Remove hardcoded password for Oozie service
Change will correct the oozie configuration to use a random password instead of the hardcoded one currently in use. Closes-bug: 1541122 Change-Id: I31c54aefc3c3ac65d928d9892be485ac754b6b10
This commit is contained in:
Mikhail Lelyakin
parent
b6098b064c
commit
d2c465f930
|
|
@ -144,7 +144,7 @@ def _get_hadoop_configs(pctx, instance):
|
|||
|
||||
oozie_cfg = o_helper.get_oozie_required_xml_configs(HADOOP_CONF_DIR)
|
||||
if c_helper.is_mysql_enabled(pctx, cluster):
|
||||
oozie_cfg.update(o_helper.get_oozie_mysql_configs())
|
||||
oozie_cfg.update(o_helper.get_oozie_mysql_configs(cluster))
|
||||
|
||||
confs['JobFlow'] = oozie_cfg
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
from sahara.plugins.vanilla.hadoop2 import utils as u
|
||||
|
||||
|
||||
def get_oozie_required_xml_configs(hadoop_conf_dir):
|
||||
|
|
@ -38,12 +39,13 @@ def get_oozie_required_xml_configs(hadoop_conf_dir):
|
|||
}
|
||||
|
||||
|
||||
def get_oozie_mysql_configs():
|
||||
def get_oozie_mysql_configs(cluster):
|
||||
return {
|
||||
'oozie.service.JPAService.jdbc.driver':
|
||||
'com.mysql.jdbc.Driver',
|
||||
'oozie.service.JPAService.jdbc.url':
|
||||
'jdbc:mysql://localhost:3306/oozie',
|
||||
'oozie.service.JPAService.jdbc.username': 'oozie',
|
||||
'oozie.service.JPAService.jdbc.password': 'oozie'
|
||||
'oozie.service.JPAService.jdbc.password': u.get_oozie_password(
|
||||
cluster)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
create database oozie;
|
||||
grant all privileges on oozie.* to 'oozie'@'localhost' identified by 'oozie';
|
||||
grant all privileges on oozie.* to 'oozie'@'%' identified by 'oozie';
|
||||
grant all privileges on oozie.* to 'oozie'@'localhost' identified by 'password';
|
||||
grant all privileges on oozie.* to 'oozie'@'%' identified by 'password';
|
||||
exit
|
||||
|
|
@ -22,6 +22,7 @@ from sahara.i18n import _
|
|||
from sahara.i18n import _LI
|
||||
from sahara.plugins import utils as pu
|
||||
from sahara.plugins.vanilla.hadoop2 import config_helper as c_helper
|
||||
from sahara.plugins.vanilla.hadoop2 import oozie_helper
|
||||
from sahara.plugins.vanilla import utils as vu
|
||||
from sahara.utils import cluster_progress_ops as cpo
|
||||
from sahara.utils import edp
|
||||
|
|
@ -88,6 +89,12 @@ def start_oozie_process(pctx, instance):
|
|||
LOG.debug("Creating Oozie DB Schema")
|
||||
sql_script = files.get_file_text(
|
||||
'plugins/vanilla/hadoop2/resources/create_oozie_db.sql')
|
||||
|
||||
password = oozie_helper.get_oozie_mysql_configs(
|
||||
instance.cluster)[
|
||||
'oozie.service.JPAService.jdbc.password']
|
||||
sql_script = sql_script.replace("password", password)
|
||||
|
||||
script_location = "create_oozie_db.sql"
|
||||
r.write_file_to(script_location, sql_script)
|
||||
r.execute_command('mysql -u root < %(script_location)s && '
|
||||
|
|
|
|||
|
|
@ -15,7 +15,17 @@
|
|||
|
||||
import re
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
from sahara import conductor as cond
|
||||
from sahara import context
|
||||
from sahara.i18n import _LW
|
||||
from sahara.plugins.vanilla import utils as u
|
||||
from sahara.service.castellan import utils as castellan
|
||||
|
||||
conductor = cond.API
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def get_datanodes_status(cluster):
|
||||
|
|
@ -44,3 +54,20 @@ def get_nodemanagers_status(cluster):
|
|||
statuses[host] = status.lower()
|
||||
|
||||
return statuses
|
||||
|
||||
|
||||
def get_oozie_password(cluster):
|
||||
cluster = conductor.cluster_get(context.ctx(), cluster)
|
||||
extra = cluster.extra.to_dict()
|
||||
if 'oozie_pass_id' not in extra:
|
||||
extra['oozie_pass_id'] = u.generate_random_password()
