Skip to content

Commit

Permalink
added dynamic authentication (apache#38)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jlopezmalla
jlopezmalla authored and mpenate committed Jul 25, 2017
1 parent 6bd88f4 commit bb24370
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 448 deletions.
2 changes: 1 addition & 1 deletion DockerfileHistory
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ RUN yum -y update \
&& yum -y install java-1.8.0-openjdk curl wget\
&& yum -y clean all \
&& wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 \
&& curl -o /root/kms_utils-0.2.1.sh http://sodio.stratio.com/repository/paas/kms_utils/0.2.1/kms_utils-0.2.1.sh \
&& mv jq-linux64 /usr/local/bin/jq \
&& chmod 755 /usr/local/bin/jq \
&& ln -s /usr/local/bin/jq /usr/bin/ \
Expand All @@ -18,7 +19,6 @@ COPY dist /opt/sds/spark

COPY docker/historyServer/entrypoint.sh /
COPY docker/historyServer/commons.sh /
COPY docker/historyServer/kms_utils.sh /

ENTRYPOINT ["/usr/local/bin/dumb-init", "/entrypoint.sh"]

Expand Down
28 changes: 19 additions & 9 deletions docker/historyServer/entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#!/bin/bash

source kms_utils.sh
source /root/kms_utils-0.2.1.sh

source commons.sh

# Create krb5.conf file
Expand Down Expand Up @@ -28,10 +29,14 @@ EOM
function main() {
HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL=${HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL:=${auth_to_local_value}}
VAULT_PORT=${VAULT_PORT:=8200}
VAULT_TOKEN=${VAULT_TOKEN:=1111111-2222-3333-4444-5555555555555}
VAULT_HOSTS=$VAULT_HOST
SERVICE_ID=$APP_NAME
INSTANCE=$APP_NAME
VAULT_URI="$VAULT_PROTOCOL://$VAULT_HOSTS:$VAULT_PORT"

SPARK_HOME=/opt/sds/spark
FQDN=${HISTORY_SERVER_FQDN:="history-server"}
INSTANCE=${HISTORY_SERVER_FQDN:=$FQDN}
INSTANCE=${HISTORY_SERVER_FQDN:="history-server"}

mkdir -p $HADOOP_CONF_DIR

Expand All @@ -47,14 +52,19 @@ function main() {

if [[ "$HDFS_KRB_ENABLE" == "true" ]]
then
SPARK_KEYTAB_PATH="/etc/sds/spark/security"
getKrb userland $INSTANCE $FQDN "$SPARK_KEYTAB_PATH" HISTORY_SERVER_PRINCIPAL_NAME

generate_krb-conf "${KERBEROS_REALM}" "${KERBEROS_KDC_HOST}" "${KERBEROS_KADMIN_HOST}"
mv "/tmp/krb5.conf.tmp" "/etc/krb5.conf"
SPARK_HISTORY_OPTS="-Dspark.history.kerberos.principal=${HISTORY_SERVER_PRINCIPAL_NAME} -Dspark.history.kerberos.keytab=${SPARK_KEYTAB_PATH}/${FQDN}.keytab -Dspark.history.kerberos.enabled=true ${SPARK_HISTORY_OPTS}"
if [ ! -z "$VAULT_ROLE_ID" ]; then
echo "Vault role id proved, signing in"
login
fi
SPARK_KEYTAB_PATH="/etc/sds/spark/security"
getKrb userland $INSTANCE $FQDN "$SPARK_KEYTAB_PATH" HISTORY_SERVER_PRINCIPAL_NAME

generate_krb-conf "${KERBEROS_REALM}" "${KERBEROS_KDC_HOST}" "${KERBEROS_KADMIN_HOST}"
mv "/tmp/krb5.conf.tmp" "/etc/krb5.conf"
SPARK_HISTORY_OPTS="-Dspark.history.kerberos.principal=${HISTORY_SERVER_PRINCIPAL_NAME} -Dspark.history.kerberos.keytab=${SPARK_KEYTAB_PATH}/${FQDN}.keytab -Dspark.history.kerberos.enabled=true ${SPARK_HISTORY_OPTS}"
else
echo 'HDFS SECURITY IS NOT ENABLE'
echo 'HDFS SECURITY IS NOT ENABLE'
fi

generate_core-site "${HDFS_FS_DEFAULTFS}" "${HDFS_HADOOP_SECURITY_AUTHORIZATION}" "${HDFS_HADOOP_SECURITY_AUTHENTICATION}" "${HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL}"
Expand Down
Loading

0 comments on commit bb24370

Please sign in to comment.