示例#1
0
def reset(options):
  if not is_root():
    err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT
    raise FatalException(4, err)

  status, stateDesc = is_server_runing()
  if status:
    err = 'Ambari-server must be stopped to reset'
    raise FatalException(1, err)

  #force reset if silent option provided
  if get_silent():
    default = "yes"
  else:
    default = "no"

  choice = get_YN_input("**** WARNING **** You are about to reset and clear the "
                        "Ambari Server database. This will remove all cluster "
                        "host and configuration information from the database. "
                        "You will be required to re-configure the Ambari server "
                        "and re-run the cluster wizard. \n"
                        "Are you SURE you want to perform the reset "
                        "[yes/no] ({0})? ".format(default), get_silent())
  okToRun = choice
  if not okToRun:
    err = "Ambari Server 'reset' cancelled"
    raise FatalException(1, err)

  _reset_database(options)
  pass
示例#2
0
def setup_pam():
    if not is_root():
        err = 'Ambari-server setup-pam should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)

    properties = get_ambari_properties()

    if get_value_from_properties(properties, CLIENT_SECURITY_KEY,
                                 "") == 'ldap':
        err = "LDAP is configured. Can not setup PAM."
        raise FatalException(1, err)

    pam_property_value_map = {}
    pam_property_value_map[CLIENT_SECURITY_KEY] = 'pam'

    pamConfig = get_validated_string_input("Enter PAM configuration file: ",
                                           PAM_CONFIG_FILE, REGEX_ANYTHING,
                                           "Invalid characters in the input!",
                                           False, False)

    pam_property_value_map[PAM_CONFIG_FILE] = pamConfig

    if get_YN_input(
            "Do you want to allow automatic group creation [y/n] (y)? ", True):
        pam_property_value_map[AUTO_GROUP_CREATION] = 'true'
    else:
        pam_property_value_map[AUTO_GROUP_CREATION] = 'false'

    update_properties_2(properties, pam_property_value_map)
    print 'Saving...done'
    return 0
示例#3
0
def generate_child_process_param_list(ambari_user, java_exe, class_path,
                                      debug_start, suspend_mode):
  from ambari_commons.os_linux import ULIMIT_CMD

  properties = get_ambari_properties()

  command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD

  ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
  command = command_base.format(java_exe,
          ambari_provider_module_option,
          jvm_args,
          class_path,
          configDefaults.SERVER_OUT_FILE,
          os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
          suspend_mode)

  # required to start properly server instance
  os.chdir(configDefaults.ROOT_FS_PATH)

  #For properly daemonization server should be started using shell as parent
  param_list = [locate_file('sh', '/bin'), "-c"]
  if is_root() and ambari_user != "root":
    # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
    # from subprocess, we have to skip --login option of su command. That's why
    # we change dir to / (otherwise subprocess can face with 'permission denied'
    # errors while trying to list current directory
    cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd, 
                                                                                su=locate_file('su', '/bin'), ambari_user=ambari_user,
                                                                                sh_shell=locate_file('sh', '/bin'), command=command)
  else:
    cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
    
  param_list.append(cmd)
  return param_list
示例#4
0
def upgrade_stack(args):
  if not is_root():
    err = 'Ambari-server upgradestack should be run with ' \
          'root-level privileges'
    raise FatalException(4, err)
  check_database_name_property()

  try:
    stack_id = args[1]
  except IndexError:
    #stack_id is mandatory
    raise FatalException("Invalid number of stack upgrade arguments")

  try:
    repo_url = args[2]
  except IndexError:
    repo_url = None

  try:
    repo_url_os = args[3]
  except IndexError:
    repo_url_os = None

  stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
  retcode = run_stack_upgrade(stack_name, stack_version, repo_url, repo_url_os)

  if not retcode == 0:
    raise FatalException(retcode, 'Stack upgrade failed.')

  return retcode
示例#5
0
def setup_kerberos(options):
    logger.info("Setting up Kerberos authentication...")
    if not is_root():
        err = "ambari-server setup-kerberos should be run with root-level privileges"
        raise FatalException(4, err)

    properties = get_ambari_properties()
    kerberos_property_list_required = init_kerberos_properties_list(
        properties, options)

    kerberos_property_value_map = {}
    for kerberos_property in kerberos_property_list_required:
        input = get_validated_string_input(
            kerberos_property.kerberos_prop_val_prompt,
            kerberos_property.kerberos_prop_name,
            kerberos_property.prompt_regex, "Invalid characters in the input!",
            False, kerberos_property.allow_empty_prompt)
        if input is not None and input != "":
            kerberos_property_value_map[kerberos_property.prop_name] = input

    print "Properties to be updated / written into ambari properties:"
    pp = pprint.PrettyPrinter()
    pp.pprint(kerberos_property_value_map)

    save = get_YN_input("Save settings [y/n] (y)? ", True)
    if save:
        update_properties_2(properties, kerberos_property_value_map)
        print "Kerberos authentication settings successfully saved. Please restart the server in order for the new settings to take effect."
    else:
        print "Kerberos authentication settings aborted."

    return 0
示例#6
0
def upgrade_stack(args):
    if not is_root():
        err = 'Ambari-server upgradestack should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)
    check_database_name_property()

    try:
        stack_id = args[1]
    except IndexError:
        #stack_id is mandatory
        raise FatalException("Invalid number of stack upgrade arguments")

    try:
        repo_url = args[2]
    except IndexError:
        repo_url = None

    try:
        repo_url_os = args[3]
    except IndexError:
        repo_url_os = None

    stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
    retcode = run_stack_upgrade(stack_name, stack_version, repo_url,
                                repo_url_os)

    if not retcode == 0:
        raise FatalException(retcode, 'Stack upgrade failed.')

    return retcode
示例#7
0
def generate_child_process_param_list(ambari_user, java_exe, class_path,
                                      debug_start, suspend_mode):
  from ambari_commons.os_linux import ULIMIT_CMD

  properties = get_ambari_properties()

  command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD

  ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
  command = command_base.format(java_exe,
          ambari_provider_module_option,
          jvm_args,
          class_path,
          configDefaults.SERVER_OUT_FILE,
          os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
          suspend_mode)

  # required to start properly server instance
  os.chdir(configDefaults.ROOT_FS_PATH)

  #For properly daemonization server should be started using shell as parent
  param_list = [locate_file('sh', '/bin'), "-c"]
  if is_root() and ambari_user != "root":
    # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
    # from subprocess, we have to skip --login option of su command. That's why
    # we change dir to / (otherwise subprocess can face with 'permission denied'
    # errors while trying to list current directory
    cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd, 
                                                                                su=locate_file('su', '/bin'), ambari_user=ambari_user,
                                                                                sh_shell=locate_file('sh', '/bin'), command=command)
  else:
    cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
    
  param_list.append(cmd)
  return param_list
示例#8
0
def setup_https(args):
  if not is_root():
        err = 'ambari-server setup-https should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)
  args.exit_message = None
  if not get_silent():
    properties = get_ambari_properties()
    try:
      security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
      client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
            else properties.get_property(SSL_API_PORT)
      api_ssl = properties.get_property(SSL_API) in ['true']
      client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT)
      api_ssl_old_value = properties.get_property(SSL_API)
      cert_was_imported = False
      cert_must_import = True
      if api_ssl:
        if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
          properties.process_pair(SSL_API, "false")
          cert_must_import=False
        else:
          properties.process_pair(SSL_API_PORT, \
                                  get_validated_string_input( \
                                      "SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                      str(client_api_ssl_port), \
                                      "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
      else:
        if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
          properties.process_pair(SSL_API_PORT, \
                                  get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                                               str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
        else:
          return False

      if cert_must_import and not cert_was_imported:
        print 'Setup of HTTPS failed. Exiting.'
        return False

      conf_file = find_properties_file()
      f = open(conf_file, 'w')
      properties.store(f, "Changed by 'ambari-server setup-https' command")

      if api_ssl_old_value != properties.get_property(SSL_API) \
          or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT):
        print "Ambari server URL changed. To make use of the Tez View in Ambari " \
              "please update the property tez.tez-ui.history-url.base in tez-site"

      ambari_user = read_ambari_user()
      if ambari_user:
        adjust_directory_permissions(ambari_user)
      return True
    except (KeyError), e:
        err = 'Property ' + str(e) + ' is not defined'
        raise FatalException(1, err)
示例#9
0
def ensure_can_start_under_current_user(ambari_user):
  current_user = getpass.getuser()
  if ambari_user is None:
    err = "Unable to detect a system user for Ambari Server.\n" + SETUP_OR_UPGRADE_MSG
    raise FatalException(1, err)
  if current_user != ambari_user and not is_root():
    err = "Unable to start Ambari Server as user {0}. Please either run \"ambari-server start\" " \
          "command as root, as sudo or as user \"{1}\"".format(current_user, ambari_user)
    raise FatalException(1, err)
  return current_user
示例#10
0
 def ensure_dbms_is_running(self, options, properties, scmStatus=None):
     if self._is_local_database():
         if is_root():
             (pg_status, retcode, out, err) = PGConfig._check_postgre_up()
             if not retcode == 0:
                 err = "Unable to start PostgreSQL server. Status {0}. {1}. Exiting".format(pg_status, err)
                 raise FatalException(retcode, err)
         else:
             print "Unable to check PostgreSQL server status when starting " "without root privileges."
             print "Please do not forget to start PostgreSQL server."
示例#11
0
def setup_https(args):
    if not is_root():
        warn = 'ambari-server setup-https is run as ' \
              'non-root user, some sudo privileges might be required'
        print warn
    args.exit_message = None
    if not get_silent():
        properties = get_ambari_properties()
        try:
            security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
            client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
                  else properties.get_property(SSL_API_PORT)
            api_ssl = properties.get_property(SSL_API) in ['true']
            cert_was_imported = False
            cert_must_import = True
            if api_ssl:
                if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ",
                                False):
                    properties.process_pair(SSL_API, "false")
                    cert_must_import = False
                else:
                    properties.process_pair(SSL_API_PORT, \
                                            get_validated_string_input( \
                                                "SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                                str(client_api_ssl_port), \
                                                "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
                    cert_was_imported = import_cert_and_key_action(
                        security_server_keys_dir, properties)
            else:
                if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ",
                                True):
                    properties.process_pair(SSL_API_PORT, \
                                            get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                                                         str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
                    cert_was_imported = import_cert_and_key_action(
                        security_server_keys_dir, properties)
                else:
                    return False

