def generate_child_process_param_list(ambari_user, java_exe, class_path, debug_start, suspend_mode): from ambari_commons.os_linux import ULIMIT_CMD properties = get_ambari_properties() command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties))) command = command_base.format(java_exe, ambari_provider_module_option, jvm_args, class_path, configDefaults.SERVER_OUT_FILE, os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode) # required to start properly server instance os.chdir(configDefaults.ROOT_FS_PATH) #For properly daemonization server should be started using shell as parent param_list = [locate_file('sh', '/bin'), "-c"] if is_root() and ambari_user != "root": # To inherit exported environment variables (especially AMBARI_PASSPHRASE), # from subprocess, we have to skip --login option of su command. That's why # we change dir to / (otherwise subprocess can face with 'permission denied' # errors while trying to list current directory cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd, su=locate_file('su', '/bin'), ambari_user=ambari_user, sh_shell=locate_file('sh', '/bin'), command=command) else: cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command) param_list.append(cmd) return param_list
def __init__(self, options): super(AmbariUserChecksLinux, self).__init__() self.NR_USER_CHANGE_PROMPT = "Ambari-server daemon is configured to run under user '{0}'. Change this setting [y/n] ({1})? " self.NR_USER_CUSTOMIZE_PROMPT = "Customize user account for ambari-server daemon [y/n] ({0})? " self.NR_DEFAULT_USER = "******" self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \ '--shell %s -d /var/lib/ambari-server/keys/ {0}' % locate_file('nologin', '/sbin')
def wait_for_server_start(pidFile, scmStatus): #wait for server process for SERVER_START_TIMEOUT seconds sys.stdout.write('Waiting for server start...') sys.stdout.flush() pids = looking_for_pid(SERVER_SEARCH_PATTERN, SERVER_INIT_TIMEOUT) found_pids = wait_for_pid(pids, SERVER_START_TIMEOUT) sys.stdout.write('\n') sys.stdout.flush() if found_pids <= 0: exitcode = check_exitcode(os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)) raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE)) else: save_main_pid_ex(pids, pidFile, [locate_file('sh', '/bin'), locate_file('bash', '/bin'), locate_file('dash', '/bin')], True)
from ambari_commons.str_utils import compress_backslashes from ambari_server.dbConfiguration import DBMSConfigFactory, check_jdbc_drivers from ambari_server.serverConfiguration import configDefaults, JDKRelease, \ get_ambari_properties, get_full_ambari_classpath, get_is_secure, get_is_persisted, get_java_exe_path, get_JAVA_HOME, \ get_resources_location, get_value_from_properties, read_ambari_user, update_properties, validate_jdk, write_property, \ JAVA_HOME, JAVA_HOME_PROPERTY, JCE_NAME_PROPERTY, JDBC_RCA_URL_PROPERTY, JDBC_URL_PROPERTY, \ JDK_NAME_PROPERTY, JDK_RELEASES, NR_USER_PROPERTY, OS_FAMILY, OS_FAMILY_PROPERTY, OS_TYPE, OS_TYPE_PROPERTY, OS_VERSION, \ VIEWS_DIR_PROPERTY, JDBC_DATABASE_PROPERTY, JDK_DOWNLOAD_SUPPORTED_PROPERTY, JCE_DOWNLOAD_SUPPORTED_PROPERTY from ambari_server.serverUtils import is_server_runing from ambari_server.setupSecurity import adjust_directory_permissions from ambari_server.userInput import get_YN_input, get_validated_string_input from ambari_server.utils import locate_file # selinux commands GET_SE_LINUX_ST_CMD = locate_file('sestatus', '/usr/sbin') SE_SETENFORCE_CMD = "setenforce 0" SE_STATUS_DISABLED = "disabled" SE_STATUS_ENABLED = "enabled" SE_MODE_ENFORCING = "enforcing" SE_MODE_PERMISSIVE = "permissive" PERSISTENCE_TYPE_PROPERTY = "server.persistence.type" TAR_GZ_ARCHIVE_TYPE = ".tar.gz" # Non-root user setup commands NR_USER_COMMENT = "Ambari user" VIEW_EXTRACT_CMD = "{0} -cp {1} " + \ "org.apache.ambari.server.view.ViewRegistry extract {2} " + \
def __init__(self): super(ServerConfigDefaultsLinux, self).__init__() # JDK self.JDK_INSTALL_DIR = "/usr/jdk64" self.JDK_SEARCH_PATTERN = "jdk*" self.JAVA_EXE_SUBPATH = "bin/java" # Configuration defaults self.DEFAULT_CONF_DIR = "/etc/ambari-server/conf" self.DEFAULT_LIBS_DIR = "/usr/lib/ambari-server" self.DEFAULT_VLIBS_DIR = "/var/lib/ambari-server" self.AMBARI_PROPERTIES_BACKUP_FILE = "ambari.properties.rpmsave" self.AMBARI_ENV_BACKUP_FILE = "ambari-env.sh.rpmsave" self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = "krb5JAASLogin.conf.rpmsave" # ownership/permissions mapping # path - permissions - user - group - recursive # Rules are executed in the same order as they are listed # {0} in user/group will be replaced by customized ambari-server username self.NR_ADJUST_OWNERSHIP_LIST = [ ("/var/log/ambari-server/", "644", "{0}", True), ("/var/log/ambari-server/", "755", "{0}", False), ("/var/run/ambari-server/", "644", "{0}", True), ("/var/run/ambari-server/", "755", "{0}", False), ("/var/run/ambari-server/bootstrap", "755", "{0}", False), ("/var/lib/ambari-server/ambari-env.sh", "700", "{0}", False), ("/var/lib/ambari-server/ambari-sudo.sh", "700", "{0}", False), ("/var/lib/ambari-server/keys/", "600", "{0}", True), ("/var/lib/ambari-server/keys/", "700", "{0}", False), ("/var/lib/ambari-server/keys/db/", "700", "{0}", False), ("/var/lib/ambari-server/keys/db/newcerts/", "700", "{0}", False), ("/var/lib/ambari-server/keys/.ssh", "700", "{0}", False), ("/var/lib/ambari-server/resources/common-services/", "755", "{0}", True), ("/var/lib/ambari-server/resources/stacks/", "755", "{0}", True), ("/var/lib/ambari-server/resources/custom_actions/", "755", "{0}", True), ("/var/lib/ambari-server/resources/host_scripts/", "755", "{0}", True), ("/var/lib/ambari-server/resources/views/", "644", "{0}", True), ("/var/lib/ambari-server/resources/views/", "755", "{0}", False), ("/var/lib/ambari-server/resources/views/work/", "755", "{0}", True), ("/etc/ambari-server/conf/", "644", "{0}", True), ("/etc/ambari-server/conf/", "755", "{0}", False), ("/etc/ambari-server/conf/password.dat", "640", "{0}", False), ("/var/lib/ambari-server/keys/pass.txt", "600", "{0}", False), ("/etc/ambari-server/conf/ldap-password.dat", "640", "{0}", False), ("/var/run/ambari-server/stack-recommendations/", "744", "{0}", True), ("/var/run/ambari-server/stack-recommendations/", "755", "{0}", False), ("/var/lib/ambari-server/resources/data/", "644", "{0}", False), ("/var/lib/ambari-server/resources/data/", "755", "{0}", False), ("/var/lib/ambari-server/data/tmp/", "644", "{0}", True), ("/var/lib/ambari-server/data/tmp/", "755", "{0}", False), ("/var/lib/ambari-server/data/cache/", "600", "{0}", True), ("/var/lib/ambari-server/data/cache/", "700", "{0}", False), # Also, /etc/ambari-server/conf/password.dat # is generated later at store_password_file ] self.NR_CHANGE_OWNERSHIP_LIST = [ ("/var/lib/ambari-server", "{0}", True), ("/usr/lib/ambari-server", "{0}", True), ("/var/log/ambari-server", "{0}", True), ("/var/run/ambari-server", "{0}", True), ("/etc/ambari-server", "{0}", True), ] self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \ '--shell %s -d /var/lib/ambari-server/keys/ {0}' % locate_file('nologin', '/sbin') self.SERVER_RESOURCES_DIR = "/var/lib/ambari-server/resources" self.STACK_LOCATION_DEFAULT = "/var/lib/ambari-server/resources/stacks" self.DEFAULT_VIEWS_DIR = "/var/lib/ambari-server/resources/views" #keytool commands self.keytool_bin_subpath = "bin/keytool" #Standard messages self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with administrator privileges." self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup should be run with root-level privileges" self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset should be run with root-level privileges" self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with root-level privileges" self.MESSAGE_CHECK_FIREWALL = "Checking firewall status..."
