in config['configurations']['kafka-broker']) and ((config['configurations']['kafka-broker'] ['security.inter.broker.protocol'] == "PLAINTEXTSASL") or (config['configurations']['kafka-broker'] ['security.inter.broker.protocol'] == "SASL_PLAINTEXT"))) if security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \ and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted): _hostname_lowercase = config['hostname'].lower() _kafka_principal_name = config['configurations']['kafka-env'][ 'kafka_principal_name'] kafka_jaas_principal = _kafka_principal_name.replace( '_HOST', _hostname_lowercase) kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab'] kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name) kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf" else: kafka_kerberos_params = '' kafka_jaas_principal = None kafka_keytab_path = None # *********************** RANGER PLUGIN CHANGES *********************** # ranger host # ********************************************************************** ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env'][ 'xml_configurations_supported'] ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
else: metric_collector_protocol = 'http' pass # Security-related params security_enabled = config['configurations']['cluster-env']['security_enabled'] kafka_kerberos_enabled = (('security.inter.broker.protocol' in config['configurations']['kafka-broker']) and ((config['configurations']['kafka-broker']['security.inter.broker.protocol'] == "PLAINTEXTSASL") or (config['configurations']['kafka-broker']['security.inter.broker.protocol'] == "SASL_PLAINTEXT"))) if security_enabled and hdp_stack_version != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] and compare_versions(hdp_stack_version, '2.3') >= 0: _hostname_lowercase = config['hostname'].lower() _kafka_principal_name = config['configurations']['kafka-env']['kafka_principal_name'] kafka_jaas_principal = _kafka_principal_name.replace('_HOST',_hostname_lowercase) kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab'] kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name) kafka_kerberos_params = "-Djava.security.auth.login.config="+ conf_dir +"/kafka_jaas.conf" else: kafka_kerberos_params = '' # *********************** RANGER PLUGIN CHANGES *********************** # ranger host # ********************************************************************** ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0] ranger_admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir","/var/log/ranger/admin") is_supported_kafka_ranger = config['configurations']['kafka-env']['is_supported_kafka_ranger']
kafka_other_sasl_enabled = not kerberos_security_enabled and check_stack_feature(StackFeature.KAFKA_LISTENERS, stack_version_formatted) and \ check_stack_feature(StackFeature.KAFKA_EXTENDED_SASL_SUPPORT, format_stack_version(version_for_stack_feature_checks)) and \ (("SASL_PLAINTEXT" in config['configurations']['kafka-broker']['listeners']) or ("PLAINTEXTSASL" in config['configurations']['kafka-broker']['listeners']) or #to support backward compability (we'll replace this anyway before we write it to server.properties) ("SASL_SSL" in config['configurations']['kafka-broker']['listeners'])) if kerberos_security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \ and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted): _hostname_lowercase = config['agentLevelParams']['hostname'].lower() _kafka_principal_name = config['configurations']['kafka-env'][ 'kafka_principal_name'] kafka_jaas_principal = _kafka_principal_name.replace( '_HOST', _hostname_lowercase) kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab'] kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name) kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf" elif kafka_other_sasl_enabled: kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf" else: kafka_kerberos_params = '' kafka_jaas_principal = None kafka_keytab_path = None # for curl command in ranger plugin to get db connector jdk_location = config['ambariLevelParams']['jdk_location'] # ranger kafka plugin section start # ranger host ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
streamline_managed_pid_dir = "/var/run/streamline" streamine_managed_log_dir = "/var/log/streamline" user_group = config['configurations']['cluster-env']['user_group'] java64_home = config['hostLevelParams']['java_home'] streamline_env_sh_template = config['configurations']['streamline-env']['content'] streamline_jaas_conf_template = default("/configurations/streamline_jaas_conf/content", None) if security_enabled: smokeuser = config['configurations']['cluster-env']['smokeuser'] smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name'] smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] _hostname_lowercase = config['hostname'].lower() _streamline_principal_name = config['configurations']['streamline-env']['streamline_principal_name'] streamline_jaas_principal = _streamline_principal_name.replace('_HOST', _hostname_lowercase) streamline_bare_principal = get_bare_principal(streamline_jaas_principal) streamline_keytab_path = config['configurations']['streamline-env']['streamline_keytab'] streamline_ui_keytab_path = config['configurations']['streamline-env']['streamline_ui_keytab'] _streamline_ui_jaas_principal_name = config['configurations']['streamline-env']['streamline_ui_principal_name'] streamline_ui_jaas_principal = _streamline_ui_jaas_principal_name.replace('_HOST', _hostname_lowercase) streamline_kerberos_params = " -Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Dzookeeper.sasl.clientconfig=RegistryClient -Djava.security.auth.login.config=" + conf_dir + "/streamline_jaas.conf" streamline_servlet_filter = config['configurations']['streamline-common']['servlet.filter'] streamline_servlet_kerberos_name_rules = config['configurations']['streamline-common']['kerberos.name.rules'] streamline_servlet_token_validity = config['configurations']['streamline-common']['token.validity'] streamline_authorizer_class = config['configurations']['streamline-common']['authorizer.class.name'] streamline_admin_principals = config['configurations']['streamline-common']['admin.principals'].replace( "{{streamline_bare_principal}}", streamline_bare_principal) streamline_kinit_cmd = config['configurations']['streamline-common']['kinit.cmd'] streamline_ticket_renew_window_factor = config['configurations']['streamline-common']['ticket.renew.window.factor'] streamline_ticket_renew_jitter = config['configurations']['streamline-common']['ticket.renew.jitter'] streamline_min_time_before_login = config['configurations']['streamline-common']['min.time.before.login']
in ("SASL_PLAINTEXT", "SASL_SSL"))) kafka_other_sasl_enabled = not kerberos_security_enabled and check_stack_feature(StackFeature.KAFKA_LISTENERS, stack_version_formatted) and \ check_stack_feature(StackFeature.KAFKA_EXTENDED_SASL_SUPPORT, format_stack_version(version_for_stack_feature_checks)) and \ (("SASL_PLAINTEXT" in config['configurations']['kafka-broker']['listeners']) or ("SASL_SSL" in config['configurations']['kafka-broker']['listeners'])) if kerberos_security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \ and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted): _hostname_lowercase = config['agentLevelParams']['hostname'].lower() _kafka_principal_name = config['configurations']['kafka-env'][ 'kafka_principal_name'] kafka_jaas_principal = _kafka_principal_name.replace( '_HOST', _hostname_lowercase) kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab'] kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name) kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf" elif kafka_other_sasl_enabled: kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf" else: kafka_kerberos_params = '' kafka_jaas_principal = None kafka_keytab_path = None if kerberos_security_enabled: # zookeeper principal zookeeper_principal = default( "/configurations/zookeeper-env/zookeeper_principal_name", "*****@*****.**") zookeeper_principal_primary = get_bare_principal(zookeeper_principal) kafka_kerberos_params += format(