diff --git a/DeploymentCloud/Deployment.Common/scripts/msalmsiserver.py b/DeploymentCloud/Deployment.Common/scripts/msalmsiserver.py index 614d6fd2..e7ce3489 100644 --- a/DeploymentCloud/Deployment.Common/scripts/msalmsiserver.py +++ b/DeploymentCloud/Deployment.Common/scripts/msalmsiserver.py @@ -15,15 +15,15 @@ This script exposes a local http endpoint which the spark jobs can call to get t Note that since it's a local endpoint, it's accessible only from within the cluster and not from outside. Usage: -http://localhost:40382/managed/identity/oauth2/token?resource=&api-version=2018-11-01 +http://localhost:40381/managed/identity/oauth2/token?resource=&api-version=2018-11-01 Example: -curl -H "Metadata: true" -X GET "http://localhost:40382/managed/identity/oauth2/token?resource=https://vault.azure.net&api-version=2018-11-01" +curl -H "Metadata: true" -X GET "http://localhost:40381/managed/identity/oauth2/token?resource=https://vault.azure.net&api-version=2018-11-01" """ class Constants(object): loopback_address = '127.0.0.1' - server_port = 40382 + server_port = 40381 token_url_path = '/managed/identity/oauth2/token' header_metadata = 'Metadata' query_resource = 'resource' diff --git a/DeploymentCloud/Deployment.Common/scripts/msiserver.py b/DeploymentCloud/Deployment.Common/scripts/msiserver.py index 0a994926..291a8649 100644 --- a/DeploymentCloud/Deployment.Common/scripts/msiserver.py +++ b/DeploymentCloud/Deployment.Common/scripts/msiserver.py @@ -66,7 +66,7 @@ class ManagedIdentityHandler(BaseHTTPRequestHandler): def _acquire_token(self, resource): cluster_manifest = self._get_cluster_manifest() msi_settings = json.loads(cluster_manifest.settings['managedServiceIdentity']) -# assuming there is only 1 MSI associated with the cluster, get the first one + # assuming there is only 1 MSI associated with the cluster, get the first one msi_setting = list(msi_settings.values())[0] thumbprint = msi_setting['thumbprint'] diff --git a/DeploymentCloud/Deployment.Common/scripts/startmsalmsiserverservice.sh b/DeploymentCloud/Deployment.Common/scripts/startmsalmsiserverservice.sh new file mode 100644 index 00000000..88ff9fd0 --- /dev/null +++ b/DeploymentCloud/Deployment.Common/scripts/startmsalmsiserverservice.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +echo "Install Python Packages" +pip install msal + +echo "Remove the existing files if they exist" +sudo rm -f /usr/hdinsight/msalmsiserver.py +sudo rm -f /etc/systemd/system/msalmsiserverapp.service + +echo "Download the files from HDFS/Blob storage" +sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserver.py /usr/hdinsight/msalmsiserver.py +sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserverapp.service /etc/systemd/system/msalmsiserverapp.service + +echo "Change the permission of the file" +sudo chmod 644 /etc/systemd/system/msalmsiserverapp.service + +echo "Reload the systemd manager configuration to apply the changes" +sudo systemctl daemon-reload + +echo "Enable MSAL service to start on boot" +sudo systemctl enable msalmsiserverapp.service + +if sudo systemctl is-active --quiet msiserverapp.service; then + echo "ADAL service is running, ending it and starting MSAL service" + sudo systemctl stop msiserverapp.service + sudo systemctl start msalmsiserverapp.service +elif sudo systemctl is-active --quiet msalmsiserverapp.service; then + echo "MSAL service is already running, restarting it" + sudo systemctl restart msalmsiserverapp.service +else + echo "No service is running, starting MSAL service" + sudo systemctl start msalmsiserverapp.service +fi + +echo "Script execution completed" \ No newline at end of file diff --git a/DeploymentCloud/Deployment.Common/scripts/startmsiserverservice.sh b/DeploymentCloud/Deployment.Common/scripts/startmsiserverservice.sh index 182bf1d9..c8893c0b 100644 --- a/DeploymentCloud/Deployment.Common/scripts/startmsiserverservice.sh +++ b/DeploymentCloud/Deployment.Common/scripts/startmsiserverservice.sh @@ -1,35 +1,32 @@ #!/bin/bash -echo "Install Python Packages" -pip install msal - echo "Remove the existing files if they exist" sudo rm -f /usr/hdinsight/msiserver.py sudo rm -f /etc/systemd/system/msiserverapp.service -sudo rm -f /usr/hdinsight/msalmsiserver.py -sudo rm -f /etc/systemd/system/msalmsiserverapp.service - echo "Download the files from HDFS/Blob storage" sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msiserver.py /usr/hdinsight/msiserver.py sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msiserverapp.service /etc/systemd/system/msiserverapp.service -sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserver.py /usr/hdinsight/msalmsiserver.py -sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserverapp.service /etc/systemd/system/msalmsiserverapp.service - echo "Change the permission of the file" sudo chmod 644 /etc/systemd/system/msiserverapp.service -sudo chmod 644 /etc/systemd/system/msalmsiserverapp.service echo "Reload the systemd manager configuration to apply the changes" sudo systemctl daemon-reload -echo "Enable the service to start on boot" +echo "Enable ADAL service to start on boot" sudo systemctl enable msiserverapp.service -sudo systemctl enable msalmsiserverapp.service -echo "Start the service" -sudo systemctl start msiserverapp.service -sudo systemctl start msalmsiserverapp.service +if sudo systemctl is-active --quiet msalmsiserverapp.service; then + echo "MSAL service is running, ending it and starting ADAL service" + sudo systemctl stop msalmsiserverapp.service + sudo systemctl start msiserverapp.service +elif sudo systemctl is-active --quiet msiserverapp.service; then + echo "ADAL service is already running, restarting it" + sudo systemctl restart msiserverapp.service +else + echo "No service is running, starting ADAL service" + sudo systemctl start msiserverapp.service +fi echo "Script execution completed" \ No newline at end of file