def generate_child_process_param_list(ambari_user, java_exe, class_path,
debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return param_list
def generate_child_process_param_list(ambari_user, java_exe, class_path,
debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return param_list
def __init__(self, options):
super(AmbariUserChecksLinux, self).__init__()
self.NR_USER_CHANGE_PROMPT = "Ambari-server daemon is configured to run under user '{0}'. Change this setting [y/n] ({1})? "
self.NR_USER_CUSTOMIZE_PROMPT = "Customize user account for ambari-server daemon [y/n] ({0})? "
self.NR_DEFAULT_USER = "******"
self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \
'--shell %s -d /var/lib/ambari-server/keys/ {0}' % locate_file('nologin', '/sbin')
def wait_for_server_start(pidFile, scmStatus):
#wait for server process for SERVER_START_TIMEOUT seconds
sys.stdout.write('Waiting for server start...')
sys.stdout.flush()
pids = looking_for_pid(SERVER_SEARCH_PATTERN, SERVER_INIT_TIMEOUT)
found_pids = wait_for_pid(pids, SERVER_START_TIMEOUT)
sys.stdout.write('\n')
sys.stdout.flush()
if found_pids <= 0:
exitcode = check_exitcode(os.path.join(configDefaults.PID_DIR, EXITCODE_NAME))
raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
else:
save_main_pid_ex(pids, pidFile, [locate_file('sh', '/bin'),
locate_file('bash', '/bin'),
locate_file('dash', '/bin')], True)
def wait_for_server_start(pidFile, scmStatus):
#wait for server process for SERVER_START_TIMEOUT seconds
sys.stdout.write('Waiting for server start...')
sys.stdout.flush()
pids = looking_for_pid(SERVER_SEARCH_PATTERN, SERVER_INIT_TIMEOUT)
found_pids = wait_for_pid(pids, SERVER_START_TIMEOUT)
sys.stdout.write('\n')
sys.stdout.flush()
if found_pids <= 0:
exitcode = check_exitcode(os.path.join(configDefaults.PID_DIR, EXITCODE_NAME))
raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
else:
save_main_pid_ex(pids, pidFile, [locate_file('sh', '/bin'),
locate_file('bash', '/bin'),
locate_file('dash', '/bin')], True)
from ambari_commons.str_utils import compress_backslashes
from ambari_server.dbConfiguration import DBMSConfigFactory, check_jdbc_drivers
from ambari_server.serverConfiguration import configDefaults, JDKRelease, \
get_ambari_properties, get_full_ambari_classpath, get_is_secure, get_is_persisted, get_java_exe_path, get_JAVA_HOME, \
get_resources_location, get_value_from_properties, read_ambari_user, update_properties, validate_jdk, write_property, \
JAVA_HOME, JAVA_HOME_PROPERTY, JCE_NAME_PROPERTY, JDBC_RCA_URL_PROPERTY, JDBC_URL_PROPERTY, \
JDK_NAME_PROPERTY, JDK_RELEASES, NR_USER_PROPERTY, OS_FAMILY, OS_FAMILY_PROPERTY, OS_TYPE, OS_TYPE_PROPERTY, OS_VERSION, \
VIEWS_DIR_PROPERTY, JDBC_DATABASE_PROPERTY, JDK_DOWNLOAD_SUPPORTED_PROPERTY, JCE_DOWNLOAD_SUPPORTED_PROPERTY
from ambari_server.serverUtils import is_server_runing
from ambari_server.setupSecurity import adjust_directory_permissions
from ambari_server.userInput import get_YN_input, get_validated_string_input
from ambari_server.utils import locate_file
# selinux commands
GET_SE_LINUX_ST_CMD = locate_file('sestatus', '/usr/sbin')
SE_SETENFORCE_CMD = "setenforce 0"
SE_STATUS_DISABLED = "disabled"
SE_STATUS_ENABLED = "enabled"
SE_MODE_ENFORCING = "enforcing"
SE_MODE_PERMISSIVE = "permissive"
PERSISTENCE_TYPE_PROPERTY = "server.persistence.type"
TAR_GZ_ARCHIVE_TYPE = ".tar.gz"
# Non-root user setup commands
NR_USER_COMMENT = "Ambari user"
VIEW_EXTRACT_CMD = "{0} -cp {1} " + \
"org.apache.ambari.server.view.ViewRegistry extract {2} " + \
def __init__(self):
super(ServerConfigDefaultsLinux, self).__init__()
