From 953ad5beb8a5f768753a2571148d75191f441ae0 Mon Sep 17 00:00:00 2001
From: Alex Newman <posix4e@gmail.com>
Date: Fri, 9 Aug 2013 15:30:23 -0700
Subject: [PATCH] A small set of fixes 	/'s security mode should be 0775 not
 0774 so users can access subdirs 	Indenting was weird on the ports 
 Correcting the file which is updated on namenode initialization

---
 hadoop/roles/common/templates/iptables.j2     | 39 +++++++++----------
 .../tasks/hadoop_master_no_ha.yml             |  2 +-
 2 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/hadoop/roles/common/templates/iptables.j2 b/hadoop/roles/common/templates/iptables.j2
index f9814fc..7e80bf6 100644
--- a/hadoop/roles/common/templates/iptables.j2
+++ b/hadoop/roles/common/templates/iptables.j2
@@ -5,29 +5,31 @@
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 {% if 'hadoop_masters' in group_names %}
--A INPUT -p tcp  --dport {{ hadoop['fs_default_FS_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['dfs_namenode_http_address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['mapred_job_tracker_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['mapred_job_tracker_http_address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['mapred_ha_jobtracker_rpc-address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['mapred_ha_zkfc_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['dfs_ha_zkfc_port'] }} -j  ACCEPT
-
+-A INPUT -p tcp --dport {{ hadoop['fs_default_FS_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['dfs_namenode_http_address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_port'] }} -j  ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_http_address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['mapred_ha_jobtracker_rpc-address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['mapred_ha_zkfc_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['dfs_ha_zkfc_port'] }} -j ACCEPT
 {% endif %}
+
 {% if 'hadoop_slaves' in group_names %}
--A INPUT -p tcp  --dport {{ hadoop['dfs_datanode_address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['dfs_datanode_http_address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['dfs_datanode_ipc_address_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['mapred_task_tracker_http_address_port'] }} -j  ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_http_address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_ipc_address_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['mapred_task_tracker_http_address_port'] }} -j ACCEPT
 {% endif %}
+
 {% if 'qjournal_servers' in group_names %}
--A INPUT -p tcp  --dport {{ hadoop['qjournal_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['qjournal_http_port'] }} -j  ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['qjournal_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['qjournal_http_port'] }} -j ACCEPT
 {% endif %}
+
 {% if 'zookeeper_servers' in group_names %}
--A INPUT -p tcp  --dport {{ hadoop['zookeeper_clientport'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['zookeeper_leader_port'] }} -j  ACCEPT
--A INPUT -p tcp  --dport {{ hadoop['zookeeper_election_port'] }} -j  ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['zookeeper_clientport'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['zookeeper_leader_port'] }} -j ACCEPT
+-A INPUT -p tcp --dport {{ hadoop['zookeeper_election_port'] }} -j ACCEPT
 {% endif %}
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
@@ -36,6 +38,3 @@
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
-
-
-
diff --git a/hadoop/roles/hadoop_primary/tasks/hadoop_master_no_ha.yml b/hadoop/roles/hadoop_primary/tasks/hadoop_master_no_ha.yml
index 3508c92..943bfaf 100644
--- a/hadoop/roles/hadoop_primary/tasks/hadoop_master_no_ha.yml
+++ b/hadoop/roles/hadoop_primary/tasks/hadoop_master_no_ha.yml
@@ -32,7 +32,7 @@
   service: name=hadoop-hdfs-namenode state=started
 
 - name: Give permissions for mapred users
-  shell: creates=/usr/lib/hadoop/fs.initialized su - hdfs -c "hadoop fs -chown hdfs:hadoop /"; su - hdfs -c "hadoop fs -chmod 0774 /"; touch /usr/lib/hadoop/namenode.initialized
+  shell: creates=/usr/lib/hadoop/namenode.initialized su - hdfs -c "hadoop fs -chown hdfs:hadoop /"; su - hdfs -c "hadoop fs -chmod 0775 /"; touch /usr/lib/hadoop/namenode.initialized
 
 - name: start hadoop jobtracker services
   service: name=hadoop-0.20-mapreduce-jobtracker state=started