            if cert_must_import and not cert_was_imported:
                print 'Setup of HTTPS failed. Exiting.'
                return False

            conf_file = find_properties_file()
            f = open(conf_file, 'w')
            properties.store(f,
                             "Changed by 'ambari-server setup-https' command")

            ambari_user = read_ambari_user()
            if ambari_user:
                adjust_directory_permissions(ambari_user)
            return True
        except (KeyError), e:
            err = 'Property ' + str(e) + ' is not defined'
            raise FatalException(1, err)
示例#12
0
 def ensure_dbms_is_running(self, options, properties, scmStatus=None):
   if self._is_local_database():
     if is_root():
       (pg_status, retcode, out, err) = PGConfig._check_postgre_up()
       if not retcode == 0:
         err = 'Unable to start PostgreSQL server. Status {0}. {1}. Exiting'.format(pg_status, err)
         raise FatalException(retcode, err)
     else:
       print "Unable to check PostgreSQL server status when starting " \
             "without root privileges."
       print "Please do not forget to start PostgreSQL server."
示例#13
0
def setup_https(args):
  if not is_root():
        err = 'tbds-server setup-https should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)
  args.exit_message = None
  if not get_silent():
    properties = get_ambari_properties()
    try:
      security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
      client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
            else properties.get_property(SSL_API_PORT)
      api_ssl = properties.get_property(SSL_API) in ['true']
      cert_was_imported = False
      cert_must_import = True
      if api_ssl:
        if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
          properties.process_pair(SSL_API, "false")
          cert_must_import=False
        else:
          properties.process_pair(SSL_API_PORT, \
                                  get_validated_string_input( \
                                      "SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                      str(client_api_ssl_port), \
                                      "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
      else:
        if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
          properties.process_pair(SSL_API_PORT, \
                                  get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                                               str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
        else:
          return False

      if cert_must_import and not cert_was_imported:
        print 'Setup of HTTPS failed. Exiting.'
        return False

      conf_file = find_properties_file()
      f = open(conf_file, 'w')
      properties.store(f, "Changed by 'tbds-server setup-https' command")

      ambari_user = read_ambari_user()
      if ambari_user:
        adjust_directory_permissions(ambari_user)
      return True
    except (KeyError), e:
        err = 'Property ' + str(e) + ' is not defined'
        raise FatalException(1, err)
示例#14
0
def setup_sso(options):
    logger.info("Setup SSO.")
    if not is_root():
        raise FatalException(
            4,
            'ambari-server setup-sso should be run with root-level privileges')

    if not get_silent():
        validateOptions(options)

        properties = get_ambari_properties()

        must_setup_params = False
        if not options.sso_enabled:
            sso_enabled = properties.get_property(
                JWT_AUTH_ENBABLED).lower() in ['true']
            if sso_enabled:
                if get_YN_input(
                        "Do you want to disable SSO authentication [y/n] (n)?",
                        False):
                    properties.process_pair(JWT_AUTH_ENBABLED, "false")
            else:
                if get_YN_input(
                        "Do you want to configure SSO authentication [y/n] (y)?",
                        True):
                    properties.process_pair(JWT_AUTH_ENBABLED, "true")
                    must_setup_params = True
                else:
                    return False
        else:
            properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled)
            must_setup_params = options.sso_enabled == 'true'

        if must_setup_params:
            populateSsoProviderUrl(options, properties)
            populateSsoPublicCert(options, properties)
            populateJwtCookieName(options, properties)
            populateJwtAudiences(options, properties)

        update_properties(properties)

        pass
    else:
        warning = "setup-sso is not enabled in silent mode."
        raise NonFatalException(warning)

    pass
示例#15
0
def enable_stack_version(stack_name, stack_versions):
    if not is_root():
        err = 'Ambari-server enable-stack should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)

    try:
        print_info_msg("stack name requested: " + str(stack_name))
        print_info_msg("stack version requested: " + str(stack_versions))
    except IndexError:
        raise FatalException("Invalid stack version passed")

    retcode = update_stack_metainfo(stack_name, stack_versions)

    if not retcode == 0:
        raise FatalException(retcode, 'Stack enable request failed.')

    return retcode
示例#16
0
def upgrade_stack(args):
    logger.info("Upgrade stack.")
    if not is_root():
        err = 'Ambari-server upgradestack should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)

    check_database_name_property()

    try:
        stack_id = args[1]
    except IndexError:
        #stack_id is mandatory
        raise FatalException("Invalid number of stack upgrade arguments")

    try:
        repo_url = args[2]
    except IndexError:
        repo_url = None

    try:
        repo_url_os = args[3]
    except IndexError:
        repo_url_os = None

    parser = optparse.OptionParser()
    parser.add_option("-d", type="int", dest="database_index")

    db = get_ambari_properties()[JDBC_DATABASE_PROPERTY]

    idx = LINUX_DBMS_KEYS_LIST.index(db)

    (options, opt_args) = parser.parse_args(["-d {0}".format(idx)])

    stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
    retcode = run_stack_upgrade(options, stack_name, stack_version, repo_url,
                                repo_url_os)

    if not retcode == 0:
        raise FatalException(retcode, 'Stack upgrade failed.')

    return retcode
def upgrade_stack(args):
  if not is_root():
    err = 'Ambari-server upgradestack should be run with ' \
          'root-level privileges'
    raise FatalException(4, err)

  check_database_name_property()

  try:
    stack_id = args[1]
  except IndexError:
    #stack_id is mandatory
    raise FatalException("Invalid number of stack upgrade arguments")

  try:
    repo_url = args[2]
  except IndexError:
    repo_url = None

  try:
    repo_url_os = args[3]
  except IndexError:
    repo_url_os = None

  parser = optparse.OptionParser()
  parser.add_option("-d", type="int", dest="database_index")

  db = get_ambari_properties()[JDBC_DATABASE_PROPERTY]

  idx = LINUX_DBMS_KEYS_LIST.index(db)

  (options, opt_args) = parser.parse_args(["-d {0}".format(idx)])

  stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
  retcode = run_stack_upgrade(options, stack_name, stack_version, repo_url, repo_url_os)

  if not retcode == 0:
    raise FatalException(retcode, 'Stack upgrade failed.')

  return retcode
示例#18
0
def setup_pam(options):
  if not is_root():
    err = 'Ambari-server setup-pam should be run with root-level privileges'
    raise FatalException(4, err)

  properties = get_ambari_properties()

  if get_value_from_properties(properties,CLIENT_SECURITY,"") == 'ldap':
    query = "LDAP is currently configured, do you wish to use PAM instead [y/n] (n)? "
    if get_YN_input(query, False):
      pass
    else:
      err = "LDAP is configured. Can not setup PAM."
      raise FatalException(1, err)

  pam_property_list_reqd = init_pam_properties_list_reqd(properties, options)

  pam_property_value_map = {}
  pam_property_value_map[CLIENT_SECURITY] = 'pam'

  for pam_prop in pam_property_list_reqd:
    input = get_validated_string_input(pam_prop.pam_prop_val_prompt, pam_prop.pam_prop_name, pam_prop.prompt_regex,
                                       "Invalid characters in the input!", False, pam_prop.allow_empty_prompt,
                                       answer = pam_prop.option)
    if input is not None and input != "":
      pam_property_value_map[pam_prop.prop_name] = input

  # Verify that the PAM config file exists, else show warning...
  pam_config_file = pam_property_value_map[PAM_CONFIG_FILE]
  if not os.path.exists(pam_config_file):
    print_warning_msg("The PAM configuration file, {0} does not exist.  " \
                      "Please create it before restarting Ambari.".format(pam_config_file))

  update_properties_2(properties, pam_property_value_map)
  print 'Saving...done'
  return 0
示例#19
0
def setup(options):
  logger.info("Setup ambari-server.")
  if options.only_silent:
    if check_setup_already_done():
      print "Nothing was done. Ambari Setup already performed and cannot re-run setup in silent mode. Use \"ambari-server setup\" command without -s option to change Ambari setup."
      sys.exit(0)

  retcode = verify_setup_allowed(options)
  if not retcode == 0:
    raise FatalException(1, None)

  if not is_root():
    warn_msg = configDefaults.MESSAGE_WARN_SETUP_NOT_ROOT
    print warn_msg

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)
    return

  (retcode, err) = disable_security_enhancements()
  if not retcode == 0:
    raise FatalException(retcode, err)

  #Create ambari user, if needed
  (retcode, register_service, svc_user, svc_password) = check_ambari_user(options)
  if not retcode == 0:
    err = 'Failed to create user. Exiting.'
    raise FatalException(retcode, err)

  print configDefaults.MESSAGE_CHECK_FIREWALL
  check_firewall()

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)

  print 'Checking JDK...'
  try:
    download_and_install_jdk(options)
  except FatalException as e:
    err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
    raise FatalException(e.code, err)

  print 'Checking GPL software agreement...'
  write_gpl_license_accepted(default_prompt_value=options.accept_gpl)

  print 'Completing setup...'
  retcode = configure_os_settings()
  if not retcode == 0:
    err = 'Configure of OS settings in ambari.properties failed. Exiting.'
    raise FatalException(retcode, err)

  print 'Configuring database...'
  prompt_db_properties(options)

  #DB setup should be done last after doing any setup.

  _setup_database(options)

  check_jdbc_drivers(options)

  if not options.skip_view_extraction:
    print 'Extracting system views...'
    retcode = extract_views(options)
    if not retcode == 0:
      err = 'Error while extracting system views. Exiting'
      raise FatalException(retcode, err)

  json_url = get_json_url_from_repo_file()
  if json_url:
    print "Ambari repo file contains latest json url {0}, updating stacks repoinfos with it...".format(json_url)
    properties = get_ambari_properties()
    stack_root = get_stack_location(properties)
    update_latest_in_repoinfos_for_all_stacks(stack_root, json_url)
  else:
    print "Ambari repo file doesn't contain latest json url, skipping repoinfos modification"

  # we've already done this, but new files were created so run it one time.
  adjust_directory_permissions(svc_user)

  service_setup(register_service, svc_user, svc_password)
示例#20
0
def upgrade(args):
    print_info_msg("Upgrade Ambari Server", True)
    if not is_root():
        err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
        raise FatalException(4, err)
    print_info_msg(
        'Updating Ambari Server properties in {0} ...'.format(
            AMBARI_PROPERTIES_FILE), True)
    retcode = update_ambari_properties()
    if not retcode == 0:
        err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    print_info_msg(
        'Updating Ambari Server properties in {0} ...'.format(AMBARI_ENV_FILE),
        True)
    retcode = update_ambari_env()
    if not retcode == 0:
        err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    retcode = update_krb_jaas_login_properties()
    if retcode == -2:
        pass  # no changes done, let's be silent
    elif retcode == 0:
        print_info_msg("File {0} updated.".format(AMBARI_KRB_JAAS_LOGIN_FILE),
                       True)
    elif not retcode == 0:
        err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    restore_custom_services()
    replay_mpack_logs()
    try:
        update_database_name_property(upgrade=True)
    except FatalException:
        return -1

    # Ignore the server version & database options passed via command-line arguments
    parse_properties_file(args)

    #TODO check database version
    change_objects_owner(args)

    retcode = run_schema_upgrade(args)
    if not retcode == 0:
        print_error_msg(
            "Ambari server upgrade failed. Please look at {0}, for more details."
            .format(configDefaults.SERVER_LOG_FILE))
        raise FatalException(11, 'Schema upgrade failed.')

    user = read_ambari_user()
    if user is None:
        warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
        print_warning_msg(warn)
    else:
        adjust_directory_permissions(user)

    # local repo
    upgrade_local_repo(args)

    # create jdbc symlinks if jdbc drivers are available in resources
    check_jdbc_drivers(args)

    properties = get_ambari_properties()
    if properties == -1:
        err = "Error getting ambari properties"
        print_error_msg(err)
        raise FatalException(-1, err)

    # Move *.py files from custom_actions to custom_actions/scripts
    # This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
    ambari_version = get_ambari_version(properties)
    if ambari_version is None:
        args.warnings.append(
            "*.py files were not moved from custom_actions to custom_actions/scripts."
        )
    elif compare_versions(ambari_version, "2.0.0") == 0:
        move_user_custom_actions()

    # Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
    admin_views_dirs = get_admin_views_dir(properties)
    for admin_views_dir in admin_views_dirs:
        shutil.rmtree(admin_views_dir)

    # Modify timestamp of views jars to current time
    views_jars = get_views_jars(properties)
    for views_jar in views_jars:
        os.utime(views_jar, None)

    # check if ambari has obsolete LDAP configuration
    if properties.get_property(
            LDAP_PRIMARY_URL_PROPERTY
    ) and not properties.get_property(IS_LDAP_CONFIGURED):
        args.warnings.append(
            "Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
        )

    # adding custom jdbc name and previous custom jdbc properties
    # we need that to support new dynamic jdbc names for upgraded ambari
    add_jdbc_properties(properties)
示例#21
0
def setup_sso(args):
    logger.info("Setup SSO.")
    if not is_root():
        err = 'ambari-server setup-sso should be run with ' \
              'root-level privileges'
        raise FatalException(4, err)
    if not get_silent():
        properties = get_ambari_properties()

        must_setup_params = False
        store_new_cert = False

        sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [
            'true'
        ]

        if sso_enabled:
            if get_YN_input(
                    "Do you want to disable SSO authentication [y/n] (n)?",
                    False):
                properties.process_pair(JWT_AUTH_ENBABLED, "false")
        else:
            if get_YN_input(
                    "Do you want to configure SSO authentication [y/n] (y)?",
                    True):
                properties.process_pair(JWT_AUTH_ENBABLED, "true")
                must_setup_params = True
            else:
                return False

        if must_setup_params:

            provider_url = get_value_from_properties(
                properties, JWT_AUTH_PROVIDER_URL,
                JWT_AUTH_PROVIDER_URL_DEFAULT)
            provider_url = get_validated_string_input(
                "Provider URL [URL] ({0}):".format(provider_url), provider_url,
                REGEX_ANYTHING, "Invalid provider URL", False)
            properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url)

            cert_path = properties.get_property(JWT_PUBLIC_KEY)
            cert_string = get_multi_line_input(
                "Public Certificate pem ({0})".format(
                    'stored' if cert_path else 'empty'))
            if cert_string is not None:
                store_new_cert = True

            if get_YN_input(
                    "Do you want to configure advanced properties [y/n] (n) ?",
                    False):
                cookie_name = get_value_from_properties(
                    properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
                cookie_name = get_validated_string_input(
                    "JWT Cookie name ({0}):".format(cookie_name), cookie_name,
                    REGEX_ANYTHING, "Invalid cookie name", False)
                properties.process_pair(JWT_COOKIE_NAME, cookie_name)

                audiences = properties.get_property(JWT_AUDIENCES)
                audiences = get_validated_string_input(
                    "JWT audiences list (comma-separated), empty for any ({0}):"
                    .format(audiences), audiences, REGEX_ANYTHING,
                    "Invalid value", False)
                properties.process_pair(JWT_AUDIENCES, audiences)

                # TODO not required for now as we support Knox only
                # orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT)
                # orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param),
                #                                               orig_query_param,
                #                                               REGEX_ANYTHING,
                #                                               "Invalid value",
                #                                               False)
                # properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param)

            if store_new_cert:
                full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER
                cert_path = store_password_file(full_cert,
                                                JWT_PUBLIC_KEY_FILENAME)

            properties.process_pair(JWT_PUBLIC_KEY, cert_path)

        update_properties(properties)

        pass
    else:
        warning = "setup-sso is not enabled in silent mode."
        raise NonFatalException(warning)

    pass
示例#22
0
def server_process_main(options, scmStatus=None):
  # debug mode, including stop Java process at startup
  try:
    set_debug_mode_from_options(options)
  except AttributeError:
    pass

  if not check_reverse_lookup():
    print_warning_msg("The hostname was not found in the reverse DNS lookup. "
                      "This may result in incorrect behavior. "
                      "Please check the DNS setup and fix the issue.")

  check_database_name_property()
  parse_properties_file(options)

  ambari_user = read_ambari_user()
  current_user = ensure_can_start_under_current_user(ambari_user)

  print_info_msg("Ambari Server is not running...")

  jdk_path = find_jdk()
  if jdk_path is None:
    err = "No JDK found, please run the \"ambari-server setup\" " \
          "command to install a JDK automatically or install any " \
          "JDK manually to " + configDefaults.JDK_INSTALL_DIR
    raise FatalException(1, err)

  properties = get_ambari_properties()

  # Preparations
  if is_root():
    print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

  ensure_jdbc_driver_is_installed(options, properties)

  ensure_dbms_is_running(options, properties, scmStatus)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  refresh_stack_hash(properties)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  ensure_server_security_is_configured()

  if scmStatus is not None:
    scmStatus.reportStartPending()

  java_exe = get_java_exe_path()

  serverClassPath = ServerClassPath(properties, options)

  debug_mode = get_debug_mode()
  debug_start = (debug_mode & 1) or SERVER_START_DEBUG
  suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
  suspend_mode = 'y' if suspend_start else 'n'

  param_list = generate_child_process_param_list(ambari_user, java_exe,
                                                 serverClassPath.get_full_ambari_classpath_escaped_for_shell(), debug_start,
                                                 suspend_mode)
  environ = generate_env(options, ambari_user, current_user)

  if not os.path.exists(configDefaults.PID_DIR):
    os.makedirs(configDefaults.PID_DIR, 0755)

  # The launched shell process and sub-processes should have a group id that
  # is different from the parent.
  def make_process_independent():
    processId = os.getpid()
    if processId > 0:
      try:
        os.setpgid(processId, processId)
      except OSError, e:
        print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(pidJava, str(e)))
        pass
示例#23
0
def setup_ldap():
  if not is_root():
    err = 'Ambari-server setup-ldap should be run with ' \
          'root-level privileges'
    raise FatalException(4, err)

  properties = get_ambari_properties()
  isSecure = get_is_secure(properties)

  ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)

  ldap_property_list_opt = ["authentication.ldap.managerDn",
                            LDAP_MGR_PASSWORD_PROPERTY,
                            SSL_TRUSTSTORE_TYPE_PROPERTY,
                            SSL_TRUSTSTORE_PATH_PROPERTY,
                            SSL_TRUSTSTORE_PASSWORD_PROPERTY]

  ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY,
                                 SSL_TRUSTSTORE_PATH_PROPERTY,
                                 SSL_TRUSTSTORE_PASSWORD_PROPERTY]

  ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY,
                                SSL_TRUSTSTORE_PASSWORD_PROPERTY]

  LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])

  SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
  SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)


  ldap_property_value_map = {}
  for ldap_prop in ldap_property_list_reqd:
    input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
                                       "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
    if input is not None and input != "":
      ldap_property_value_map[ldap_prop.prop_name] = input

  bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
  anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
  mgr_password = None
  # Ask for manager credentials only if bindAnonymously is false
  if not anonymous:
    username = get_validated_string_input("Manager DN* {0}: ".format(
      get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
                                          "Invalid characters in the input!", False, False)
    ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
    mgr_password = configure_ldap_password()
    ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password

  useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
  ldaps = (useSSL and useSSL.lower() == 'true')
  ts_password = None

  if ldaps:
    truststore_default = "n"
    truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
    if truststore_set:
      truststore_default = "y"
    custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
                                      format(truststore_default),
                                      truststore_set)
    if custom_trust_store:
      ts_type = get_validated_string_input(
        "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
        SSL_TRUSTSTORE_TYPE_DEFAULT,
        "^(jks|jceks|pkcs12)?$", "Wrong type", False)
      ts_path = None
      while True:
        ts_path = get_validated_string_input(
          "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
          SSL_TRUSTSTORE_PATH_DEFAULT,
          ".*", False, False)
        if os.path.exists(ts_path):
          break
        else:
          print 'File not found.'

      ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")

      ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
      ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
      ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
      pass
    else:
      properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
      properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
      properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
    pass
  pass

  print '=' * 20
  print 'Review Settings'
  print '=' * 20
  for property in ldap_property_list_reqd:
    if property in ldap_property_value_map:
      print("%s: %s" % (property, ldap_property_value_map[property]))

  for property in ldap_property_list_opt:
    if ldap_property_value_map.has_key(property):
      if property not in ldap_property_list_passwords:
        print("%s: %s" % (property, ldap_property_value_map[property]))
      else:
        print("%s: %s" % (property, BLIND_PASSWORD))

  save_settings = get_YN_input("Save settings [y/n] (y)? ", True)

  if save_settings:
    ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
    if isSecure:
      if mgr_password:
        encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
        if mgr_password != encrypted_passwd:
          ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
      pass
      if ts_password:
        encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
        if ts_password != encrypted_passwd:
          ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
      pass
    pass

    # Persisting values
    ldap_property_value_map[IS_LDAP_CONFIGURED] = "true"
    if mgr_password:
      ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME)
    update_properties_2(properties, ldap_property_value_map)
    print 'Saving...done'

  return 0
示例#24
0
def setup_master_key():
  if not is_root():
    err = 'Ambari-server setup should be run with ' \
          'root-level privileges'
    raise FatalException(4, err)

  properties = get_ambari_properties()
  if properties == -1:
    raise FatalException(1, "Failed to read properties file.")

  db_windows_auth_prop = properties.get_property(JDBC_USE_INTEGRATED_AUTH_PROPERTY)
  db_sql_auth = False if db_windows_auth_prop and db_windows_auth_prop.lower() == 'true' else True
  db_password = properties.get_property(JDBC_PASSWORD_PROPERTY)
  # Encrypt passwords cannot be called before setup
  if db_sql_auth and not db_password:
    print 'Please call "setup" before "encrypt-passwords". Exiting...'
    return 1

  # Check configuration for location of master key
  isSecure = get_is_secure(properties)
  (isPersisted, masterKeyFile) = get_is_persisted(properties)

  # Read clear text DB password from file
  if db_sql_auth and not is_alias_string(db_password) and os.path.isfile(db_password):
    with open(db_password, 'r') as passwdfile:
      db_password = passwdfile.read()

  ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY)
  if ldap_password:
    # Read clear text LDAP password from file
    if not is_alias_string(ldap_password) and os.path.isfile(ldap_password):
      with open(ldap_password, 'r') as passwdfile:
        ldap_password = passwdfile.read()

  ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
  resetKey = False
  masterKey = None

  if isSecure:
    print "Password encryption is enabled."
    resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)

  # For encrypting of only unencrypted passwords without resetting the key ask
  # for master key if not persisted.
  if isSecure and not isPersisted and not resetKey:
    print "Master Key not persisted."
    masterKey = get_original_master_key(properties)
  pass

  # Make sure both passwords are clear-text if master key is lost
  if resetKey:
    if not isPersisted:
      print "Master Key not persisted."
      masterKey = get_original_master_key(properties)
      # Unable get the right master key or skipped question <enter>
      if not masterKey:
        print "To disable encryption, do the following:"
        print "- Edit " + find_properties_file() + \
              " and set " + SECURITY_IS_ENCRYPTION_ENABLED + " = " + "false."
        err = "{0} is already encrypted. Please call {1} to store unencrypted" \
              " password and call 'encrypt-passwords' again."
        if db_sql_auth and db_password and is_alias_string(db_password):
          print err.format('- Database password', "'" + SETUP_ACTION + "'")
        if ldap_password and is_alias_string(ldap_password):
          print err.format('- LDAP manager password', "'" + LDAP_SETUP_ACTION + "'")
        if ts_password and is_alias_string(ts_password):
          print err.format('TrustStore password', "'" + LDAP_SETUP_ACTION + "'")

        return 1
      pass
    pass
  pass

  # Read back any encrypted passwords
  if db_sql_auth  and db_password and is_alias_string(db_password):
    db_password = read_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, masterKey)
  if ldap_password and is_alias_string(ldap_password):
    ldap_password = read_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, masterKey)
  if ts_password and is_alias_string(ts_password):
    ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
  # Read master key, if non-secure or reset is true
  if resetKey or not isSecure:
    masterKey = read_master_key(resetKey)
    persist = get_YN_input("Do you want to persist master key. If you choose " \
                           "not to persist, you need to provide the Master " \
                           "Key while starting the ambari server as an env " \
                           "variable named " + SECURITY_KEY_ENV_VAR_NAME + \
                           " or the start will prompt for the master key."
                           " Persist [y/n] (y)? ", True)
    if persist:
      save_master_key(masterKey, get_master_key_location(properties) + os.sep +
                      SECURITY_MASTER_KEY_FILENAME, persist)
    elif not persist and masterKeyFile:
      try:
        os.remove(masterKeyFile)
        print_info_msg("Deleting master key file at location: " + str(
          masterKeyFile))
      except Exception, e:
        print 'ERROR: Could not remove master key file. %s' % e
    # Blow up the credential store made with previous key, if any
    store_file = get_credential_store_location(properties)
    if os.path.exists(store_file):
      try:
        os.remove(store_file)
      except:
        print_warning_msg("Failed to remove credential store file.")
      pass
    pass
示例#25
0
def setup(options):
  retcode = verify_setup_allowed()
  if not retcode == 0:
    raise FatalException(1, None)

  if not is_root():
    err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
    raise FatalException(4, err)

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)
    return

  (retcode, err) = disable_security_enhancements()
  if not retcode == 0:
    raise FatalException(retcode, err)

  #Create ambari user, if needed
  retcode = check_ambari_user()
  if not retcode == 0:
    err = 'Failed to create user. Exiting.'
    raise FatalException(retcode, err)

  print configDefaults.MESSAGE_CHECK_FIREWALL
  check_firewall()

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)

  print 'Checking JDK...'
  try:
    download_and_install_jdk(options)
  except FatalException as e:
    err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
    raise FatalException(e.code, err)

  print 'Completing setup...'
  retcode = configure_os_settings()
  if not retcode == 0:
    err = 'Configure of OS settings in ambari.properties failed. Exiting.'
    raise FatalException(retcode, err)

  print 'Configuring database...'
  prompt_db_properties(options)

  #DB setup should be done last after doing any setup.