|
||||
conductor.cluster_update(context.ctx(), cluster, {'extra': extra})
|
||||
return castellan.get_secret(extra['oozie_pass_id'])
|
||||
|
||||
|
||||
def delete_oozie_password(cluster):
|
||||
extra = cluster.extra.to_dict()
|
||||
if 'oozie_pass_id' in extra:
|
||||
castellan.delete_secret(extra['oozie_pass_id'])
|
||||
else:
|
||||
LOG.warning(_LW("Cluster hasn't Oozie password"))
|
||||
|
|
|
|||
|
|
@ -13,7 +13,12 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import uuid
|
||||
|
||||
import six
|
||||
|
||||
from sahara.plugins import utils as u
|
||||
from sahara.service.castellan import utils as castellan
|
||||
|
||||
|
||||
def get_namenode(cluster):
|
||||
|
|
@ -50,3 +55,8 @@ def get_historyserver(cluster):
|
|||
|
||||
def get_instance_hostname(instance):
|
||||
return instance.hostname() if instance else None
|
||||
|
||||
|
||||
def generate_random_password():
|
||||
password = six.text_type(uuid.uuid4())
|
||||
return castellan.store_secret(password)
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ from sahara.plugins.vanilla.hadoop2 import recommendations_utils as ru
|
|||
from sahara.plugins.vanilla.hadoop2 import run_scripts as run
|
||||
from sahara.plugins.vanilla.hadoop2 import scaling as sc
|
||||
from sahara.plugins.vanilla.hadoop2 import starting_scripts as s_scripts
|
||||
from sahara.plugins.vanilla.hadoop2 import utils as u
|
||||
from sahara.plugins.vanilla.hadoop2 import validation as vl
|
||||
from sahara.plugins.vanilla import utils as vu
|
||||
from sahara.plugins.vanilla.v2_7_1 import config_helper as c_helper
|
||||
|
|
@ -142,6 +143,7 @@ class VersionHandler(avm.AbstractVersionHandler):
|
|||
return edp_engine.EdpOozieEngine.get_possible_job_config(job_type)
|
||||
|
||||
def on_terminate_cluster(self, cluster):
|
||||
u.delete_oozie_password(cluster)
|
||||
keypairs.drop_key(cluster)
|
||||
|
||||
def get_open_ports(self, node_group):
|
||||
|
|
|
|||
|
|
@ -64,3 +64,42 @@ class UtilsTestCase(base.SaharaTestCase):
|
|||
inst.remote.return_value = inst_remote
|
||||
|
||||
return inst
|
||||
|
||||
@mock.patch('sahara.conductor.API.cluster_get')
|
||||
@mock.patch('sahara.service.castellan.utils.get_secret')
|
||||
@mock.patch('sahara.service.castellan.utils.store_secret')
|
||||
@mock.patch('sahara.plugins.vanilla.utils')
|
||||
@mock.patch('sahara.conductor.API.cluster_update')
|
||||
def test_oozie_password(self, cluster_update, vu,
|
||||
store_secret, get_secret, conductor):
|
||||
cluster = mock.MagicMock()
|
||||
cluster.extra = mock.MagicMock()
|
||||
cluster.extra.to_dict.return_value = {"oozie_pass_id": "31415926"}
|
||||
|
||||
conductor.return_value = cluster
|
||||
|
||||
get_secret.return_value = "oozie_pass"
|
||||
result = u.get_oozie_password(cluster)
|
||||
|
||||
get_secret.assert_called_once_with("31415926")
|
||||
vu.generate_random_password.assert_not_called()
|
||||
self.assertEqual('oozie_pass', result)
|
||||
|
||||
cluster.extra.to_dict.return_value = {}
|
||||
|
||||
store_secret.return_value = 'oozie_pass'
|
||||
result = u.get_oozie_password(cluster)
|
||||
self.assertEqual('oozie_pass', result)
|
||||
|
||||
@mock.patch('sahara.service.castellan.utils.delete_secret')
|
||||
def test_delete_oozie_password(self, delete_secret):
|
||||
cluster = mock.MagicMock()
|
||||
cluster.extra.to_dict = mock.MagicMock()
|
||||
|
||||
cluster.extra.to_dict.return_value = {}
|
||||
u.delete_oozie_password(cluster)
|
||||
delete_secret.assert_not_called()
|
||||
|
||||
cluster.extra.to_dict.return_value = {"oozie_pass_id": "31415926"}
|
||||
u.delete_oozie_password(cluster)
|
||||
delete_secret.assert_called_once_with("31415926")
|
||||
|
|
|
|||
Loading…
Reference in New Issue