# JDK
self.JDK_INSTALL_DIR = "/usr/jdk64"
self.JDK_SEARCH_PATTERN = "jdk*"
self.JAVA_EXE_SUBPATH = "bin/java"
# Configuration defaults
self.DEFAULT_CONF_DIR = "/etc/ambari-server/conf"
self.DEFAULT_LIBS_DIR = "/usr/lib/ambari-server"
self.DEFAULT_VLIBS_DIR = "/var/lib/ambari-server"
self.AMBARI_PROPERTIES_BACKUP_FILE = "ambari.properties.rpmsave"
self.AMBARI_ENV_BACKUP_FILE = "ambari-env.sh.rpmsave"
self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = "krb5JAASLogin.conf.rpmsave"
# ownership/permissions mapping
# path - permissions - user - group - recursive
# Rules are executed in the same order as they are listed
# {0} in user/group will be replaced by customized ambari-server username
self.NR_ADJUST_OWNERSHIP_LIST = [
("/var/log/ambari-server/", "644", "{0}", True),
("/var/log/ambari-server/", "755", "{0}", False),
("/var/run/ambari-server/", "644", "{0}", True),
("/var/run/ambari-server/", "755", "{0}", False),
("/var/run/ambari-server/bootstrap", "755", "{0}", False),
("/var/lib/ambari-server/ambari-env.sh", "700", "{0}", False),
("/var/lib/ambari-server/ambari-sudo.sh", "700", "{0}", False),
("/var/lib/ambari-server/keys/", "600", "{0}", True),
("/var/lib/ambari-server/keys/", "700", "{0}", False),
("/var/lib/ambari-server/keys/db/", "700", "{0}", False),
("/var/lib/ambari-server/keys/db/newcerts/", "700", "{0}", False),
("/var/lib/ambari-server/keys/.ssh", "700", "{0}", False),
("/var/lib/ambari-server/resources/common-services/", "755", "{0}", True),
("/var/lib/ambari-server/resources/stacks/", "755", "{0}", True),
("/var/lib/ambari-server/resources/custom_actions/", "755", "{0}", True),
("/var/lib/ambari-server/resources/host_scripts/", "755", "{0}", True),
("/var/lib/ambari-server/resources/views/", "644", "{0}", True),
("/var/lib/ambari-server/resources/views/", "755", "{0}", False),
("/var/lib/ambari-server/resources/views/work/", "755", "{0}", True),
("/etc/ambari-server/conf/", "644", "{0}", True),
("/etc/ambari-server/conf/", "755", "{0}", False),
("/etc/ambari-server/conf/password.dat", "640", "{0}", False),
("/var/lib/ambari-server/keys/pass.txt", "600", "{0}", False),
("/etc/ambari-server/conf/ldap-password.dat", "640", "{0}", False),
("/var/run/ambari-server/stack-recommendations/", "744", "{0}", True),
("/var/run/ambari-server/stack-recommendations/", "755", "{0}", False),
("/var/lib/ambari-server/resources/data/", "644", "{0}", False),
("/var/lib/ambari-server/resources/data/", "755", "{0}", False),
("/var/lib/ambari-server/data/tmp/", "644", "{0}", True),
("/var/lib/ambari-server/data/tmp/", "755", "{0}", False),
("/var/lib/ambari-server/data/cache/", "600", "{0}", True),
("/var/lib/ambari-server/data/cache/", "700", "{0}", False),
# Also, /etc/ambari-server/conf/password.dat
# is generated later at store_password_file
]
self.NR_CHANGE_OWNERSHIP_LIST = [
("/var/lib/ambari-server", "{0}", True),
("/usr/lib/ambari-server", "{0}", True),
("/var/log/ambari-server", "{0}", True),
("/var/run/ambari-server", "{0}", True),
("/etc/ambari-server", "{0}", True),
]
self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \
'--shell %s -d /var/lib/ambari-server/keys/ {0}' % locate_file('nologin', '/sbin')
self.SERVER_RESOURCES_DIR = "/var/lib/ambari-server/resources"
self.STACK_LOCATION_DEFAULT = "/var/lib/ambari-server/resources/stacks"
self.DEFAULT_VIEWS_DIR = "/var/lib/ambari-server/resources/views"
#keytool commands
self.keytool_bin_subpath = "bin/keytool"
#Standard messages
self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with administrator privileges."
self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup should be run with root-level privileges"
self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset should be run with root-level privileges"
self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with root-level privileges"
self.MESSAGE_CHECK_FIREWALL = "Checking firewall status..."
def generate_child_process_param_list(ambari_user, current_user, java_exe,
class_path, debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
environ = os.environ.copy()
# Need to handle master key not persisted scenario
if isSecure and not masterKeyFile:
prompt = False
masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
if masterKey is not None and masterKey != "":
pass
else:
keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
if keyLocation is not None:
try:
# Verify master key can be read by the java process
with open(keyLocation, 'r'):
pass
except IOError:
print_warning_msg(
"Cannot read Master key from path specified in "
"environemnt.")
prompt = True
else:
# Key not provided in the environment
prompt = True
if prompt:
import pwd
masterKey = get_original_master_key(properties)
tempDir = tempfile.gettempdir()
tempFilePath = tempDir + os.sep + "masterkey"
save_master_key(masterKey, tempFilePath, True)
if ambari_user != current_user:
uid = pwd.getpwnam(ambari_user).pw_uid
gid = pwd.getpwnam(ambari_user).pw_gid
os.chown(tempFilePath, uid, gid)
else:
os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
if tempFilePath is not None:
environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(
java_exe, ambari_provider_module_option, jvm_args, class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(
ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'),
ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'),
command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd,
command=command)
param_list.append(cmd)
return (param_list, environ)
def __init__(self):
super(ServerConfigDefaultsLinux, self).__init__()
# JDK
self.JDK_INSTALL_DIR = "/usr/jdk64"
self.JDK_SEARCH_PATTERN = "jdk*"
self.JAVA_EXE_SUBPATH = "bin/java"
# Configuration defaults
self.DEFAULT_CONF_DIR = "/etc/ambari-server/conf"
self.DEFAULT_LIBS_DIR = "/usr/lib/ambari-server"
self.DEFAULT_VLIBS_DIR = "/var/lib/ambari-server"
self.AMBARI_PROPERTIES_BACKUP_FILE = "ambari.properties.rpmsave"
self.AMBARI_ENV_BACKUP_FILE = "ambari-env.sh.rpmsave"
self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = "krb5JAASLogin.conf.rpmsave"
# ownership/permissions mapping
# path - permissions - user - group - recursive
# Rules are executed in the same order as they are listed
# {0} in user/group will be replaced by customized ambari-server username
self.NR_ADJUST_OWNERSHIP_LIST = [
("/var/log/ambari-server/", "644", "{0}", True),
("/var/log/ambari-server/", "755", "{0}", False),
("/var/run/ambari-server/", "644", "{0}", True),
("/var/run/ambari-server/", "755", "{0}", False),
("/var/run/ambari-server/bootstrap", "755", "{0}", False),
("/var/lib/ambari-server/ambari-env.sh", "700", "{0}", False),
("/var/lib/ambari-server/ambari-sudo.sh", "700", "{0}", False),
("/var/lib/ambari-server/keys/", "600", "{0}", True),
("/var/lib/ambari-server/keys/", "700", "{0}", False),
("/var/lib/ambari-server/keys/db/", "700", "{0}", False),
("/var/lib/ambari-server/keys/db/newcerts/", "700", "{0}", False),
("/var/lib/ambari-server/keys/.ssh", "700", "{0}", False),
("/var/lib/ambari-server/resources/common-services/", "755", "{0}", True),
("/var/lib/ambari-server/resources/stacks/", "755", "{0}", True),
("/var/lib/ambari-server/resources/custom_actions/", "755", "{0}", True),
("/var/lib/ambari-server/resources/host_scripts/", "755", "{0}", True),
("/var/lib/ambari-server/resources/views/", "644", "{0}", True),
("/var/lib/ambari-server/resources/views/", "755", "{0}", False),
("/var/lib/ambari-server/resources/views/work/", "755", "{0}", True),
("/etc/ambari-server/conf/", "644", "{0}", True),
("/etc/ambari-server/conf/", "755", "{0}", False),
("/etc/ambari-server/conf/password.dat", "640", "{0}", False),
("/var/lib/ambari-server/keys/pass.txt", "600", "{0}", False),
("/etc/ambari-server/conf/ldap-password.dat", "640", "{0}", False),
("/var/run/ambari-server/stack-recommendations/", "744", "{0}", True),
("/var/run/ambari-server/stack-recommendations/", "755", "{0}", False),
("/var/lib/ambari-server/resources/data/", "644", "{0}", False),
("/var/lib/ambari-server/resources/data/", "755", "{0}", False),
("/var/lib/ambari-server/data/tmp/", "644", "{0}", True),
("/var/lib/ambari-server/data/tmp/", "755", "{0}", False),
("/var/lib/ambari-server/data/cache/", "600", "{0}", True),
("/var/lib/ambari-server/data/cache/", "700", "{0}", False),
# Also, /etc/ambari-server/conf/password.dat
# is generated later at store_password_file
]
self.NR_CHANGE_OWNERSHIP_LIST = [
("/var/lib/ambari-server", "{0}", True),
("/usr/lib/ambari-server", "{0}", True),
("/var/log/ambari-server", "{0}", True),
("/var/run/ambari-server", "{0}", True),
("/etc/ambari-server", "{0}", True),
]
self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \
'--shell %s -d /var/lib/ambari-server/keys/ {0}' % locate_file('nologin', '/sbin')
self.SERVER_RESOURCES_DIR = "/var/lib/ambari-server/resources"
self.STACK_LOCATION_DEFAULT = "/var/lib/ambari-server/resources/stacks"
self.DEFAULT_VIEWS_DIR = "/var/lib/ambari-server/resources/views"
#keytool commands
self.keytool_bin_subpath = "bin/keytool"
#Standard messages
self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with administrator privileges."
self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup should be run with root-level privileges"
self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset should be run with root-level privileges"
self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with root-level privileges"
self.MESSAGE_CHECK_FIREWALL = "Checking firewall status..."
def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
environ = os.environ.copy()
# Need to handle master key not persisted scenario
if isSecure and not masterKeyFile:
prompt = False
masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
if masterKey is not None and masterKey != "":
pass
else:
keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
if keyLocation is not None:
try:
# Verify master key can be read by the java process
with open(keyLocation, 'r'):
pass
except IOError:
print_warning_msg("Cannot read Master key from path specified in "
"environemnt.")
prompt = True
else:
# Key not provided in the environment
prompt = True
if prompt:
import pwd
masterKey = get_original_master_key(properties)
tempDir = tempfile.gettempdir()
tempFilePath = tempDir + os.sep + "masterkey"
save_master_key(masterKey, tempFilePath, True)
if ambari_user != current_user:
uid = pwd.getpwnam(ambari_user).pw_uid
gid = pwd.getpwnam(ambari_user).pw_gid
os.chown(tempFilePath, uid, gid)
else:
os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
if tempFilePath is not None:
environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return (param_list, environ)
