-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(yarn-timelineserver-v2): setup Ranger rules and Hbase tables cre…
…ation for ATS
- Loading branch information
Showing
7 changed files
with
125 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Copyright 2022 TOSIT.IO | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
--- | ||
- name: Hadoop YARN App Timeline Server ranger policy init | ||
hosts: yarn_ats | ||
tasks: | ||
- tosit.tdp.resolve: # noqa unnamed-task | ||
node_name: yarn_apptimelineserver | ||
- name: Initialize YARN App Timeline Server Ranger policy | ||
import_role: | ||
name: tosit.tdp.yarn.apptimelineserver | ||
tasks_from: ranger_policy | ||
- meta: clear_facts # noqa unnamed-task |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Copyright 2022 TOSIT.IO | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
--- | ||
- name: YARN Timeline Service initialization - "kinit" | ||
run_once: true | ||
become_user: "{{ yarn_user }}" | ||
ansible.builtin.shell: /bin/kinit -kt /etc/security/keytabs/yarn.headless.keytab "{{ yarn_headless_principal }}@{{ realm }}" | ||
changed_when: false | ||
|
||
- name: Initialize Timeline Service Hbase tables | ||
run_once: true | ||
become_user: "{{ yarn_user }}" | ||
block: | ||
- name: Start TimelineSchemaCreator | ||
ansible.builtin.shell: | | ||
HADOOP_OPTS=-Djava.security.auth.login.config=/etc/hbase/conf/krb5JAASClient.conf \ | ||
HADOOP_CLASSPATH=/opt/tdp/hbase/lib/*:/opt/tdp/hadoop/share/hadoop/yarn/timelineservice/*:`hadoop classpath` \ | ||
hadoop org.apache.hadoop.yarn.server.timelineservice.storage.TimelineSchemaCreator -create -skipExistingTable 2>&1 | ||
register: timeline_schema_creator | ||
changed_when: false | ||
failed_when: 'timeline_schema_creator.rc != 0 or "Successfully created HBase schema" not in timeline_schema_creator.stdout' | ||
rescue: | ||
- name: YARN Timeline Service initialization - "kdestroy" | ||
ansible.builtin.shell: /bin/kdestroy | ||
changed_when: false | ||
failed_when: true | ||
|
||
- name: YARN Timeline Service initialization - "kdestroy" | ||
run_once: true | ||
become_user: "{{ yarn_user }}" | ||
ansible.builtin.shell: /bin/kdestroy | ||
changed_when: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Copyright 2022 TOSIT.IO | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
--- | ||
- name: Create Yarn Timeline Server policy | ||
run_once: true | ||
uri: | ||
url: "{{ ranger_yarn_install_properties.POLICY_MGR_URL }}/service/public/v2/api/policy" | ||
headers: | ||
Accept: application/json | ||
body: | ||
name: yarn-ats-permissions | ||
service: "{{ ranger_hbase_install_properties.REPOSITORY_NAME }}" | ||
repositoryType: hbase | ||
description: Permissions to give to yarn Timeline Server | ||
isEnabled: true | ||
isAuditEnabled: true | ||
resources: | ||
column-family: | ||
values: ["*"] | ||
isExcludes: false | ||
isRecursive: false | ||
column: | ||
values: ["*"] | ||
isExcludes: false | ||
isRecursive: false | ||
table: | ||
values: ["{{ cluster_name }}.timelineservice.*"] | ||
isExcludes: false | ||
isRecursive: false | ||
policyItems: | ||
- users: ["{{ yarn_user }}"] | ||
groups: [] | ||
delegateAdmin: false | ||
accesses: | ||
- isAllowed: true | ||
type: read | ||
- isAllowed: true | ||
type: write | ||
- isAllowed: true | ||
type: create | ||
- isAllowed: true | ||
type: admin | ||
conditions: [] | ||
body_format: json | ||
url_username: "admin" | ||
url_password: "{{ ranger_admin_password }}" | ||
force_basic_auth: true | ||
method: POST | ||
status_code: [200, 400] | ||
validate_certs: false | ||
register: reg_yarn_ats | ||
changed_when: reg_yarn_ats.status == 200 | ||
failed_when: | | ||
reg_yarn_ats is failed or | ||
reg_yarn_ats.status == 400 and | ||
(reg_yarn_ats.json.msgDesc is not defined or | ||
'Another policy already exists for this name' not in reg_yarn_ats.json.msgDesc and | ||
'Another policy already exists for matching resource' not in reg_yarn_ats.json.msgDesc) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters