main__":
 
 if __name__ == "__main__":

+ 0 - 4
ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/params.py
Ver ficheiro 

@@ -132,10 +132,6 @@ mapred_local_dir = "/tmp/hadoop-mapred/mapred/local"
 
 
 
 dfs_hosts = default('/configurations/hdfs-site/dfs.hosts', None)
 
 dfs_hosts = default('/configurations/hdfs-site/dfs.hosts', None)
 
 
 
-artifact_dir = "/tmp/HDP-artifacts/"
 
-jce_policy_zip = default("/hostLevelParams/jce_name", None) # None when jdk is already installed by user
 
-jce_location = config['hostLevelParams']['jdk_location']
 
-
 
 #log4j.properties
 
 #log4j.properties
 
 rca_properties = format('''
 
 rca_properties = format('''

+ 0 - 32
ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/shared_initialization.py
Ver ficheiro 

@@ -135,38 +135,6 @@ def setup_configs():
 
     )
 
     )
 
 
 
   # generate_include_file()
 
   # generate_include_file()
 
-  
-def setup_jce():
 
-  import params
 
-  
-  environment = {
 
-    "no_proxy": format("{ambari_server_hostname}")
 
-  }
 
-  
-  if params.jce_policy_zip is not None:
 
-    jce_curl_target = format("{artifact_dir}/{jce_policy_zip}")
 
-    download_jce = format("mkdir -p {artifact_dir}; \
 
-    curl -kf --retry 10 \
 
-    {jce_location}/{jce_policy_zip} -o {jce_curl_target}")
 
-    Execute( download_jce,
 
-             path = ["/bin","/usr/bin/"],
 
-             not_if =format("test -e {jce_curl_target}"),
 
-             ignore_failures = True,
 
-             environment = environment
 
-    )
 
-  elif params.security_enabled:
 
-    # Something weird is happening
 
-    raise Fail("Security is enabled, but JCE policy zip is not specified.")
 
-  
-  if params.security_enabled:
 
-    security_dir = format("{java_home}/jre/lib/security")
 
-    extract_cmd = format("rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q {jce_curl_target}")
 
-    Execute(extract_cmd,
 
-            only_if = format("test -e {security_dir} && test -f {jce_curl_target}"),
 
-            cwd  = security_dir,
 
-            path = ['/bin/','/usr/bin']
 
-    )
 
-
 
 
 
 def generate_include_file():
 
 def generate_include_file():
 
   import params
 
   import params

+ 24 - 0
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
Ver ficheiro 

@@ -192,5 +192,29 @@ def setup_java():
 
           not_if = format("test -e {java_exec}")
 
           not_if = format("test -e {java_exec}")
 
   )
 
   )
 
 
 
+  if params.jce_policy_zip is not None:
 
+    jce_curl_target = format("{artifact_dir}/{jce_policy_zip}")
 
+    download_jce = format("mkdir -p {artifact_dir}; \
 
+    curl -kf --retry 10 \
 
+    {jce_location}/{jce_policy_zip} -o {jce_curl_target}")
 
+    Execute( download_jce,
 
+             path = ["/bin","/usr/bin/"],
 
+             not_if =format("test -e {jce_curl_target}"),
 
+             ignore_failures = True,
 
+             environment = environment
 
+    )
 
+  elif params.security_enabled:
 
+    # Something weird is happening
 
+    raise Fail("Security is enabled, but JCE policy zip is not specified.")
 
