diff options
author | Olaf Flebbe <o.flebbe@science-computing.de> | 2015-10-08 13:54:25 +0000 |
---|---|---|
committer | Olaf Flebbe <of@ofleb.be> | 2015-11-06 21:44:53 +0100 |
commit | b2d94ebecc4fe31fe2c343184ffc14167a4ccca2 (patch) | |
tree | 3f63998854e82e3e3e4a9220607e871a464daee3 /bigtop-deploy/puppet | |
parent | e6261d80f71d2dcb15fed45c13c862bf1d9cb250 (diff) |
BIGTOP-2028: Enhance puppet config of zookeeper to support kerberized clients
Diffstat (limited to 'bigtop-deploy/puppet')
-rw-r--r-- | bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env | 3 | ||||
-rw-r--r-- | bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp | 58 | ||||
-rw-r--r-- | bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf | 22 | ||||
-rw-r--r-- | bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf (renamed from bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf) | 0 |
4 files changed, 64 insertions, 19 deletions
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env index 6aca4882..0bde8713 100644 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env @@ -12,4 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/jaas.conf" +export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/server-jaas.conf" +export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/client-jaas.conf" diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp index 7bbfcfd9..69650909 100644 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp @@ -13,7 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -class hadoop_zookeeper { +class hadoop_zookeeper ( + $kerberos_realm = "", +) { class deploy ($roles) { if ("zookeeper-client" in $roles) { @@ -25,19 +27,45 @@ class hadoop_zookeeper { } } - class client { + class common ( + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + if ($kerberos_realm) { + file { '/etc/zookeeper/conf/java.env': + source => 'puppet:///modules/hadoop_zookeeper/java.env', + } + Package<| title == 'zookeeper' |> -> File['/etc/zookeeper/conf/java.env'] + Package<| title == 'zookeeper-server' |> -> File['/etc/zookeeper/conf/java.env'] + File['/etc/zookeeper/conf/java.env'] ~> Service<| title == 'zookeeper-server' |> + } + } + + class client ( + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + include common + package { "zookeeper": ensure => latest, require => Package["jdk"], - } + } + + if ($kerberos_realm) { + file { '/etc/zookeeper/conf/client-jaas.conf': + content => template('hadoop_zookeeper/client-jaas.conf'), + require => Package['zookeeper'], + } + } } class server($myid, $port = "2181", $datadir = "/var/lib/zookeeper", $ensemble = ["localhost:2888:3888"], - $kerberos_realm = "") - { + $kerberos_realm = $hadoop_zookeeper::kerberos_realm, + ) inherits hadoop_zookeeper { + include common + package { "zookeeper-server": ensure => latest, require => Package["jdk"], @@ -45,13 +73,13 @@ class hadoop_zookeeper { service { "zookeeper-server": ensure => running, - require => [ Package["zookeeper-server"], + require => [ Package["zookeeper-server"], Exec["zookeeper-server-initialize"] ], subscribe => [ File["/etc/zookeeper/conf/zoo.cfg"], File["/var/lib/zookeeper/myid"] ], hasrestart => true, hasstatus => true, - } + } file { "/etc/zookeeper/conf/zoo.cfg": content => template("hadoop_zookeeper/zoo.cfg"), @@ -62,7 +90,7 @@ class hadoop_zookeeper { content => inline_template("<%= @myid %>"), require => Package["zookeeper-server"], } - + exec { "zookeeper-server-initialize": command => "/usr/bin/zookeeper-server-initialize", user => "zookeeper", @@ -74,19 +102,13 @@ class hadoop_zookeeper { require kerberos::client kerberos::host_keytab { "zookeeper": - spnego => true, - notify => Service["zookeeper-server"], + spnego => true, require => Package["zookeeper-server"], + before => Service["zookeeper-server"], } - file { "/etc/zookeeper/conf/java.env": - source => "puppet:///modules/hadoop_zookeeper/java.env", - require => Package["zookeeper-server"], - notify => Service["zookeeper-server"], - } - - file { "/etc/zookeeper/conf/jaas.conf": - content => template("hadoop_zookeeper/jaas.conf"), + file { "/etc/zookeeper/conf/server-jaas.conf": + content => template("hadoop_zookeeper/server-jaas.conf"), require => Package["zookeeper-server"], notify => Service["zookeeper-server"], } diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf new file mode 100644 index 00000000..55ff396a --- /dev/null +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf @@ -0,0 +1,22 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +Client { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=false + useTicketCache=true; +}; diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf index 61b2eac4..61b2eac4 100644 --- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf +++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf |