## hadoop-env.sh
default['hadoop']['HADOOP_CLASSPATH'] = ''
default['hadoop']['HADOOP_USER_CLASSPATH_FIRST'] = false
+## hadoop-policy.xml
+default['hadoop']['security.refresh.policy.protocol.acl'] = 'hdfs,mapred hadoop'
+default['hadoop']['security.admin.operation.protocol.acl'] = 'hdfs,mapred hadoop'
## core-site.xml
default['hadoop']['this.cluster.name'] = 'localhost'
default['hadoop']['this.domain'] = 'localhost'
default['hadoop']['this.keytab.dir'] = "#{default['grid']['etc_root']}/keytabs/#{default['hadoop']['this.cluster.name']}"
default['hadoop']['this.namenode.fqdn'] = 'localhost'
default['hadoop']['fs.checkpoint.dir'] = "#{default['grid']['vol_root']}/0/var/lib/${user.name}/checkpoint"
+default['hadoop']['hadoop.security.group.mapping'] = 'org.apache.hadoop.security.JniBasedUnixGroupsMapping'
+default['hadoop']['hadoop.http.filter.initializers'] = 'org.apache.hadoop.security.AuthenticationFilterInitializer'
default['hadoop']['hadoop.http.authentication.kerberos.principal'] = 'HTTP/localhost@${this.realm}'
default['hadoop']['hadoop.proxyuser'] = {
'oozie' => {
default['hadoop']['dfs.name.dir'] = "#{default['grid']['vol_root']}/0/var/lib/${user.name}/name"
default['hadoop']['dfs.datanode.kerberos.principal'] = 'hdfs/localhost@${this.realm}'
default['hadoop']['dfs.replication'] = '1'
+default['hadoop']['dfs.cluster.administrators'] = ' hdfs'
## mapred-site.xml
default['hadoop']['this.jobtracker.fqdn'] = 'localhost'
default['hadoop']['this.jobhistory.fqdn'] = 'localhost'
default['hadoop']['mapreduce.tasktracker.kerberos.principal'] = 'mapred/localhost@${this.realm}'
default['hadoop']['mapreduce.history.server.embedded'] = true
-# taskcontroller.cfg
-## e.g. CentOS: 500
+default['hadoop']['mapred.job.tracker.persist.jobstatus.active'] = 'true'
+default['hadoop']['mapred.job.tracker.persist.jobstatus.hours'] = '3'
+default['hadoop']['mapreduce.cluster.administrators'] = ' mapred'
+default['hadoop']['mapred.task.tracker.task-controller'] = 'org.apache.hadoop.mapred.LinuxTaskController'
+## mapred-queue-acls.xml
+default['hadoop']['mapred.queue.default.acl-submit-job'] = '*'
+default['hadoop']['mapred.queue.default.acl-administer-jobs'] = ' hadoop,gridops'
+## taskcontroller.cfg
+### e.g. CentOS: 500
default['hadoop']['taskcontroller']['min.user.id'] = '1000'
-# extra settings
+## extra settings
default['hadoop']['extra_configs'] = {
# e.g. 'core-site.xml' => {'k1' => 'v1', 'k2' => 'v2'},
'core-site.xml' => {},
})
end
-jsvc_pkg = 'jsvc'
-case node[:platform_family]
- when 'debian'
- jsvc_pkg = 'jsvc'
- when 'rhel'
- jsvc_pkg = 'jakarta-commons-daemon-jsvc'
-end
+if node[:kernel][:machine] != 'x86_64' then
+ jsvc_pkg = 'jsvc'
+ case node[:platform_family]
+ when 'debian'
+ jsvc_pkg = 'jsvc'
+ when 'rhel'
+ jsvc_pkg = 'jakarta-commons-daemon-jsvc'
+ end
+
+ package jsvc_pkg do
+ action :install
+ end
-package jsvc_pkg do
- action :install
+ link "#{hadoop_prefix}/libexec/jsvc.i386" do
+ to '/usr/bin/jsvc'
+ end
end
end
</property>
<property>
<name>hadoop.security.group.mapping</name>
- <value>org.apache.hadoop.security.JniBasedUnixGroupsMapping</value>
+ <value><%= node['hadoop']['hadoop.security.group.mapping'] %></value>
</property>
<property>
<name>hadoop.security.groups.cache.secs</name>
<property>
<name>hadoop.http.filter.initializers</name>
- <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
+ <value><%= node['hadoop']['hadoop.http.filter.initializers'] %></value>
<!-- <value>org.apache.hadoop.http.lib.StaticUserWebFilter</value> -->
<description>The name of a class that initializes an input filter for Jetty.
