AMBARI-3592. Reassign Master(secure cluster): Display principal and keytab path creation as a required manual step. (akovalenko)

ambari-web/app/controllers/main/service/item.js

@@ -202,6 +202,7 @@ App.MainServiceItemController = Em.Controller.extend({
     console.log('In Reassign Master', hostComponent);
     var reassignMasterController = App.router.get('reassignMasterController');
     reassignMasterController.saveComponentToReassign(component);
+    reassignMasterController.getSecurityStatus();
     reassignMasterController.setCurrentStep('1');
     App.router.transitionTo('reassign');
   },

ambari-web/app/controllers/main/service/reassign/step4_controller.js

@@ -194,11 +194,13 @@ App.ReassignMasterWizardStep4Controller = App.HighAvailabilityProgressPageContro
 
   onLoadConfigs: function (data) {
     var isHadoop2Stack = App.get('isHadoop2Stack');
+    var securityEnabled = this.get('content.securityEnabled');
     var componentName = this.get('content.reassign.component_name');
     var targetHostName = this.get('content.reassignHosts.target');
     var sourceHostName = this.get('content.reassignHosts.source');
     var configs = {};
     var componentDir = '';
+    var secureConfigs = [];
     this.set('configsSitesNumber', data.items.length);
     this.set('configsSitesCount', 0);
     data.items.forEach(function (item) {
@@ -231,6 +233,10 @@ App.ReassignMasterWizardStep4Controller = App.HighAvailabilityProgressPageContro
         if (App.Service.find().someProperty('serviceName', 'HBASE')) {
           configs['hbase-site']['hbase.rootdir'] = configs['hbase-site']['hbase.rootdir'].replace(/\/\/[^\/]*/, '//' + targetHostName);
         }
+        if (securityEnabled) {
+          secureConfigs.push({keytab: configs['hdfs-site']['dfs.namenode.keytab.file'], principal: configs['hdfs-site']['dfs.namenode.kerberos.principal']});
+          secureConfigs.push({keytab: configs['hdfs-site']['dfs.web.authentication.kerberos.keytab'], principal: configs['hdfs-site']['dfs.web.authentication.kerberos.principal']});
+        }
         break;
       case 'SECONDARY_NAMENODE':
         if (isHadoop2Stack) {
@@ -240,11 +246,18 @@ App.ReassignMasterWizardStep4Controller = App.HighAvailabilityProgressPageContro
           componentDir = configs['core-site']['fs.checkpoint.dir'];
           configs['hdfs-site']['dfs.secondary.http.address'] = targetHostName + ':50090';
         }
+        if (securityEnabled) {
+          secureConfigs.push({keytab: configs['hdfs-site']['dfs.secondary.namenode.keytab.file'], principal: configs['hdfs-site']['dfs.secondary.namenode.kerberos.principal']});
+          secureConfigs.push({keytab: configs['hdfs-site']['dfs.web.authentication.kerberos.keytab'], principal: configs['hdfs-site']['dfs.web.authentication.kerberos.principal']});
+        }
         break;
       case 'JOBTRACKER':
         configs['mapred-site']['mapreduce.history.server.http.address'] = targetHostName + ':51111';
         configs['mapred-site']['mapred.job.tracker.http.address'] = targetHostName + ':50030';
         configs['mapred-site']['mapred.job.tracker'] = targetHostName + ':50300';
+        if (securityEnabled) {
+          secureConfigs.push({keytab: configs['mapred-site']['mapreduce.jobtracker.keytab.file'], principal: configs['mapred-site']['mapreduce.jobtracker.kerberos.principal']});
+        }
         break;
       case 'RESOURCEMANAGER':
         configs['yarn-site']['yarn.resourcemanager.address'] = targetHostName + ':8050';
@@ -253,10 +266,16 @@ App.ReassignMasterWizardStep4Controller = App.HighAvailabilityProgressPageContro
         configs['yarn-site']['yarn.resourcemanager.scheduler.address'] = targetHostName + ':8030';
         configs['yarn-site']['yarn.resourcemanager.webapp.address'] = targetHostName + ':8088';
         configs['yarn-site']['yarn.resourcemanager.hostname'] = targetHostName;
+        if (securityEnabled) {
+          secureConfigs.push({keytab: configs['yarn-site']['yarn.resourcemanager.keytab'], principal: configs['yarn-site']['yarn.resourcemanager.principal']});
+          secureConfigs.push({keytab: configs['yarn-site']['yarn.resourcemanager.webapp.spnego-keytab-file'], principal: configs['yarn-site']['yarn.resourcemanager.webapp.spnego-principal']});
+        }
+
         break;
     }
-    if (componentDir) {
+    if (componentDir || secureConfigs.length) {
       App.router.get(this.get('content.controllerName')).saveComponentDir(componentDir);
+      App.router.get(this.get('content.controllerName')).saveSecureConfigs(secureConfigs);
       App.clusterStatus.setClusterStatus({
         clusterName: this.get('content.cluster.name'),
         clusterState: this.get('clusterDeployState'),

ambari-web/app/controllers/main/service/reassign_controller.js

@@ -54,18 +54,60 @@ App.ReassignMasterController = App.WizardController.extend({
     serviceName: 'MISC',
     hdfsUser:"hdfs",
     reassign: null,
-    hasManualSteps: false
+    componentsWithManualCommands: ['NAMENODE', 'SECONDARY_NAMENODE'],
+    hasManualSteps: false,
+    securityEnabled: false
   }),
 
-  componentsWithManualSteps: ['NAMENODE', 'SECONDARY_NAMENODE'],
-
   addManualSteps: function () {
-    this.set('content.hasManualSteps', this.get('componentsWithManualSteps').contains(this.get('content.reassign.component_name')));
-  }.observes('content.reassign.component_name'),
+    this.set('content.hasManualSteps', this.get('content.componentsWithManualCommands').contains(this.get('content.reassign.component_name')) || this.get('content.securityEnabled'));
+  }.observes('content.reassign.component_name', 'content.securityEnabled'),
+
+  getSecurityStatus: function () {
+    if (App.testMode) {
+      this.set('securityEnabled', !App.testEnableSecurity);
+    } else {
+      //get Security Status From Server
+      App.ajax.send({
+        name: 'config.tags.sync',
+        sender: this,
+        success: 'getSecurityStatusSuccessCallback',
+        error: 'errorCallback'
+      });
+    }
+  },
 
-  skipStep3: function () {
-    return this.get('content.reassign.service_id') == 'GANGLIA';
-  }.property('content.reassign.service_id'),
+  errorCallback: function () {
+    console.error('Cannot get security status from server');
+  },
+
+  getSecurityStatusSuccessCallback: function (data) {
+    var configs = data.Clusters.desired_configs;
+    if ('global' in configs) {
+      this.getServiceConfigsFromServer(configs['global'].tag);
+    }
+    else {
+      console.error('Cannot get security status from server');
+    }
+  },
+
+  getServiceConfigsFromServer: function (tag) {
+    var tags = [
+      {
+        siteName: "global",
+        tagName: tag
+      }
+    ];
+    var data = App.router.get('configurationController').getConfigsByTags(tags);
+    var configs = data.findProperty('tag', tag).properties;
+    var result = configs && (configs['security_enabled'] === 'true' || configs['security_enabled'] === true);
+    this.saveSecurityEnabled(result);
+    App.clusterStatus.setClusterStatus({
+      clusterName: this.get('content.cluster.name'),
+      wizardControllerName: 'reassignMasterController',
+      localdb: App.db.data
+    });
+  },
 
   /**
    * return new object extended from clusterStatusTemplate
@@ -248,6 +290,27 @@ App.ReassignMasterController = App.WizardController.extend({
     this.set('content.reassignHosts', reassignHosts);
   },
 
+
+  saveSecurityEnabled: function(securityEnabled){
+    this.setDBProperty('securityEnabled', securityEnabled);
+    this.set('content.securityEnabled', securityEnabled);
+  },
+
+  loadSecurityEnabled: function(){
+    var securityEnabled = this.getDBProperty('securityEnabled');
+    this.set('content.securityEnabled', securityEnabled);
+  },
+
+  saveSecureConfigs: function(secureConfigs){
+    this.setDBProperty('secureConfigs', secureConfigs);
+    this.set('content.secureConfigs', secureConfigs);
+  },
+
+  loadSecureConfigs: function(){
+    var secureConfigs = this.getDBProperty('secureConfigs');
+    this.set('content.secureConfigs', secureConfigs);
+  },
+
   /**
    * Load data for all steps until <code>current step</code>
    */
@@ -256,6 +319,7 @@ App.ReassignMasterController = App.WizardController.extend({
     switch (step) {
       case '6':
       case '5':
+        this.loadSecureConfigs();
         this.loadComponentDir();
       case '4':
         this.loadTasksStatuses();