+
 
+  if params.security_enabled:
 
+    security_dir = format("{java_home}/jre/lib/security")
 
+    extract_cmd = format("rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q {jce_curl_target}")
 
+    Execute(extract_cmd,
 
+            only_if = format("test -e {security_dir} && test -f {jce_curl_target}"),
 
+            cwd  = security_dir,
 
+            path = ['/bin/','/usr/bin']
 
+    )
 
+
 
 def install_packages():
 
 def install_packages():
 
   Package(['unzip', 'curl'])
 
   Package(['unzip', 'curl'])

+ 0 - 1
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py
Ver ficheiro 

@@ -31,7 +31,6 @@ class BeforeConfigureHook(Hook):
 
     self.run_custom_hook('after-INSTALL')
 
     self.run_custom_hook('after-INSTALL')
 
     setup_hadoop()
 
     setup_hadoop()
 
     setup_configs()
 
     setup_configs()
 
-    setup_jce()
 
     create_javahome_symlink()
 
     create_javahome_symlink()
 
 
 
 if __name__ == "__main__":
 
 if __name__ == "__main__":

+ 0 - 4
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/params.py
Ver ficheiro 

@@ -129,10 +129,6 @@ mapreduce_libs_path = "/usr/lib/hadoop-mapreduce/*"
 
 hadoop_libexec_dir = "/usr/lib/hadoop/libexec"
 
 hadoop_libexec_dir = "/usr/lib/hadoop/libexec"
 
 mapred_log_dir_prefix = default("mapred_log_dir_prefix","/var/log/hadoop-mapreduce")
 
 mapred_log_dir_prefix = default("mapred_log_dir_prefix","/var/log/hadoop-mapreduce")
 
 
 
-artifact_dir = "/tmp/HDP-artifacts/"
 
-jce_policy_zip = default("/hostLevelParams/jce_name", None) # None when jdk is already installed by user
 
-jce_location = config['hostLevelParams']['jdk_location']
 
-
 
 #log4j.properties
 
 #log4j.properties
 
 
 
 yarn_log_dir_prefix = default("yarn_log_dir_prefix","/var/log/hadoop-yarn")
 
 yarn_log_dir_prefix = default("yarn_log_dir_prefix","/var/log/hadoop-yarn")

+ 0 - 31
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
Ver ficheiro 

@@ -134,37 +134,6 @@ def setup_configs():
 
     )
 
     )
 
 
 
   generate_include_file()
 
   generate_include_file()
 
-  
-def setup_jce():
 
-  import params
 
-  
-  environment = {
 
-    "no_proxy": format("{ambari_server_hostname}")
 
-  }
 
-  
-  if params.jce_policy_zip is not None:
 
-    jce_curl_target = format("{artifact_dir}/{jce_policy_zip}")
 
-    download_jce = format("mkdir -p {artifact_dir}; \
 
-    curl -kf --retry 10 \
 
-    {jce_location}/{jce_policy_zip} -o {jce_curl_target}")
 
-    Execute( download_jce,
 
-             path = ["/bin","/usr/bin/"],
 
-             not_if =format("test -e {jce_curl_target}"),
 
-             ignore_failures = True,
 
-             environment = environment
 
-    )
 
-  elif params.security_enabled:
 
-    # Something weird is happening
 
-    raise Fail("Security is enabled, but JCE policy zip is not specified.")
 
-  
-  if params.security_enabled:
 
-    security_dir = format("{java_home}/jre/lib/security")
 
-    extract_cmd = format("rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q {jce_curl_target}")
 
-    Execute(extract_cmd,
 
-            only_if = format("test -e {security_dir} && test -f {jce_curl_target}"),
 
-            cwd  = security_dir,
 
-            path = ['/bin/','/usr/bin']
 
-    )
 
 
 
 
 
 def generate_include_file():
 
 def generate_include_file():

+ 21 - 1
ambari-server/src/test/python/stacks/1.3.2/hooks/before-INSTALL/test_before_install.py
Ver ficheiro 

@@ -45,6 +45,12 @@ class TestHookBeforeInstall(RMFTestCase):
 
         not_if = 'test -e /usr/jdk64/jdk1.7.0_45/bin/java',
 
         not_if = 'test -e /usr/jdk64/jdk1.7.0_45/bin/java',
 
         path = ['/bin', '/usr/bin/'],
 
         path = ['/bin', '/usr/bin/'],
 
     )
 