  _setup_database(options)

  check_jdbc_drivers(options)

  print 'Extracting system views...'
  retcode = extract_views()
  if not retcode == 0:
    err = 'Error while extracting system views. Exiting'
    raise FatalException(retcode, err)

  # we've already done this, but new files were created so run it one time.
  adjust_directory_permissions(read_ambari_user())
示例#26
0
def setup_sso(options):
    logger.info("Setup SSO.")
    if not is_root():
        raise FatalException(
            4,
            'ambari-server setup-sso should be run with root-level privileges')

    server_status, pid = is_server_runing()
    if not server_status:
        err = 'Ambari Server is not running.'
        raise FatalException(1, err)

    if not get_silent():
        validate_options(options)

        properties = get_ambari_properties()

        admin_login, admin_password = get_ambari_admin_username_password_pair(
            options)

        if not options.sso_enabled:
            sso_enabled_from_db = get_sso_property_from_db(
                properties, admin_login, admin_password, SSO_MANAGE_SERVICES)
            sso_enabled = sso_enabled_from_db == None or sso_enabled_from_db in [
                'true'
            ]
            print_info_msg(
                "SSO is currently {0}".format(
                    "not configured" if sso_enabled_from_db == None else (
                        "enabled" if sso_enabled else "disabled")), True)
            if sso_enabled:
                enable_sso = not get_YN_input(
                    "Do you want to disable SSO authentication [y/n] (n)? ",
                    False)
            else:
                if get_YN_input(
                        "Do you want to configure SSO authentication [y/n] (y)? ",
                        True):
                    enable_sso = True
                else:
                    return False
        else:
            enable_sso = options.sso_enabled == 'true'

        services = ''
        if enable_sso:
            populate_sso_provider_url(options, properties)
            populate_sso_public_cert(options, properties)
            populate_jwt_cookie_name(options, properties)
            populate_jwt_audiences(options, properties)
            services = get_services_requires_sso(options, properties,
                                                 admin_login, admin_password)

        update_sso_conf(properties, enable_sso, services, admin_login,
                        admin_password)

        enable_jwt_auth = WILDCARD_FOR_ALL_SERVICES == services or SERVICE_NAME_AMBARI in services
        properties.process_pair(JWT_AUTH_ENBABLED,
                                "true" if enable_jwt_auth else "false")
        update_properties(properties)

        pass
    else:
        warning = "setup-sso is not enabled in silent mode."
        raise NonFatalException(warning)

    pass
示例#27
0
def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode):
  from ambari_commons.os_linux import ULIMIT_CMD

  properties = get_ambari_properties()

  isSecure = get_is_secure(properties)
  (isPersisted, masterKeyFile) = get_is_persisted(properties)
  environ = os.environ.copy()
  # Need to handle master key not persisted scenario
  if isSecure and not masterKeyFile:
    prompt = False
    masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)

    if masterKey is not None and masterKey != "":
      pass
    else:
      keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)

      if keyLocation is not None:
        try:
          # Verify master key can be read by the java process
          with open(keyLocation, 'r'):
            pass
        except IOError:
          print_warning_msg("Cannot read Master key from path specified in "
                            "environemnt.")
          prompt = True
      else:
        # Key not provided in the environment
        prompt = True

    if prompt:
      import pwd

      masterKey = get_original_master_key(properties)
      tempDir = tempfile.gettempdir()
      tempFilePath = tempDir + os.sep + "masterkey"
      save_master_key(masterKey, tempFilePath, True)
      if ambari_user != current_user:
        uid = pwd.getpwnam(ambari_user).pw_uid
        gid = pwd.getpwnam(ambari_user).pw_gid
        os.chown(tempFilePath, uid, gid)
      else:
        os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)

      if tempFilePath is not None:
        environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath

  command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD

  ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
  command = command_base.format(java_exe,
          ambari_provider_module_option,
          jvm_args,
          class_path,
          configDefaults.SERVER_OUT_FILE,
          os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
          suspend_mode)

  # required to start properly server instance
  os.chdir(configDefaults.ROOT_FS_PATH)

  #For properly daemonization server should be started using shell as parent
  param_list = [locate_file('sh', '/bin'), "-c"]
  if is_root() and ambari_user != "root":
    # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
    # from subprocess, we have to skip --login option of su command. That's why
    # we change dir to / (otherwise subprocess can face with 'permission denied'
    # errors while trying to list current directory
    cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd, 
                                                                                su=locate_file('su', '/bin'), ambari_user=ambari_user,
                                                                                sh_shell=locate_file('sh', '/bin'), command=command)
  else:
    cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
    
  param_list.append(cmd)
  return (param_list, environ)
示例#28
0
def server_process_main(options, scmStatus=None):
    # debug mode, including stop Java process at startup
    try:
        set_debug_mode_from_options(options)
    except AttributeError:
        pass

    if not check_reverse_lookup():
        print_warning_msg(
            "The hostname was not found in the reverse DNS lookup. "
            "This may result in incorrect behavior. "
            "Please check the DNS setup and fix the issue.")

    check_database_name_property()
    parse_properties_file(options)

    is_active_instance = get_is_active_instance()
    if not is_active_instance:
        print_warning_msg(
            "This instance of ambari server is not designated as active. Cannot start ambari server."
        )
        err = "This is not an active instance. Shutting down..."
        raise FatalException(1, err)

    ambari_user = read_ambari_user()
    current_user = ensure_can_start_under_current_user(ambari_user)

    print_info_msg("Ambari Server is not running...")

    jdk_path = find_jdk()
    if jdk_path is None:
        err = "No JDK found, please run the \"ambari-server setup\" " \
              "command to install a JDK automatically or install any " \
              "JDK manually to " + configDefaults.JDK_INSTALL_DIR
        raise FatalException(1, err)

    properties = get_ambari_properties()

    if not options.skip_properties_validation:
        missing_properties = get_missing_properties(properties)
        if missing_properties:
            err = "Required properties are not found: " + str(missing_properties) + ". To skip properties validation " \
                  "use \"--skip-properties-validation\""
            raise FatalException(1, err)

    # Preparations
    if is_root():
        print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

    ensure_jdbc_driver_is_installed(options, properties)

    ensure_dbms_is_running(options, properties, scmStatus)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    refresh_stack_hash(properties)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    ensure_server_security_is_configured()

    if scmStatus is not None:
        scmStatus.reportStartPending()

    java_exe = get_java_exe_path()

    serverClassPath = ServerClassPath(properties, options)

    debug_mode = get_debug_mode()
    debug_start = (debug_mode & 1) or SERVER_START_DEBUG
    suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
    suspend_mode = 'y' if suspend_start else 'n'

    if options.skip_database_validation:
        global jvm_args
        jvm_args += " -DskipDatabaseConsistencyValidation"

    param_list = generate_child_process_param_list(
        ambari_user, java_exe,
        serverClassPath.get_full_ambari_classpath_escaped_for_shell(
            validate_classpath=True), debug_start, suspend_mode)
    environ = generate_env(options, ambari_user, current_user)

    if not os.path.exists(configDefaults.PID_DIR):
        os.makedirs(configDefaults.PID_DIR, 0755)

    # The launched shell process and sub-processes should have a group id that
    # is different from the parent.
    def make_process_independent():
        if IS_FOREGROUND:  # upstart script is not able to track process from different pgid.
            return

        processId = os.getpid()
        if processId > 0:
            try:
                os.setpgid(processId, processId)
            except OSError, e:
                print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(
                    pidJava, str(e)))
                pass
示例#29
0
def server_process_main(options, scmStatus=None):
  # debug mode, including stop Java process at startup
  try:
    set_debug_mode_from_options(options)
  except AttributeError:
    pass

  if not check_reverse_lookup():
    print_warning_msg("The hostname was not found in the reverse DNS lookup. "
                      "This may result in incorrect behavior. "
                      "Please check the DNS setup and fix the issue.")

  check_database_name_property()
  parse_properties_file(options)

  ambari_user = read_ambari_user()
  current_user = ensure_can_start_under_current_user(ambari_user)

  print_info_msg("TBDS Server is not running...")

  jdk_path = find_jdk()
  if jdk_path is None:
    err = "No JDK found, please run the \"tbds-server setup\" " \
          "command to install a JDK automatically or install any " \
          "JDK manually to " + configDefaults.JDK_INSTALL_DIR
    raise FatalException(1, err)

  properties = get_ambari_properties()

  # Preparations
  if is_root():
    print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

  ensure_jdbc_driver_is_installed(options, properties)

  ensure_dbms_is_running(options, properties, scmStatus)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  refresh_stack_hash(properties)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  ensure_server_security_is_configured()

  if scmStatus is not None:
    scmStatus.reportStartPending()

  java_exe = get_java_exe_path()

  class_path = get_conf_dir()
  class_path = os.path.abspath(class_path) + os.pathsep + get_ambari_classpath()

  debug_mode = get_debug_mode()
  debug_start = (debug_mode & 1) or SERVER_START_DEBUG
  suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
  suspend_mode = 'y' if suspend_start else 'n'

  (param_list, environ) = generate_child_process_param_list(ambari_user, current_user,
                                                 java_exe, class_path, debug_start, suspend_mode)

  if not os.path.exists(configDefaults.PID_DIR):
    os.makedirs(configDefaults.PID_DIR, 0755)

  print_info_msg("Running server: " + str(param_list))
  procJava = subprocess.Popen(param_list, env=environ)

  pidJava = procJava.pid
  if pidJava <= 0:
    procJava.terminate()
    exitcode = procJava.returncode
    exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
    save_pid(exitcode, exitfile)

    if scmStatus is not None:
      scmStatus.reportStopPending()

    raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
  else:
    pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
    save_pid(pidJava, pidfile)
    print "Server PID at: "+pidfile
    print "Server out at: "+configDefaults.SERVER_OUT_FILE
    print "Server log at: "+configDefaults.SERVER_LOG_FILE

    wait_for_server_start(pidfile, scmStatus)

  if scmStatus is not None:
    scmStatus.reportStarted()

  return procJava
示例#30
0
def server_process_main(options, scmStatus=None):
    properties = get_ambari_properties()
    if properties == -1:
        err = "Error getting ambari properties"
        raise FatalException(-1, err)

    properties_for_print = []
    logger.info("Ambari server properties config:")
    for key, value in properties.getPropertyDict().items():
        if "passwd" not in key and "password" not in key:
            properties_for_print.append(key + "=" + value)

    logger.info(properties_for_print)

