AMBARI-140 (clemlab): improve hue start/stop handling follow up

lucasbak · lucasbak · commit 84c1df26e9d2 · 2024-06-05T11:30:02.000+02:00
diff --git a/ambari-server/src/main/resources/stacks/ODP/1.0/services/HBASE/service_advisor.py b/ambari-server/src/main/resources/stacks/ODP/1.0/services/HBASE/service_advisor.py
@@ -458,8 +458,12 @@ def recommendHBASEConfigurationsFromODP12(self, configurations, clusterData, ser
 
     # https://github.com/apache/hbase/blob/13af64dc1cbd0e90c3a98071deeb815520b624ee/hbase-common/src/main/resources/hbase-default.xml#L1389
     hbaseThriftServerHosts = self.getHostsWithComponent("HBASE", "HBASE_THRIFTSERVER", services, hosts)
+    hueServerHosts = self.getHostsWithComponent("HUE", "HUE_SERVER", services, hosts)
     if hbaseThriftServerHosts is not None and len(hbaseThriftServerHosts):
-      putHbaseSiteProperty('hbase.regionserver.thrift.framed', 'true')
+      putHbaseSiteProperty('hbase.regionserver.thrift.framed', 'false')
+      putHbaseSiteProperty('hbase.regionserver.thrift.http', 'true')
+    if hueServerHosts is not None and len(hueServerHosts) > 0 :
+      putHbaseSiteProperty('hbase.thrift.support.proxyuser', 'true')
 
   def setHandlerCounts(self, configurations, clusterData, services, hosts, cores):
     putHbaseSiteProperty = self.putProperty(configurations, "hbase-site", services)
@@ -534,16 +538,18 @@ def recommendHBASEConfigurationsForKerberos(self, configurations, clusterData, s
       else:
         self.logger.debug("No phoenix query server hosts to update")
 
-      hbase_thriftserver_server_hosts = self.getHBaseThriftServerHosts(services, hosts)      
-      hbaseEnvProperties = self.getSiteProperties(services['configurations'], 'hbase-env')
-      if hbaseEnvProperties and self.checkSiteProperties(hbaseEnvProperties, 'hbase_user'):
-      hbaseUser = hbaseEnvProperties['hbase_user']
-      hbaseUserOld = self.getOldValue(services, 'hbase-env', 'hbase_user')
-      self.put_proxyuser_value(hbaseUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
-      if hbaseUserOld is not None and hbaseUser != hbaseUserOld:
-        putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(hbaseUserOld), 'delete', 'true')
-        services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(hbaseUserOld)})
-        services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(hbaseUser)})
+      if 'hbase.thrift.support.proxyuser' in configurations['hbase-site']['properties']:
+        if configurations['hbase-site']['properties']['hbase.thrift.support.proxyuser'].lower() == 'true':
+          hbase_thriftserver_server_hosts = self.getHBaseThriftServerHosts(services, hosts)
+          hbaseEnvProperties = self.getSiteProperties(services['configurations'], 'hbase-env')
+          if hbaseEnvProperties and self.checkSiteProperties(hbaseEnvProperties, 'hbase_user'):
+          hbaseUser = hbaseEnvProperties['hbase_user']
+          hbaseUserOld = self.getOldValue(services, 'hbase-env', 'hbase_user')
+          self.put_proxyuser_value(hbaseUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
+          if hbaseUserOld is not None and hbaseUser != hbaseUserOld:
+            putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(hbaseUserOld), 'delete', 'true')
+            services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(hbaseUserOld)})
+            services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(hbaseUser)})
 
     else:
       putHbaseSiteProperty('hbase.master.ui.readonly', 'false')
@@ -883,7 +889,9 @@ def validateHBASEConfigurationsFromHDP23(self, properties, recommendedDefaults,
   def validateHBASEConfigurationsFromODP12(self, properties, recommendedDefaults, configurations, services, hosts):
       hbase_site = properties
       validationItems = []
-
+      hbase_security_kerberos = False
+      if "hbase.security.authentication" in properties:
+        hbase_security_kerberos = properties["hbase.security.authentication"].lower() == "kerberos"
       #Adding HBase Thrift Logic Here
       ranger_plugin_properties = self.getSiteProperties(configurations, "ranger-hbase-plugin-properties")
       ranger_plugin_enabled = ranger_plugin_properties['ranger-hbase-plugin-enabled'] if ranger_plugin_properties else 'No'
@@ -909,9 +917,20 @@ def validateHBASEConfigurationsFromODP12(self, properties, recommendedDefaults,
           validationItems.append({"config-name": framed_prop_name,
                         "item": self.getErrorItem("{0} needs to be defined when HBase Thrift Server is installed".format(framed_prop_name))})
         else:
-          if 'false' == hbase_site[framed_prop_name].lower():
+          if 'true' == hbase_site[framed_prop_name].lower() and hbase_security_kerberos :
             validationItems.append({"config-name": framed_prop_name,
-                          "item": self.getWarnItem("{0} should be set to true to improve performance and security".format(framed_prop_name))})
+                          "item": self.getWarnItem("{0} need to be set to false when kerberos is enabled".format(framed_prop_name))})
+      #https://hbase.apache.org/book.html#security.gateway.thrift
+
+      # verification of hbase proxy user when hbase thrift server is installed and proxy is enable
+        hbase_user = services['configurations']['hbase-env']['properties']['hbase_user']
+        if 'hbase.thrift.support.proxyuser' in hbase_site:
+          if hbase_site['hbase.thrift.support.proxyuser'].lower() == 'true':
+            for prop in ["hadoop.proxyuser.{0}.groups".format(hbase_user),"hadoop.proxyuser.{0}.groups".format(hbase_user)]:
+              if prop not in services['configurations']['core-site']['properties']:
+                validationItems.append({"config-name": prop_name,
+                                      "item": self.getErrorItem(
+                                        "HBase user need to be added to proxyuser when impersonation is enabled.".format(prop_name))})
 
       validationProblems = self.toConfigurationValidationProblems(validationItems, "hbase-site")
       return validationProblems
diff --git a/ambari-server/src/main/resources/stacks/ODP/1.2/services/HUE/package/scripts/params_linux.py b/ambari-server/src/main/resources/stacks/ODP/1.2/services/HUE/package/scripts/params_linux.py
@@ -560,7 +560,10 @@ def buildUrlElement(protocol, hdfs_host, port, servicePath) :
   hue_oozie_kerberos_enabled = security_enabled
 
 if has_hbase:
-  hbase_thrift_port = default("/configurations/hbase-site/hbase.thrift.port", 9090)
+  hbase_thrift_http_port = default("/configurations/hbase-site/hbase.thrift.port", 9090)
+  hbase_thrift_binary_port = default("/configurations/hbase-site/hbase.thrift.http.port", 9095)
+  hbase_thrift_http_enabled = default("/configurations/hbase-site/'hbase.regionserver.thrift.http", 'false')
+  hbase_thrift_port = hbase_thrift_binary_port if hbase_thrift_http_enabled.lower() == 'false' else hbase_thrift_http_port
   if len(hbase_thrift_hosts) > 1:
     hue_hbase_clusters = ','.join('(HBase Thrift'+ str(item)+ '|' + item +':'+ str(hbase_thrift_port) + ')' for item in hbase_thrift_hosts) 
   else:
