in config['configurations']['kafka-broker'])
and ((config['configurations']['kafka-broker']
['security.inter.broker.protocol'] == "PLAINTEXTSASL") or
(config['configurations']['kafka-broker']
['security.inter.broker.protocol'] == "SASL_PLAINTEXT")))
if security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \
and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted):
_hostname_lowercase = config['hostname'].lower()
_kafka_principal_name = config['configurations']['kafka-env'][
'kafka_principal_name']
kafka_jaas_principal = _kafka_principal_name.replace(
'_HOST', _hostname_lowercase)
kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf"
else:
kafka_kerberos_params = ''
kafka_jaas_principal = None
kafka_keytab_path = None
# *********************** RANGER PLUGIN CHANGES ***********************
# ranger host
# **********************************************************************
ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
has_ranger_admin = not len(ranger_admin_hosts) == 0
xml_configurations_supported = config['configurations']['ranger-env'][
'xml_configurations_supported']
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
else:
metric_collector_protocol = 'http'
pass
# Security-related params
security_enabled = config['configurations']['cluster-env']['security_enabled']
kafka_kerberos_enabled = (('security.inter.broker.protocol' in config['configurations']['kafka-broker']) and
((config['configurations']['kafka-broker']['security.inter.broker.protocol'] == "PLAINTEXTSASL") or
(config['configurations']['kafka-broker']['security.inter.broker.protocol'] == "SASL_PLAINTEXT")))
if security_enabled and hdp_stack_version != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] and compare_versions(hdp_stack_version, '2.3') >= 0:
_hostname_lowercase = config['hostname'].lower()
_kafka_principal_name = config['configurations']['kafka-env']['kafka_principal_name']
kafka_jaas_principal = _kafka_principal_name.replace('_HOST',_hostname_lowercase)
kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
kafka_kerberos_params = "-Djava.security.auth.login.config="+ conf_dir +"/kafka_jaas.conf"
else:
kafka_kerberos_params = ''
# *********************** RANGER PLUGIN CHANGES ***********************
# ranger host
# **********************************************************************
ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
has_ranger_admin = not len(ranger_admin_hosts) == 0
xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
ranger_admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir","/var/log/ranger/admin")
is_supported_kafka_ranger = config['configurations']['kafka-env']['is_supported_kafka_ranger']
kafka_other_sasl_enabled = not kerberos_security_enabled and check_stack_feature(StackFeature.KAFKA_LISTENERS, stack_version_formatted) and \
check_stack_feature(StackFeature.KAFKA_EXTENDED_SASL_SUPPORT, format_stack_version(version_for_stack_feature_checks)) and \
(("SASL_PLAINTEXT" in config['configurations']['kafka-broker']['listeners']) or
("PLAINTEXTSASL" in config['configurations']['kafka-broker']['listeners']) or #to support backward compability (we'll replace this anyway before we write it to server.properties)
("SASL_SSL" in config['configurations']['kafka-broker']['listeners']))
if kerberos_security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \
and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted):
_hostname_lowercase = config['agentLevelParams']['hostname'].lower()
_kafka_principal_name = config['configurations']['kafka-env'][
'kafka_principal_name']
kafka_jaas_principal = _kafka_principal_name.replace(
'_HOST', _hostname_lowercase)
kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf"
elif kafka_other_sasl_enabled:
kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf"
else:
kafka_kerberos_params = ''
kafka_jaas_principal = None
kafka_keytab_path = None
# for curl command in ranger plugin to get db connector
jdk_location = config['ambariLevelParams']['jdk_location']
# ranger kafka plugin section start
# ranger host
ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
streamline_managed_pid_dir = "/var/run/streamline"
streamine_managed_log_dir = "/var/log/streamline"
user_group = config['configurations']['cluster-env']['user_group']
java64_home = config['hostLevelParams']['java_home']
streamline_env_sh_template = config['configurations']['streamline-env']['content']
streamline_jaas_conf_template = default("/configurations/streamline_jaas_conf/content", None)
if security_enabled:
smokeuser = config['configurations']['cluster-env']['smokeuser']
smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name']
smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
_hostname_lowercase = config['hostname'].lower()
_streamline_principal_name = config['configurations']['streamline-env']['streamline_principal_name']
streamline_jaas_principal = _streamline_principal_name.replace('_HOST', _hostname_lowercase)
streamline_bare_principal = get_bare_principal(streamline_jaas_principal)
streamline_keytab_path = config['configurations']['streamline-env']['streamline_keytab']
streamline_ui_keytab_path = config['configurations']['streamline-env']['streamline_ui_keytab']
_streamline_ui_jaas_principal_name = config['configurations']['streamline-env']['streamline_ui_principal_name']
streamline_ui_jaas_principal = _streamline_ui_jaas_principal_name.replace('_HOST', _hostname_lowercase)
streamline_kerberos_params = " -Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Dzookeeper.sasl.clientconfig=RegistryClient -Djava.security.auth.login.config=" + conf_dir + "/streamline_jaas.conf"
streamline_servlet_filter = config['configurations']['streamline-common']['servlet.filter']
streamline_servlet_kerberos_name_rules = config['configurations']['streamline-common']['kerberos.name.rules']
streamline_servlet_token_validity = config['configurations']['streamline-common']['token.validity']
streamline_authorizer_class = config['configurations']['streamline-common']['authorizer.class.name']
streamline_admin_principals = config['configurations']['streamline-common']['admin.principals'].replace(
"{{streamline_bare_principal}}", streamline_bare_principal)
streamline_kinit_cmd = config['configurations']['streamline-common']['kinit.cmd']
streamline_ticket_renew_window_factor = config['configurations']['streamline-common']['ticket.renew.window.factor']
streamline_ticket_renew_jitter = config['configurations']['streamline-common']['ticket.renew.jitter']
streamline_min_time_before_login = config['configurations']['streamline-common']['min.time.before.login']
in ("SASL_PLAINTEXT", "SASL_SSL")))
kafka_other_sasl_enabled = not kerberos_security_enabled and check_stack_feature(StackFeature.KAFKA_LISTENERS, stack_version_formatted) and \
check_stack_feature(StackFeature.KAFKA_EXTENDED_SASL_SUPPORT, format_stack_version(version_for_stack_feature_checks)) and \
(("SASL_PLAINTEXT" in config['configurations']['kafka-broker']['listeners']) or
("SASL_SSL" in config['configurations']['kafka-broker']['listeners']))
if kerberos_security_enabled and stack_version_formatted != "" and 'kafka_principal_name' in config['configurations']['kafka-env'] \
and check_stack_feature(StackFeature.KAFKA_KERBEROS, stack_version_formatted):
_hostname_lowercase = config['agentLevelParams']['hostname'].lower()
_kafka_principal_name = config['configurations']['kafka-env'][
'kafka_principal_name']
kafka_jaas_principal = _kafka_principal_name.replace(
'_HOST', _hostname_lowercase)
kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf"
elif kafka_other_sasl_enabled:
kafka_kerberos_params = "-Djava.security.auth.login.config=" + conf_dir + "/kafka_jaas.conf"
else:
kafka_kerberos_params = ''
kafka_jaas_principal = None
kafka_keytab_path = None
if kerberos_security_enabled:
# zookeeper principal
zookeeper_principal = default(
"/configurations/zookeeper-env/zookeeper_principal_name",
"*****@*****.**")
zookeeper_principal_primary = get_bare_principal(zookeeper_principal)
kafka_kerberos_params += format(