    # debug mode, including stop Java process at startup
    try:
        set_debug_mode_from_options(options)
    except AttributeError:
        pass

    if not check_reverse_lookup():
        print_warning_msg(
            "The hostname was not found in the reverse DNS lookup. "
            "This may result in incorrect behavior. "
            "Please check the DNS setup and fix the issue.")

    check_database_name_property()
    parse_properties_file(options)

    is_active_instance = get_is_active_instance()
    if not is_active_instance:
        print_warning_msg(
            "This instance of ambari server is not designated as active. Cannot start ambari server."
        )
        err = "This is not an active instance. Shutting down..."
        raise FatalException(1, err)

    ambari_user = read_ambari_user()
    current_user = ensure_can_start_under_current_user(ambari_user)

    print_info_msg("Ambari Server is not running...")

    jdk_path = find_jdk()
    if jdk_path is None:
        err = "No JDK found, please run the \"ambari-server setup\" " \
              "command to install a JDK automatically or install any " \
              "JDK manually to " + configDefaults.JDK_INSTALL_DIR
        raise FatalException(1, err)

    if not options.skip_properties_validation:
        missing_properties = get_missing_properties(properties)
        if missing_properties:
            err = "Required properties are not found: " + str(missing_properties) + ". To skip properties validation " \
                  "use \"--skip-properties-validation\""
            raise FatalException(1, err)

    # Preparations
    if is_root():
        print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

    ensure_jdbc_driver_is_installed(options, properties)

    ensure_dbms_is_running(options, properties, scmStatus)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    refresh_stack_hash(properties)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    ensure_server_security_is_configured()

    if scmStatus is not None:
        scmStatus.reportStartPending()

    java_exe = get_java_exe_path()

    serverClassPath = ServerClassPath(properties, options)

    debug_mode = get_debug_mode()
    debug_start = (debug_mode & 1) or SERVER_START_DEBUG
    suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
    suspend_mode = 'y' if suspend_start else 'n'

    environ = generate_env(options, ambari_user, current_user)
    class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell(
        validate_classpath=True)

    if options.skip_database_check:
        global jvm_args
        jvm_args += " -DskipDatabaseConsistencyCheck"
        print "Ambari Server is starting with the database consistency check skipped. Do not make any changes to your cluster " \
              "topology or perform a cluster upgrade until you correct the database consistency issues. See \"" \
              + configDefaults.DB_CHECK_LOG + "\" for more details on the consistency issues."
        properties.process_pair(CHECK_DATABASE_SKIPPED_PROPERTY, "true")
    else:
        print "Ambari database consistency check started..."
        if options.fix_database_consistency:
            jvm_args += " -DfixDatabaseConsistency"
        properties.process_pair(CHECK_DATABASE_SKIPPED_PROPERTY, "false")

    update_properties(properties)
    param_list = generate_child_process_param_list(ambari_user, java_exe,
                                                   class_path, debug_start,
                                                   suspend_mode)

    # The launched shell process and sub-processes should have a group id that
    # is different from the parent.
    def make_process_independent():
        if IS_FOREGROUND:  # upstart script is not able to track process from different pgid.
            return

        processId = os.getpid()
        if processId > 0:
            try:
                os.setpgid(processId, processId)
            except OSError, e:
                print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(
                    pidJava, str(e)))
                pass
示例#31
0
def server_process_main(options, scmStatus=None):
  # debug mode, including stop Java process at startup
  try:
    set_debug_mode_from_options(options)
  except AttributeError:
    pass

  if not check_reverse_lookup():
    print_warning_msg("The hostname was not found in the reverse DNS lookup. "
                      "This may result in incorrect behavior. "
                      "Please check the DNS setup and fix the issue.")

  check_database_name_property()
  parse_properties_file(options)

  is_active_instance = get_is_active_instance()
  if not is_active_instance:
      print_warning_msg("This instance of ambari server is not designated as active. Cannot start ambari server.")
      err = "This is not an active instance. Shutting down..."
      raise FatalException(1, err)

  ambari_user = read_ambari_user()
  current_user = ensure_can_start_under_current_user(ambari_user)

  print_info_msg("Ambari Server is not running...")

  jdk_path = find_jdk()
  if jdk_path is None:
    err = "No JDK found, please run the \"ambari-server setup\" " \
          "command to install a JDK automatically or install any " \
          "JDK manually to " + configDefaults.JDK_INSTALL_DIR
    raise FatalException(1, err)

  properties = get_ambari_properties()

  # Preparations
  if is_root():
    print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

  ensure_jdbc_driver_is_installed(options, properties)

  ensure_dbms_is_running(options, properties, scmStatus)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  refresh_stack_hash(properties)

  if scmStatus is not None:
    scmStatus.reportStartPending()

  ensure_server_security_is_configured()

  if scmStatus is not None:
    scmStatus.reportStartPending()

  java_exe = get_java_exe_path()

  class_path = get_conf_dir()
  class_path = os.path.abspath(class_path) + os.pathsep + get_ambari_classpath()
  jdbc_driver_path = get_jdbc_driver_path(options, properties)
  if jdbc_driver_path not in class_path:
    class_path = class_path + os.pathsep + jdbc_driver_path

  if SERVER_CLASSPATH_KEY in os.environ:
      class_path =  os.environ[SERVER_CLASSPATH_KEY] + os.pathsep + class_path

  native_libs_path = get_native_libs_path(options, properties)
  if native_libs_path is not None:
    if LIBRARY_PATH_KEY in os.environ:
      native_libs_path = os.environ[LIBRARY_PATH_KEY] + os.pathsep + native_libs_path
    os.environ[LIBRARY_PATH_KEY] = native_libs_path

  debug_mode = get_debug_mode()
  debug_start = (debug_mode & 1) or SERVER_START_DEBUG
  suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
  suspend_mode = 'y' if suspend_start else 'n'

  param_list = generate_child_process_param_list(ambari_user, java_exe,
                                                 class_path, debug_start,
                                                 suspend_mode)
  environ = generate_env(ambari_user, current_user)

  if not os.path.exists(configDefaults.PID_DIR):
    os.makedirs(configDefaults.PID_DIR, 0755)

  print_info_msg("Running server: " + str(param_list))
  procJava = subprocess.Popen(param_list, env=environ)

  pidJava = procJava.pid
  if pidJava <= 0:
    procJava.terminate()
    exitcode = procJava.returncode
    exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
    save_pid(exitcode, exitfile)

    if scmStatus is not None:
      scmStatus.reportStopPending()

    raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
  else:
    # Change the group id to the process id of the parent so that the launched
    # process and sub-processes have a group id that is different from the parent.
    try:
      os.setpgid(pidJava, 0)
    except OSError, e:
      print_warning_msg('setpgid({0}, 0) failed - {1}'.format(pidJava, str(e)))
      pass
    pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
    save_pid(pidJava, pidfile)
    print "Server PID at: "+pidfile
    print "Server out at: "+configDefaults.SERVER_OUT_FILE
    print "Server log at: "+configDefaults.SERVER_LOG_FILE

    wait_for_server_start(pidfile, scmStatus)
示例#32
0
def upgrade(args):
    if not is_root():
        err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
        raise FatalException(4, err)

    print 'Updating properties in ' + AMBARI_PROPERTIES_FILE + ' ...'
    retcode = update_ambari_properties()
    if not retcode == 0:
        err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    try:
        update_database_name_property(upgrade=True)
    except FatalException:
        return -1

    # Ignore the server version & database options passed via command-line arguments
    parse_properties_file(args)

    #TODO check database version
    change_objects_owner(args)

    retcode = run_schema_upgrade()
    if not retcode == 0:
        print_error_msg(
            "Ambari server upgrade failed. Please look at {0}, for more details."
            .format(configDefaults.SERVER_LOG_FILE))
        raise FatalException(11, 'Schema upgrade failed.')

    user = read_ambari_user()
    if user is None:
        warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
        print_warning_msg(warn)
    else:
        adjust_directory_permissions(user)

    # local repo
    upgrade_local_repo(args)

    # create jdbc symlinks if jdbc drivers are available in resources
    check_jdbc_drivers(args)

    properties = get_ambari_properties()
    if properties == -1:
        err = "Error getting ambari properties"
        print_error_msg(err)
        raise FatalException(-1, err)

    # Move *.py files from custom_actions to custom_actions/scripts
    # This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
    ambari_version = get_ambari_version(properties)
    if ambari_version is None:
        args.warnings.append(
            "*.py files were not moved from custom_actions to custom_actions/scripts."
        )
    elif compare_versions(ambari_version, "2.0.0") == 0:
        move_user_custom_actions()

    # Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
    admin_views_dirs = get_admin_views_dir(properties)
    for admin_views_dir in admin_views_dirs:
        shutil.rmtree(admin_views_dir)

    # check if ambari has obsolete LDAP configuration
    if properties.get_property(
            LDAP_PRIMARY_URL_PROPERTY
    ) and not properties.get_property(IS_LDAP_CONFIGURED):
        args.warnings.append(
            "Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
        )
示例#33
0
def sync_ldap(options):
  if not is_root():
    err = 'Ambari-server sync-ldap should be run with ' \
          'root-level privileges'
    raise FatalException(4, err)

  server_status, pid = is_server_runing()
  if not server_status:
    err = 'Ambari Server is not running.'
    raise FatalException(1, err)

  properties = get_ambari_properties()
  if properties == -1:
    raise FatalException(1, "Failed to read properties file.")