ambari-web/app/messages.js

@@ -1151,15 +1151,8 @@ Em.I18n.translations = {
       '<li>Proceed next' +
       '</ol>' +
       '</div>',
-  'services.reassign.step5.body.jobtracker':
-      '<div class="alert alert-info">' +
-      '<ol>' +
-      '<li>Copy contents of <b>{0}</b> from source host <b>{1}</b> to the target host <b>{2}</b> same locations</li>' +
-      '<li>Login to the target host <b>{2}</b> and change permissions for the JobTracker dirs by running:' +
-      '<div class="code-snippet">chown -R mapred:hadoop /hadoop/mapred/</div></li>' +
-      '<li>Proceed next' +
-      '</ol>'+
-      '</div>',
+  'services.reassign.step5.body.securityNotice': 'Note: {0}',
+  'services.reassign.step5.body.securityConfigsList': 'Keytab file <b>{0}</b> containing principal <b>{1}</b> should exist on <b>{2}</b>',
   'services.reassign.step6.header': 'Start and Test services',
   'services.reassign.step6.task0.title': 'Delete disabled {0}',
   'services.reassign.step6.task1.title': 'Start All Services',

ambari-web/app/routes/reassign_master_routes.js

@@ -55,10 +55,11 @@ module.exports = Em.Route.extend({
       reassignMasterController.set('popup', popup);
       App.clusterStatus.updateFromServer();
       var currentClusterStatus = App.clusterStatus.get('value');
+      App.db.data = currentClusterStatus.localdb;
+      reassignMasterController.loadSecurityEnabled();
       if (currentClusterStatus) {
         switch (currentClusterStatus.clusterState) {
           case 'REASSIGN_MASTER_INSTALLING' :
-            App.db.data = currentClusterStatus.localdb;
             reassignMasterController.setCurrentStep(currentClusterStatus.localdb.ReassignMaster.currentStep);
             break;
         }

ambari-web/app/templates/main/service/reassign/step5.hbs

@@ -16,7 +16,12 @@
 * limitations under the License.
 }}
 <h2>{{t services.reassign.step5.header}}</h2>
-{{{view.bodyText}}}
+{{{view.manualCommands}}}
+{{#if view.securityNotice}}
+  <div class="alert alert-info">
+    {{{view.securityNotice}}}
+  </div>
+{{/if}}
 <div class="btn-area">
   <a class="btn btn-success pull-right" {{bindAttr disabled="isSubmitDisabled"}} {{action next}}>{{t common.next}} &rarr;</a>
 </div>

ambari-web/app/views/main/service/reassign/step5_view.js

@@ -23,7 +23,10 @@ App.ReassignMasterWizardStep5View = Em.View.extend({
 
   templateName: require('templates/main/service/reassign/step5'),
 
-  bodyText: function () {
+  manualCommands: function () {
+    if (!this.get('controller.content.componentsWithManualCommands').contains(this.get('controller.content.reassign.component_name'))) {
+      return '';
+    }
     var componentDir = this.get('controller.content.componentDir');
     var sourceHost = this.get('controller.content.reassignHosts.source');
     var targetHost = this.get('controller.content.reassignHosts.target');
@@ -32,6 +35,20 @@ App.ReassignMasterWizardStep5View = Em.View.extend({
       ha = '_ha';
       var nnStartedHost = this.get('controller.content.masterComponentHosts').filterProperty('component', 'NAMENODE').mapProperty('hostName').without(this.get('controller.content.reassignHosts.target'));
     }
-    return  Em.I18n.t('services.reassign.step5.body.' + this.get('controller.content.reassign.component_name').toLowerCase() + ha).format(componentDir, sourceHost, targetHost, this.get('controller.content.hdfsUser'),nnStartedHost);
-  }.property('controller.content.reassign.component_name', 'controller.content.componentDir', 'controller.content.masterComponentHosts', 'controller.content.reassign.host_id', 'controller.content.hdfsUser')
+    return  Em.I18n.t('services.reassign.step5.body.' + this.get('controller.content.reassign.component_name').toLowerCase() + ha).format(componentDir, sourceHost, targetHost, this.get('controller.content.hdfsUser'), nnStartedHost);
+  }.property('controller.content.reassign.component_name', 'controller.content.componentDir', 'controller.content.masterComponentHosts', 'controller.content.reassign.host_id', 'controller.content.hdfsUser'),
+
+  securityNotice: function () {
+    var secureConfigs = this.get('controller.content.secureConfigs');
+    if (!this.get('controller.content.securityEnabled') || !secureConfigs.length) {
+      return '';
+    }
+    var formattedText = '<ul>';
+    secureConfigs.forEach(function (config) {
+      formattedText += '<li>' + Em.I18n.t('services.reassign.step5.body.securityConfigsList').format(config.keytab,
+          config.principal.replace('_HOST', this.get('controller.content.reassignHosts.target')), this.get('controller.content.reassignHosts.target')) + '</li>';
+    }, this);
+    formattedText += '</ul>';
+    return Em.I18n.t('services.reassign.step5.body.securityNotice').format(formattedText);
+  }.property('controller.content.securityEnabled', 'controller.content.secureConfigs', 'controller.content.reassignHosts.target')
 });