def test_base_configs(self): cluster = mock.Mock( cluster_configs={'Kerberos': {'Enable Kerberos Security': True}}, node_groups=[], ) self.assertTrue(krb.is_kerberos_security_enabled(cluster)) cluster = mock.Mock( cluster_configs={'Kerberos': {'Enable Kerberos Security': False}}, node_groups=[], ) self.assertFalse(krb.is_kerberos_security_enabled(cluster))
def _build_ambari_cluster_template(cluster): cl_tmpl = { "blueprint": cluster.name, "default_password": uuidutils.generate_uuid(), "host_groups": [] } if cluster.use_autoconfig: strategy = configs.get_auto_configuration_strategy(cluster) cl_tmpl["config_recommendation_strategy"] = strategy if kerberos.is_kerberos_security_enabled(cluster): cl_tmpl["credentials"] = _get_credentials(cluster) cl_tmpl["security"] = {"type": "KERBEROS"} topology = _get_topology_data(cluster) for ng in cluster.node_groups: for instance in ng.instances: host = {"fqdn": instance.fqdn()} if t_helper.is_data_locality_enabled(): host["rack_info"] = topology[instance.instance_name] cl_tmpl["host_groups"].append({ "name": instance.instance_name, "hosts": [host] }) return cl_tmpl
def prepare_scaling_kerberized_cluster(cluster, cloudera_utils, instances): if kerberos.is_kerberos_security_enabled(cluster): server = None if not kerberos.using_existing_kdc(cluster): server = cloudera_utils.pu.get_manager(cluster) kerberos.setup_clients(cluster, server) kerberos.prepare_policy_files(cluster) # manager can correctly handle updating configs cloudera_utils.push_kerberos_configs(cluster) kerberos.create_keytabs_for_map( cluster, {'hdfs': cloudera_utils.pu.get_hdfs_nodes(cluster, instances)})
def setup_kerberos_for_cluster(cluster, cloudera_utils): if kerberos.is_kerberos_security_enabled(cluster): manager = cloudera_utils.pu.get_manager(cluster) kerberos.deploy_infrastructure(cluster, manager) cloudera_utils.full_cluster_stop(cluster) kerberos.prepare_policy_files(cluster) cloudera_utils.push_kerberos_configs(cluster) cloudera_utils.full_cluster_start(cluster) kerberos.create_keytabs_for_map( cluster, { 'hdfs': cloudera_utils.pu.get_hdfs_nodes(cluster), 'spark': [cloudera_utils.pu.get_spark_historyserver(cluster)] })
def get_clients(cluster): procs = [] for ng in cluster.node_groups: procs.extend(ng.node_processes) clients = [] for proc in procs: clients.extend(CLIENT_MAP.get(proc, [])) clients = list(set(clients)) clients.extend(ALL_LIST) if kerberos.is_kerberos_security_enabled(cluster): clients.append(KERBEROS_CLIENT) return clients
def create_blueprint(cluster): _prepare_ranger(cluster) cluster = conductor.cluster_get(context.ctx(), cluster.id) host_groups = [] for ng in cluster.node_groups: procs = p_common.get_ambari_proc_list(ng) procs.extend(p_common.get_clients(cluster)) for instance in ng.instances: hg = { "name": instance.instance_name, "configurations": configs.get_instance_params(instance), "components": get_host_group_components(cluster, procs) } host_groups.append(hg) bp = { "Blueprints": { "stack_name": "HDP", "stack_version": cluster.hadoop_version, }, "host_groups": host_groups, "configurations": configs.get_cluster_params(cluster) } if kerberos.is_kerberos_security_enabled(cluster): bp['configurations'].extend([ _serialize_mit_kdc_kerberos_env(cluster), _serialize_krb5_configs(cluster) ]) bp['Blueprints']['security'] = {'type': 'KERBEROS'} general_configs = cluster.cluster_configs.get("general", {}) if (general_configs.get(p_common.NAMENODE_HA) or general_configs.get(p_common.RESOURCEMANAGER_HA) or general_configs.get(p_common.HBASE_REGIONSERVER_HA)): bp = ha_helper.update_bp_ha_common(cluster, bp) if general_configs.get(p_common.NAMENODE_HA): bp = ha_helper.update_bp_for_namenode_ha(cluster, bp) if general_configs.get(p_common.RESOURCEMANAGER_HA): bp = ha_helper.update_bp_for_resourcemanager_ha(cluster, bp) if general_configs.get(p_common.HBASE_REGIONSERVER_HA): bp = ha_helper.update_bp_for_hbase_ha(cluster, bp) with _get_ambari_client(cluster) as client: return client.create_blueprint(cluster.name, bp)
def deploy_kerberos_principals(cluster, instances=None): if not kerberos.is_kerberos_security_enabled(cluster): return if instances is None: instances = plugin_utils.get_instances(cluster) mapper = { 'hdfs': plugin_utils.instances_with_services(instances, [ p_common.SECONDARY_NAMENODE, p_common.NAMENODE, p_common.DATANODE, p_common.JOURNAL_NODE ]), 'spark': plugin_utils.instances_with_services( instances, [p_common.SPARK_JOBHISTORYSERVER]), 'oozie': plugin_utils.instances_with_services(instances, [p_common.OOZIE_SERVER]), } kerberos.create_keytabs_for_map(cluster, mapper)
def get_client(self): if kerberos.is_kerberos_security_enabled(self.cluster): return super(EDPOozieEngine, self).get_remote_client() return super(EDPOozieEngine, self).get_client()
def manage_host_components(cluster, instances): _install_services_to_hosts(cluster, instances) if kerberos.is_kerberos_security_enabled(cluster): _regenerate_keytabs(cluster) _start_services_on_hosts(cluster, instances)
def prepare_kerberos(cluster, instances=None): if kerberos.is_kerberos_security_enabled(cluster): _prepare_kerberos(cluster, instances)