  ldap_configured = properties.get_property(IS_LDAP_CONFIGURED)
  if ldap_configured != 'true':
    err = "LDAP is not configured. Run 'ambari-server setup-ldap' first."
    raise FatalException(1, err)

  # set ldap sync options
  ldap_sync_options = LdapSyncOptions(options)

  if ldap_sync_options.no_ldap_sync_options_set():
    err = 'Must specify a sync option (all, existing, users or groups).  Please invoke ambari-server.py --help to print the options.'
    raise FatalException(1, err)

  admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: "******"Enter Ambari Admin password: "******"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]
  elif ldap_sync_options.ldap_sync_existing:
    sys.stdout.write('Syncing existing.')
    bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"existing"},{"principal_type":"groups","sync_type":"existing"}]}}]
  else:
    sys.stdout.write('Syncing specified users and groups.')
    bodies = [{"Event":{"specs":[]}}]
    body = bodies[0]
    events = body['Event']
    specs = events['specs']

    if ldap_sync_options.ldap_sync_users is not None:
      new_specs = [{"principal_type":"users","sync_type":"specific","names":""}]
      get_ldap_event_spec_names(ldap_sync_options.ldap_sync_users, specs, new_specs)
    if ldap_sync_options.ldap_sync_groups is not None:
      new_specs = [{"principal_type":"groups","sync_type":"specific","names":""}]
      get_ldap_event_spec_names(ldap_sync_options.ldap_sync_groups, specs, new_specs)

  if get_verbose():
    sys.stdout.write('\nCalling API ' + url + ' : ' + str(bodies) + '\n')

  request.add_data(json.dumps(bodies))
  request.get_method = lambda: 'POST'

  try:
    response = urllib2.urlopen(request)
  except Exception as e:
    err = 'Sync event creation failed. Error details: %s' % e
    raise FatalException(1, err)

  response_status_code = response.getcode()
  if response_status_code != 201:
    err = 'Error during syncing. Http status code - ' + str(response_status_code)
    raise FatalException(1, err)
  response_body = json.loads(response.read())

  url = response_body['resources'][0]['href']
  request = urllib2.Request(url)
  request.add_header('Authorization', 'Basic %s' % admin_auth)
  request.add_header('X-Requested-By', 'ambari')
  body = [{"LDAP":{"synced_groups":"*","synced_users":"*"}}]
  request.add_data(json.dumps(body))
  request.get_method = lambda: 'GET'
  request_in_progress = True

  while request_in_progress:
    sys.stdout.write('.')
    sys.stdout.flush()

    try:
      response = urllib2.urlopen(request)
    except Exception as e:
      request_in_progress = False
      err = 'Sync event check failed. Error details: %s' % e
      raise FatalException(1, err)

    response_status_code = response.getcode()
    if response_status_code != 200:
      err = 'Error during syncing. Http status code - ' + str(response_status_code)
      raise FatalException(1, err)
    response_body = json.loads(response.read())
    sync_info = response_body['Event']

    if sync_info['status'] == 'ERROR':
      raise FatalException(1, str(sync_info['status_detail']))
    elif sync_info['status'] == 'COMPLETE':
      print '\n\nCompleted LDAP Sync.'
      print 'Summary:'
      for principal_type, summary in sync_info['summary'].iteritems():
        print '  {0}:'.format(principal_type)
        for action, amount in summary.iteritems():
          print '    {0} = {1!s}'.format(action, amount)
      request_in_progress = False
    else:
      time.sleep(1)

  sys.stdout.write('\n')
  sys.stdout.flush()
示例#34
0
def generate_child_process_param_list(ambari_user, current_user, java_exe,
                                      class_path, debug_start, suspend_mode):
    from ambari_commons.os_linux import ULIMIT_CMD

    properties = get_ambari_properties()

    isSecure = get_is_secure(properties)
    (isPersisted, masterKeyFile) = get_is_persisted(properties)
    environ = os.environ.copy()
    # Need to handle master key not persisted scenario
    if isSecure and not masterKeyFile:
        prompt = False
        masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)

        if masterKey is not None and masterKey != "":
            pass
        else:
            keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)

            if keyLocation is not None:
                try:
                    # Verify master key can be read by the java process
                    with open(keyLocation, 'r'):
                        pass
                except IOError:
                    print_warning_msg(
                        "Cannot read Master key from path specified in "
                        "environemnt.")
                    prompt = True
            else:
                # Key not provided in the environment
                prompt = True

        if prompt:
            import pwd

            masterKey = get_original_master_key(properties)
            tempDir = tempfile.gettempdir()
            tempFilePath = tempDir + os.sep + "masterkey"
            save_master_key(masterKey, tempFilePath, True)
            if ambari_user != current_user:
                uid = pwd.getpwnam(ambari_user).pw_uid
                gid = pwd.getpwnam(ambari_user).pw_gid
                os.chown(tempFilePath, uid, gid)
            else:
                os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)

            if tempFilePath is not None:
                environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath

    command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD

    ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
    command = command_base.format(
        java_exe, ambari_provider_module_option, jvm_args, class_path,
        configDefaults.SERVER_OUT_FILE,
        os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode)

    # required to start properly server instance
    os.chdir(configDefaults.ROOT_FS_PATH)

    #For properly daemonization server should be started using shell as parent
    param_list = [locate_file('sh', '/bin'), "-c"]
    if is_root() and ambari_user != "root":
        # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
        # from subprocess, we have to skip --login option of su command. That's why
        # we change dir to / (otherwise subprocess can face with 'permission denied'
        # errors while trying to list current directory
        cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(
            ulimit_cmd=ulimit_cmd,
            su=locate_file('su', '/bin'),
            ambari_user=ambari_user,
            sh_shell=locate_file('sh', '/bin'),
            command=command)
    else:
        cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd,
                                                command=command)

    param_list.append(cmd)
    return (param_list, environ)
示例#35
0
def ensure_server_security_is_configured():
  if not is_root():
    print "Unable to check firewall status when starting without root privileges."
    print "Please do not forget to disable or adjust firewall if needed"
示例#36
0
def setup(options):
  if options.only_silent:
    if check_setup_already_done():
      print "Nothing was done. Ambari Setup already performed and cannot re-run setup in silent mode. Use \"ambari-server setup\" command without -s option to change Ambari setup."
      sys.exit(0)

  retcode = verify_setup_allowed(options)
  if not retcode == 0:
    raise FatalException(1, None)

  if not is_root():
    err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
    raise FatalException(4, err)

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)
    return

  (retcode, err) = disable_security_enhancements()
  if not retcode == 0:
    raise FatalException(retcode, err)

  #Create ambari user, if needed
  (retcode, register_service, svc_user, svc_password) = check_ambari_user(options)
  if not retcode == 0:
    err = 'Failed to create user. Exiting.'
    raise FatalException(retcode, err)

  print configDefaults.MESSAGE_CHECK_FIREWALL
  check_firewall()

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)

  print 'Checking JDK...'
  try:
    download_and_install_jdk(options)
  except FatalException as e:
    err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
    raise FatalException(e.code, err)

  print 'Completing setup...'
  retcode = configure_os_settings()
  if not retcode == 0:
    err = 'Configure of OS settings in ambari.properties failed. Exiting.'
    raise FatalException(retcode, err)

  print 'Configuring database...'
  prompt_db_properties(options)

  #DB setup should be done last after doing any setup.

  _setup_database(options)

  check_jdbc_drivers(options)

  print 'Extracting system views...'
  retcode = extract_views()
  if not retcode == 0:
    err = 'Error while extracting system views. Exiting'
    raise FatalException(retcode, err)

  # we've already done this, but new files were created so run it one time.
  adjust_directory_permissions(svc_user)

  service_setup(register_service, svc_user, svc_password)
示例#37
0
def server_process_main(options, scmStatus=None):
    # debug mode, including stop Java process at startup
    try:
        set_debug_mode_from_options(options)
    except AttributeError:
        pass

    if not check_reverse_lookup():
        print_warning_msg(
            "The hostname was not found in the reverse DNS lookup. "
            "This may result in incorrect behavior. "
            "Please check the DNS setup and fix the issue.")

    check_database_name_property()
    parse_properties_file(options)

    ambari_user = read_ambari_user()
    current_user = ensure_can_start_under_current_user(ambari_user)

    print_info_msg("Ambari Server is not running...")

    jdk_path = find_jdk()
    if jdk_path is None:
        err = "No JDK found, please run the \"ambari-server setup\" " \
              "command to install a JDK automatically or install any " \
              "JDK manually to " + configDefaults.JDK_INSTALL_DIR
        raise FatalException(1, err)

    properties = get_ambari_properties()

    # Preparations
    if is_root():
        print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT

    ensure_jdbc_driver_is_installed(options, properties)

    ensure_dbms_is_running(options, properties, scmStatus)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    refresh_stack_hash(properties)

    if scmStatus is not None:
        scmStatus.reportStartPending()

    ensure_server_security_is_configured()

    if scmStatus is not None:
        scmStatus.reportStartPending()

    java_exe = get_java_exe_path()

    class_path = get_conf_dir()
    class_path = os.path.abspath(
        class_path) + os.pathsep + get_ambari_classpath()

    debug_mode = get_debug_mode()
    debug_start = (debug_mode & 1) or SERVER_START_DEBUG
    suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
    suspend_mode = 'y' if suspend_start else 'n'

    (param_list,
     environ) = generate_child_process_param_list(ambari_user, current_user,
                                                  java_exe, class_path,
                                                  debug_start, suspend_mode)

    if not os.path.exists(configDefaults.PID_DIR):
        os.makedirs(configDefaults.PID_DIR, 0755)

    print_info_msg("Running server: " + str(param_list))
    procJava = subprocess.Popen(param_list, env=environ)

    pidJava = procJava.pid
    if pidJava <= 0:
        procJava.terminate()
        exitcode = procJava.returncode
        exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
        save_pid(exitcode, exitfile)

        if scmStatus is not None:
            scmStatus.reportStopPending()

        raise FatalException(
            -1,
            AMBARI_SERVER_DIE_MSG.format(exitcode,
                                         configDefaults.SERVER_OUT_FILE))
    else:
        pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
        save_pid(pidJava, pidfile)
        print "Server PID at: " + pidfile
        print "Server out at: " + configDefaults.SERVER_OUT_FILE
        print "Server log at: " + configDefaults.SERVER_LOG_FILE

        wait_for_server_start(pidfile, scmStatus)

    if scmStatus is not None:
        scmStatus.reportStarted()

    return procJava
示例#38
0
def ensure_server_security_is_configured():
    if not is_root():
        print "Unable to check firewall status when starting without root privileges."
        print "Please do not forget to disable or adjust firewall if needed"
示例#39
0
def upgrade(args):
    print_info_msg("Upgrade Ambari Server", True)
    if not is_root():
        err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
        raise FatalException(4, err)
    print_info_msg(
        'Updating Ambari Server properties in {0} ...'.format(
            AMBARI_PROPERTIES_FILE), True)
    retcode = update_ambari_properties()
    if not retcode == 0:
        err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    print_info_msg(
        'Updating Ambari Server properties in {0} ...'.format(AMBARI_ENV_FILE),
        True)
    retcode = update_ambari_env()
    if not retcode == 0:
        err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    retcode = update_krb_jaas_login_properties()
    if retcode == -2:
        pass  # no changes done, let's be silent
    elif retcode == 0:
        print_info_msg("File {0} updated.".format(AMBARI_KRB_JAAS_LOGIN_FILE),
                       True)
    elif not retcode == 0:
        err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
        raise FatalException(retcode, err)

    restore_custom_services()
    replay_mpack_logs()
    try:
        update_database_name_property(upgrade=True)
    except FatalException:
        return -1

    # Ignore the server version & database options passed via command-line arguments
    parse_properties_file(args)

    #TODO check database version
    change_objects_owner(args)

    retcode = run_schema_upgrade(args)
    if not retcode == 0:
        print_error_msg(
            "Ambari server upgrade failed. Please look at {0}, for more details."
            .format(configDefaults.SERVER_LOG_FILE))
        raise FatalException(11, 'Schema upgrade failed.')

    user = read_ambari_user()
    if user is None:
        warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
        print_warning_msg(warn)
    else:
        adjust_directory_permissions(user)

    # create jdbc symlinks if jdbc drivers are available in resources
    check_jdbc_drivers(args)

    properties = get_ambari_properties()
    if properties == -1:
        err = "Error getting ambari properties"
        print_error_msg(err)
        raise FatalException(-1, err)

    # Move *.py files from custom_actions to custom_actions/scripts
    # This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
    ambari_version = get_ambari_version(properties)
    if ambari_version is None:
        args.warnings.append(
            "*.py files were not moved from custom_actions to custom_actions/scripts."
        )
    elif compare_versions(ambari_version, "2.0.0") == 0:
        move_user_custom_actions()

    # Move files installed by package to default views directory to a custom one
    for views_dir in get_views_dir(properties):
        root_views_dir = views_dir + "/../"

        if os.path.samefile(root_views_dir, get_default_views_dir()):
            continue

        for file in glob.glob(get_default_views_dir() + '/*'):
            shutil.move(file, root_views_dir)

    # Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
    admin_views_dirs = get_admin_views_dir(properties)
    for admin_views_dir in admin_views_dirs:
        shutil.rmtree(admin_views_dir)

    # Modify timestamp of views jars to current time
    views_jars = get_views_jars(properties)
    for views_jar in views_jars:
        os.utime(views_jar, None)

    # check if ambari is configured to use LDAP authentication
    if properties.get_property(CLIENT_SECURITY) == "ldap":
        args.warnings.append(
            "LDAP authentication is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
        )

    # adding custom jdbc name and previous custom jdbc properties
    # we need that to support new dynamic jdbc names for upgraded ambari
    add_jdbc_properties(properties)

    json_url = get_json_url_from_repo_file()
    if json_url:
        print "Ambari repo file contains latest json url {0}, updating stacks repoinfos with it...".format(
            json_url)
        properties = get_ambari_properties()
        stack_root = get_stack_location(properties)
        update_latest_in_repoinfos_for_stacks(stack_root, json_url)
    else:
        print "Ambari repo file doesn't contain latest json url, skipping repoinfos modification"
def upgrade(args):
  if not is_root():
    err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
    raise FatalException(4, err)
  print 'Updating properties in ' + AMBARI_PROPERTIES_FILE + ' ...'
  retcode = update_ambari_properties()
  if not retcode == 0:
    err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
    raise FatalException(retcode, err)

  retcode = update_ambari_env()
  if not retcode == 0:
    err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
    raise FatalException(retcode, err)

  retcode = update_krb_jaas_login_properties()
  if retcode == -2:
    pass  # no changes done, let's be silent
  elif retcode == 0:
    print 'File ' + AMBARI_KRB_JAAS_LOGIN_FILE + ' updated.'
  elif not retcode == 0:
    err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
    raise FatalException(retcode, err)

  restore_custom_services()
  try:
    update_database_name_property(upgrade=True)
  except FatalException:
    return -1

  # Ignore the server version & database options passed via command-line arguments
  parse_properties_file(args)

  #TODO check database version
  change_objects_owner(args)

  retcode = run_schema_upgrade(args)
  if not retcode == 0:
    print_error_msg("Ambari server upgrade failed. Please look at {0}, for more details.".format(configDefaults.SERVER_LOG_FILE))
    raise FatalException(11, 'Schema upgrade failed.')

  user = read_ambari_user()
  if user is None:
    warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
    print_warning_msg(warn)
  else:
    adjust_directory_permissions(user)

  # local repo
  upgrade_local_repo(args)

  # create jdbc symlinks if jdbc drivers are available in resources
  check_jdbc_drivers(args)

  properties = get_ambari_properties()
  if properties == -1:
    err = "Error getting ambari properties"
    print_error_msg(err)
    raise FatalException(-1, err)

  # Move *.py files from custom_actions to custom_actions/scripts
  # This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
  ambari_version = get_ambari_version(properties)
  if ambari_version is None:
    args.warnings.append("*.py files were not moved from custom_actions to custom_actions/scripts.")
  elif compare_versions(ambari_version, "2.0.0") == 0:
    move_user_custom_actions()

  # Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
  admin_views_dirs = get_admin_views_dir(properties)
  for admin_views_dir in admin_views_dirs:
    shutil.rmtree(admin_views_dir)

  # Remove ambari views directory for the rest of the jars, at the time of upgrade. At restart all jars present in Ambari will be extracted into work directory
  views_dir =  get_views_dir(properties)
  for views in views_dir:
    shutil.rmtree(views)

  # check if ambari has obsolete LDAP configuration
  if properties.get_property(LDAP_PRIMARY_URL_PROPERTY) and not properties.get_property(IS_LDAP_CONFIGURED):
    args.warnings.append("Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration.")
示例#41
0
def setup(options):
  modifyGlobalConstant(options.use_default)
  retcode = verify_setup_allowed()
  if not retcode == 0:
    raise FatalException(1, None)

  if not is_root():
    err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
    raise FatalException(4, err)

  if _check_repo_options(options):
    configureRepoURL(options.repo_url)
    
  if _check_hostname(options):
    configureHostname(options.hostname)

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)
    return

  (retcode, err) = disable_security_enhancements()
  if not retcode == 0:
    raise FatalException(retcode, err)

  #Create tbds user, if needed
  retcode = check_ambari_user()
  if not retcode == 0:
    err = 'Failed to create user. Exiting.'
    raise FatalException(retcode, err)

  print configDefaults.MESSAGE_CHECK_FIREWALL
  check_firewall()

  # proceed jdbc properties if they were set
  if _check_jdbc_options(options):
    proceedJDBCProperties(options)

  print 'Checking JDK...'
  try:
    download_and_install_jdk(options)
  except FatalException as e:
    err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
    raise FatalException(e.code, err)

  print 'Completing setup...'
  retcode = configure_os_settings()
  if not retcode == 0:
    err = 'Configure of OS settings in tbds.properties failed. Exiting.'
    raise FatalException(retcode, err)

  print 'Configuring database...'
  prompt_db_properties(options)

  #DB setup should be done last after doing any setup.

  _setup_database(options)

  check_jdbc_drivers(options)

  print 'Extracting system views...'
  retcode = extract_views()
  if not retcode == 0:
    err = 'Error while extracting system views. Exiting'
    raise FatalException(retcode, err)

  # we've already done this, but new files were created so run it one time.
  adjust_directory_permissions(read_ambari_user())