This filter will always return Dr.Who as the web user when the servlets
<property>
<name>security.refresh.policy.protocol.acl</name>
- <value>hdfs,mapred hadoop</value>
+ <value><%= node['hadoop']['security.refresh.policy.protocol.acl'] %></value>
<description>ACL for RefreshAuthorizationPolicyProtocol, used by the
dfsadmin and mradmin commands to refresh the security policy in-effect.
The ACL is a comma-separated list of user and group names. The user and
<property>
<name>security.admin.operations.protocol.acl</name>
- <value>hdfs,mapred hadoop</value>
+ <value><%= node['hadoop']['security.admin.operation.protocol.acl'] %></value>
<description>ACL for AdminOperationsProtocol, used by the mradmins commands
to refresh queues and nodes at JobTracker. The ACL is a comma-separated list of
user and group names. The user and group list is separated by a blank.
<% if node['hadoop']['with_security'] then %>
<property>
<name>dfs.cluster.administrators</name>
- <value> hdfs</value>
+ <value><%= node['hadoop']['dfs.cluster.administrators'] %></value>
</property>
<property>
<name>dfs.http.port</name>
<property>
<name>mapred.queue.default.acl-submit-job</name>
- <value>*</value>
+ <value><%= node['hadoop']['mapred.queue.default.acl-submit-job'] %></value>
<description> Comma separated list of user and group names that are allowed
to submit jobs to the 'default' queue. The user list and the group list
are separated by a blank. For e.g. user1,user2 group1,group2.
<property>
<name>mapred.queue.default.acl-administer-jobs</name>
- <value> hadoop,gridops</value>
+ <value><%= node['hadoop']['mapred.queue.default.acl-administer-jobs'] %></value>
<description> Comma separated list of user and group names that are allowed
to view job details, kill jobs or modify job's priority for all the jobs
in the 'default' queue. The user list and the group list
<property>
<name>mapred.job.tracker.persist.jobstatus.active</name>
- <value>true</value>
+ <value><%= node['hadoop']['mapred.job.tracker.persist.jobstatus.active'] %></value>
<description>Indicates if persistency of job status information is
active or not. (default: false)
</description>
</property>
<property>
<name>mapred.job.tracker.persist.jobstatus.hours</name>
- <value>3</value>
+ <value><%= node['hadoop']['mapred.job.tracker.persist.jobstatus.hours'] %></value>
<description>The number of hours job status information is persisted in DFS.
The job status information will be available after it drops of the memory
queue and between jobtracker restarts. With a zero value the job status
</property>
<property>
<name>mapreduce.cluster.administrators</name>
- <value> mapred</value>
+ <value><%= node['hadoop']['mapreduce.cluster.administrators'] %></value>
</property>
<property>
<name>mapreduce.jobtracker.kerberos.principal</name>
<property>
<name>mapred.task.tracker.task-controller</name>
- <value>org.apache.hadoop.mapred.LinuxTaskController</value>
+ <value><%= node['hadoop']['mapred.task.tracker.task-controller'] %></value>
</property>
<property>
--- /dev/null
+# CHANGELOG for jce_policy
+
+This file is used to list changes made in each version of jce_policy.
+
+## 0.1.0:
+
+* Initial release of jce_policy
+
+- - -
+Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
+
+The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
--- /dev/null
+jce_policy Cookbook
+===================
+TODO: Enter the cookbook description here.
+
+e.g.
+This cookbook makes your favorite breakfast sandwhich.
+
+Requirements
+------------
+TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
+
+e.g.
+#### packages
+- `toaster` - jce_policy needs toaster to brown your bagel.
+
+Attributes
+----------
+TODO: List you cookbook attributes here.
+
+e.g.
+#### jce_policy::default
+<table>
+ <tr>
+ <th>Key</th>
+ <th>Type</th>
+ <th>Description</th>
+ <th>Default</th>
+ </tr>
+ <tr>
+ <td><tt>['jce_policy']['bacon']</tt></td>
+ <td>Boolean</td>
+ <td>whether to include bacon</td>
+ <td><tt>true</tt></td>
+ </tr>
+</table>
+
+Usage
+-----
+#### jce_policy::default
+TODO: Write usage instructions for each cookbook.
+
+e.g.
+Just include `jce_policy` in your node's `run_list`:
+
+```json
+{
+ "name":"my_node",
+ "run_list": [
+ "recipe[jce_policy]"
+ ]
+}
+```
+
+Contributing
+------------
+TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
+
+e.g.