     )
 
+    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/; curl -kf --retry 10 http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
+        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
+        ignore_failures = True,
 
+        path = ['/bin', '/usr/bin/'],
 
+        environment = {'no_proxy': 'c6401.ambari.apache.org'}
 
+    )
 
     self.assertResourceCalled('Group', 'hadoop',
 
     self.assertResourceCalled('Group', 'hadoop',
 
         ignore_failures = False,
 
         ignore_failures = False,
 
     )
 
     )
 
@@ -132,4 +138,18 @@ class TestHookBeforeInstall(RMFTestCase):
 
         ignore_failures = False,
 
         ignore_failures = False,
 
     )
 
     )
 
     self.assertResourceCalled('Package', 'unzip',)
 
     self.assertResourceCalled('Package', 'unzip',)
 
-    self.assertNoMoreResources()
 
+    self.assertNoMoreResources()
 
+
 
+
 
+  def test_that_jce_is_required_in_secured_cluster(self):
 
+    try:
 
+      self.executeScript("1.3.2/hooks/before-INSTALL/scripts/hook.py",
 
+                         classname="BeforeConfigureHook",
 
+                         command="hook",
 
+                         config_file="secured_no_jce_name.json"
 
+      )
 
+      self.fail("Should throw an exception")
 
+    except Fail:
 
+      pass  # Expected
 
+
 
+

+ 0 - 28
ambari-server/src/test/python/stacks/1.3.2/hooks/before-START/test_before_start.py
Ver ficheiro 

@@ -81,12 +81,6 @@ class TestHookBeforeStart(RMFTestCase):
 
       owner = 'hdfs',
 
       owner = 'hdfs',
 
       group = 'hadoop',
 
       group = 'hadoop',
 
     )
 
     )
 
-    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/;     curl -kf --retry 10     http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        environment = {"no_proxy": "c6401.ambari.apache.org"},
 
-        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        ignore_failures = True,
 
-        path = ['/bin', '/usr/bin/'],
 
-    )
 
     self.assertNoMoreResources()
 
     self.assertNoMoreResources()
 
 
 
   def test_hook_secured(self, mockHook):
 
   def test_hook_secured(self, mockHook):
 
@@ -141,26 +135,4 @@ class TestHookBeforeStart(RMFTestCase):
 
                               owner = 'hdfs',
 
                               owner = 'hdfs',
 
                               group = 'hadoop',
 
                               group = 'hadoop',
 
                               )
 
                               )
 
-    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/;     curl -kf --retry 10     http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        environment = {"no_proxy": "c6401.ambari.apache.org"},
 
-        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        ignore_failures = True,
 
-        path = ['/bin', '/usr/bin/'],
 
-    )
 
-    self.assertResourceCalled('Execute', 'rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        path = ['/bin/', '/usr/bin'],
 
-        only_if = 'test -e /usr/jdk64/jdk1.7.0_45/jre/lib/security && test -f /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        cwd = '/usr/jdk64/jdk1.7.0_45/jre/lib/security',
 
-    )
 
     self.assertNoMoreResources()
 
     self.assertNoMoreResources()
 
-    
-def test_that_jce_is_required_in_secured_cluster(self):
 
-  try:
 
-    self.executeScript("2.0.6/hooks/before-START/scripts/hook.py",
 
-                       classname="BeforeStartHook",
 
-                       command="hook",
 
-                       config_file="secured_no_jce_name.json"
 
-    )
 
-    self.fail("Should throw an exception")
 
-  except Fail:
 
-    pass  # Expected

+ 18 - 0
ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py
Ver ficheiro 

@@ -47,6 +47,12 @@ class TestHookBeforeInstall(RMFTestCase):
 
         not_if = 'test -e /usr/jdk64/jdk1.7.0_45/bin/java',
 
         not_if = 'test -e /usr/jdk64/jdk1.7.0_45/bin/java',
 
         path = ['/bin', '/usr/bin/'],
 
         path = ['/bin', '/usr/bin/'],
 
     )
 
     )
 
+    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/;     curl -kf --retry 10     http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
+        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
+        ignore_failures = True,
 
+        path = ['/bin', '/usr/bin/'],
 
+        environment = {'no_proxy': 'c6401.ambari.apache.org'},
 
+    )
 
     self.assertResourceCalled('Group', 'hadoop',
 
     self.assertResourceCalled('Group', 'hadoop',
 
         ignore_failures = False,
 
         ignore_failures = False,
 
     )
 
     )
 
@@ -153,3 +159,15 @@ class TestHookBeforeInstall(RMFTestCase):
 
         groups = ['users'],
 
         groups = ['users'],
 
     )
 
     )
 
     self.assertNoMoreResources()
 
     self.assertNoMoreResources()
 
+
 
+
 
+  def test_that_jce_is_required_in_secured_cluster(self):
 
+    try:
 
+      self.executeScript("2.0.6/hooks/before-INSTALL/scripts/hook.py",
 
+                         classname="BeforeConfigureHook",
 
+                         command="hook",
 
+                         config_file="secured_no_jce_name.json"
 
+      )
 
+      self.fail("Should throw an exception")
 
+    except Fail:
 
+      pass  # Expected

+ 0 - 28
ambari-server/src/test/python/stacks/2.0.6/hooks/before-START/test_before_start.py
Ver ficheiro 

@@ -83,12 +83,6 @@ class TestHookBeforeStart(RMFTestCase):
 
       owner = 'hdfs',
 
       owner = 'hdfs',
 
       group = 'hadoop',
 
       group = 'hadoop',
 
     )
 
     )
 
-    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/;     curl -kf --retry 10     http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        environment = {"no_proxy": "c6401.ambari.apache.org"},
 
-        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        ignore_failures = True,
 
-        path = ['/bin', '/usr/bin/'],
 
-    )
 
     self.assertNoMoreResources()
 
     self.assertNoMoreResources()
 
 
 
   def test_hook_secured(self):
 
   def test_hook_secured(self):
 
@@ -149,26 +143,4 @@ class TestHookBeforeStart(RMFTestCase):
 
                               owner = 'hdfs',
 
                               owner = 'hdfs',
 
                               group = 'hadoop',
 
                               group = 'hadoop',
 
                               )
 
                               )
 
-    self.assertResourceCalled('Execute', 'mkdir -p /tmp/HDP-artifacts/;     curl -kf --retry 10     http://c6401.ambari.apache.org:8080/resources//UnlimitedJCEPolicyJDK7.zip -o /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        environment = {"no_proxy": "c6401.ambari.apache.org"},
 
-        not_if = 'test -e /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        ignore_failures = True,
 
-        path = ['/bin', '/usr/bin/'],
 
-    )
 
-    self.assertResourceCalled('Execute', 'rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        path = ['/bin/', '/usr/bin'],
 
-        only_if = 'test -e /usr/jdk64/jdk1.7.0_45/jre/lib/security && test -f /tmp/HDP-artifacts//UnlimitedJCEPolicyJDK7.zip',
 
-        cwd = '/usr/jdk64/jdk1.7.0_45/jre/lib/security',
 
-    )
 
     self.assertNoMoreResources()
 
     self.assertNoMoreResources()
 
-    
-def test_that_jce_is_required_in_secured_cluster(self):
 
-  try:
 
-    self.executeScript("2.0.6/hooks/before-START/scripts/hook.py",
 
-                       classname="BeforeStartHook",
 
-                       command="hook",
 
-                       config_file="secured_no_jce_name.json"
 
-    )
 
-    self.fail("Should throw an exception")
 
-  except Fail:
 
-    pass  # Expected