added dynamic authentication (apache#38)

Author: jlopezmalla

DockerfileHistory

@@ -7,6 +7,7 @@ RUN yum -y update \
     && yum -y install java-1.8.0-openjdk curl wget\
     && yum -y clean all \
     && wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 \
+    && curl -o /root/kms_utils-0.2.1.sh http://sodio.stratio.com/repository/paas/kms_utils/0.2.1/kms_utils-0.2.1.sh \
     && mv jq-linux64 /usr/local/bin/jq \
     && chmod 755 /usr/local/bin/jq \
     && ln -s /usr/local/bin/jq /usr/bin/ \
@@ -18,7 +19,6 @@ COPY dist /opt/sds/spark
 
 COPY docker/historyServer/entrypoint.sh /
 COPY docker/historyServer/commons.sh /
-COPY docker/historyServer/kms_utils.sh /
 
 ENTRYPOINT ["/usr/local/bin/dumb-init", "/entrypoint.sh"]
 

docker/historyServer/entrypoint.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
-source kms_utils.sh
+source /root/kms_utils-0.2.1.sh
+
 source commons.sh
 
 # Create krb5.conf file
@@ -28,10 +29,14 @@ EOM
 function main() {
    HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL=${HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL:=${auth_to_local_value}}
    VAULT_PORT=${VAULT_PORT:=8200}
-   VAULT_TOKEN=${VAULT_TOKEN:=1111111-2222-3333-4444-5555555555555}
+   VAULT_HOSTS=$VAULT_HOST
+   SERVICE_ID=$APP_NAME
+   INSTANCE=$APP_NAME
+   VAULT_URI="$VAULT_PROTOCOL://$VAULT_HOSTS:$VAULT_PORT"
+
    SPARK_HOME=/opt/sds/spark
    FQDN=${HISTORY_SERVER_FQDN:="history-server"}
-   INSTANCE=${HISTORY_SERVER_FQDN:=$FQDN}
+   INSTANCE=${HISTORY_SERVER_FQDN:="history-server"}
 
    mkdir -p $HADOOP_CONF_DIR
 
@@ -47,14 +52,19 @@ function main() {
 
    if [[ "$HDFS_KRB_ENABLE" == "true" ]]
    then
-   SPARK_KEYTAB_PATH="/etc/sds/spark/security"
-   getKrb userland $INSTANCE $FQDN "$SPARK_KEYTAB_PATH" HISTORY_SERVER_PRINCIPAL_NAME
 
-   generate_krb-conf "${KERBEROS_REALM}" "${KERBEROS_KDC_HOST}" "${KERBEROS_KADMIN_HOST}"
-   mv "/tmp/krb5.conf.tmp" "/etc/krb5.conf"
-   SPARK_HISTORY_OPTS="-Dspark.history.kerberos.principal=${HISTORY_SERVER_PRINCIPAL_NAME} -Dspark.history.kerberos.keytab=${SPARK_KEYTAB_PATH}/${FQDN}.keytab -Dspark.history.kerberos.enabled=true ${SPARK_HISTORY_OPTS}"
+     if [ ! -z "$VAULT_ROLE_ID" ]; then
+       echo "Vault role id proved, signing in"
+       login
+     fi
+     SPARK_KEYTAB_PATH="/etc/sds/spark/security"
+     getKrb userland $INSTANCE $FQDN "$SPARK_KEYTAB_PATH" HISTORY_SERVER_PRINCIPAL_NAME
+
+     generate_krb-conf "${KERBEROS_REALM}" "${KERBEROS_KDC_HOST}" "${KERBEROS_KADMIN_HOST}"
+     mv "/tmp/krb5.conf.tmp" "/etc/krb5.conf"
+     SPARK_HISTORY_OPTS="-Dspark.history.kerberos.principal=${HISTORY_SERVER_PRINCIPAL_NAME} -Dspark.history.kerberos.keytab=${SPARK_KEYTAB_PATH}/${FQDN}.keytab -Dspark.history.kerberos.enabled=true ${SPARK_HISTORY_OPTS}"
    else
-	echo 'HDFS SECURITY IS NOT ENABLE'
+	 echo 'HDFS SECURITY IS NOT ENABLE'
    fi
 
    generate_core-site "${HDFS_FS_DEFAULTFS}" "${HDFS_HADOOP_SECURITY_AUTHORIZATION}" "${HDFS_HADOOP_SECURITY_AUTHENTICATION}" "${HDFS_HADOOP_SECURITY_AUTH_TO_LOCAL}"