+1. Fork the repository on Github
+2. Create a named feature branch (like `add_component_x`)
+3. Write you change
+4. Write tests for your change (if applicable)
+5. Run the tests, ensuring they all pass
+6. Submit a Pull Request using Github
+
+License and Authors
+-------------------
+Authors: TODO: List authors
--- /dev/null
+#
+# Cookbook Name:: jce_policy
+# Attributes:: default
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# in the java cookbook
+#default['java']['jdk_version'] = '6'
+#default['java']['java_home'] = "/usr/lib/jvm/java"
+
+default['jce_policy']['6']['url'] = 'http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip'
+default['jce_policy']['7']['url'] = 'http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip'
+
+# if you change this to true, you can download directly from Oracle
+default['jce_policy']['oracle']['accept_oracle_download_terms'] = false
+
--- /dev/null
+name 'jce_policy'
+maintainer 'whitestar'
+maintainer_email ''
+license 'Apache 2.0'
+description 'Installs/Configures jce_policy'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version '0.1.0'
--- /dev/null
+#
+# Cookbook Name:: jce_policy
+# Recipe:: default
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+cookie_jce_policy6 = 'oraclelicense=accept-securebackup-cookie;gpw_e24=http://www.oracle.com'
+cookie_jce_policy7 = 'oraclelicensejce-7-oth-JPR=accept-securebackup-cookie;gpw_e24=http://www.oracle.com'
+
+cookie = ''
+download_url = ''
+zip_file = ''
+unzipped_dir = ''
+case node['java']['jdk_version']
+ when '6'
+ cookie = cookie_jce_policy6
+ download_url = node['jce_policy']['6']['url']
+ zip_file = 'jce_plicy-6.zip'
+ unzipped_dir = 'jce'
+ when '7'
+ cookie = cookie_jce_policy7
+ download_url = node['jce_policy']['7']['url']
+ zip_file = 'UnlimitedJCEPolicyJDK7.zip'
+ unzipped_dir = 'UnlimitedJCEPolicy'
+end
+
+if node['jce_policy']['oracle']['accept_oracle_download_terms']
+ package 'curl' do
+ action :install
+ end
+
+ downloaded_file = "#{Chef::Config[:file_cache_path]}/#{zip_file}"
+ bash "download_jce_policy#{node['java']['jdk_version']}" do
+ code <<-EOC
+ curl -L --cookie "#{cookie}" #{download_url} -o #{downloaded_file}
+ EOC
+ creates downloaded_file
+ end
+else
+ Chef::Application.fatal!("You must set the attribute node['jce_policy']['oracle']['accept_oracle_download_terms'] to true if you want to download directly from the oracle site!")
+end
+
+package 'unzip' do
+ action :install
+end
+
+bash "install_jce_policy#{node['java']['jdk_version']}" do
+ code <<-EOC
+ unzip #{downloaded_file} -d #{Chef::Config[:file_cache_path]}
+ mv #{node['java']['java_home']}/jre/lib/security/US_export_policy.jar \\
+ #{node['java']['java_home']}/jre/lib/security/US_export_policy.jar.dist
+ mv #{node['java']['java_home']}/jre/lib/security/local_policy.jar \\
+ #{node['java']['java_home']}/jre/lib/security/local_policy.jar.dist
+ cp #{Chef::Config[:file_cache_path]}/#{unzipped_dir}/*.jar \\
+ #{node['java']['java_home']}/jre/lib/security
+ EOC
+ creates "#{node['java']['java_home']}/jre/lib/security/US_export_policy.jar.dist"
+end
+
run_list(
'role[nameservice-client-grid]',
- 'role[hadoop]'
+ 'role[hadoop]',
+ 'role[jce_policy]'
)
#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
run_list(
'role[nameservice-master]',
- 'role[hadoop]'
+ 'role[hadoop]',
+ 'role[jce_policy]'
)
#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
--- /dev/null
+name 'jce_policy'
+description 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'
+
+run_list(
+ 'recipe[jce_policy]'
+)
+
+#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
+
+default_attributes(
+# 'java' => {
+# 'jdk_verison' => '6',
+# 'java_home' => '/usr/lib/jvm/java'
+# },
+ 'jce_policy' => {
+# '6' => {
+# 'url' => 'http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip'
+# },
+# '7' => {
+# 'url' => 'http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip'
+# },
+ 'oracle' => {
+ 'accept_oracle_download_terms' => true
+ }
+ }
+)
+
+#override_attributes(
+#)