def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode): from ambari_commons.os_linux import ULIMIT_CMD properties = get_ambari_properties() isSecure = get_is_secure(properties) (isPersisted, masterKeyFile) = get_is_persisted(properties) environ = os.environ.copy() # Need to handle master key not persisted scenario if isSecure and not masterKeyFile: prompt = False masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME) if masterKey is not None and masterKey != "": pass else: keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION) if keyLocation is not None: try: # Verify master key can be read by the java process with open(keyLocation, 'r'): pass except IOError: print_warning_msg( "Cannot read Master key from path specified in " "environemnt.") prompt = True else: # Key not provided in the environment prompt = True if prompt: import pwd masterKey = get_original_master_key(properties) tempDir = tempfile.gettempdir() tempFilePath = tempDir + os.sep + "masterkey" save_master_key(masterKey, tempFilePath, True) if ambari_user != current_user: uid = pwd.getpwnam(ambari_user).pw_uid gid = pwd.getpwnam(ambari_user).pw_gid os.chown(tempFilePath, uid, gid) else: os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE) if tempFilePath is not None: environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties))) command = command_base.format( java_exe, ambari_provider_module_option, jvm_args, class_path, configDefaults.SERVER_OUT_FILE, os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode) # required to start properly server instance os.chdir(configDefaults.ROOT_FS_PATH) #For properly daemonization server should be started using shell as parent param_list = [locate_file('sh', '/bin'), "-c"] if is_root() and ambari_user != "root": # To inherit exported environment variables (especially AMBARI_PASSPHRASE), # from subprocess, we have to skip --login option of su command. That's why # we change dir to / (otherwise subprocess can face with 'permission denied' # errors while trying to list current directory cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format( ulimit_cmd=ulimit_cmd, su=locate_file('su', '/bin'), ambari_user=ambari_user, sh_shell=locate_file('sh', '/bin'), command=command) else: cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command) param_list.append(cmd) return (param_list, environ)
def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode): from ambari_commons.os_linux import ULIMIT_CMD properties = get_ambari_properties() isSecure = get_is_secure(properties) (isPersisted, masterKeyFile) = get_is_persisted(properties) environ = os.environ.copy() # Need to handle master key not persisted scenario if isSecure and not masterKeyFile: prompt = False masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME) if masterKey is not None and masterKey != "": pass else: keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION) if keyLocation is not None: try: # Verify master key can be read by the java process with open(keyLocation, 'r'): pass except IOError: print_warning_msg("Cannot read Master key from path specified in " "environemnt.") prompt = True else: # Key not provided in the environment prompt = True if prompt: import pwd masterKey = get_original_master_key(properties) tempDir = tempfile.gettempdir() tempFilePath = tempDir + os.sep + "masterkey" save_master_key(masterKey, tempFilePath, True) if ambari_user != current_user: uid = pwd.getpwnam(ambari_user).pw_uid gid = pwd.getpwnam(ambari_user).pw_gid os.chown(tempFilePath, uid, gid) else: os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE) if tempFilePath is not None: environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties))) command = command_base.format(java_exe, ambari_provider_module_option, jvm_args, class_path, configDefaults.SERVER_OUT_FILE, os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode) # required to start properly server instance os.chdir(configDefaults.ROOT_FS_PATH) #For properly daemonization server should be started using shell as parent param_list = [locate_file('sh', '/bin'), "-c"] if is_root() and ambari_user != "root": # To inherit exported environment variables (especially AMBARI_PASSPHRASE), # from subprocess, we have to skip --login option of su command. That's why # we change dir to / (otherwise subprocess can face with 'permission denied' # errors while trying to list current directory cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd, su=locate_file('su', '/bin'), ambari_user=ambari_user, sh_shell=locate_file('sh', '/bin'), command=command) else: cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command) param_list.append(cmd) return (param_list, environ)