AMBARI-11396. Kerberos: UI shows Kerberize Cluster step as failed with a retry button, but the backend keeps moving forward to Kerberize the cluster (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e3acc7f0 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e3acc7f0 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e3acc7f0 Branch: refs/heads/trunk Commit: e3acc7f06ab42bdfa84d59880d7f6c76f78277fc Parents: 7e88541 Author: Robert Levas <[email protected]> Authored: Fri May 29 19:45:55 2015 -0400 Committer: Robert Levas <[email protected]> Committed: Fri May 29 19:48:15 2015 -0400 ---------------------------------------------------------------------- .../ambari/server/agent/HeartBeatHandler.java | 103 +- .../server/controller/ControllerModule.java | 1 + .../server/controller/KerberosHelper.java | 2844 +----------------- .../server/controller/KerberosHelperImpl.java | 2811 +++++++++++++++++ .../AbstractPrepareKerberosServerAction.java | 192 ++ .../kerberos/CreateKeytabFilesServerAction.java | 10 +- .../kerberos/KerberosServerAction.java | 9 + .../PrepareDisableKerberosServerAction.java | 250 ++ .../PrepareEnableKerberosServerAction.java | 183 ++ .../PrepareKerberosIdentitiesServerAction.java | 111 + .../org/apache/ambari/server/state/Cluster.java | 11 + .../server/state/cluster/ClusterImpl.java | 24 + .../server/controller/KerberosHelperTest.java | 650 ++-- .../server/state/cluster/ClusterTest.java | 74 + 14 files changed, 4003 insertions(+), 3270 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/e3acc7f0/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java index 2474c3d..d5847fc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java @@ -1095,75 +1095,78 @@ public class HeartBeatHandler { * @throws AmbariException */ void injectKeytab(ExecutionCommand ec, String command, String targetHost) throws AmbariException { - List<Map<String, String>> kcp = ec.getKerberosCommandParams(); String dataDir = ec.getCommandParams().get(KerberosServerAction.DATA_DIRECTORY); - KerberosIdentityDataFileReader reader = null; - try { - reader = kerberosIdentityDataFileReaderFactory.createKerberosIdentityDataFileReader(new File(dataDir, KerberosIdentityDataFileReader.DATA_FILE_NAME)); + if(dataDir != null) { + KerberosIdentityDataFileReader reader = null; + List<Map<String, String>> kcp = ec.getKerberosCommandParams(); + + try { + reader = kerberosIdentityDataFileReaderFactory.createKerberosIdentityDataFileReader(new File(dataDir, KerberosIdentityDataFileReader.DATA_FILE_NAME)); - for (Map<String, String> record : reader) { - String hostName = record.get(KerberosIdentityDataFileReader.HOSTNAME); + for (Map<String, String> record : reader) { + String hostName = record.get(KerberosIdentityDataFileReader.HOSTNAME); - if (targetHost.equalsIgnoreCase(hostName)) { + if (targetHost.equalsIgnoreCase(hostName)) { - if ("SET_KEYTAB".equalsIgnoreCase(command)) { - String keytabFilePath = record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH); + if ("SET_KEYTAB".equalsIgnoreCase(command)) { + String keytabFilePath = record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH); - if (keytabFilePath != null) { + if (keytabFilePath != null) { - String sha1Keytab = DigestUtils.sha1Hex(keytabFilePath); - File keytabFile = new File(dataDir + File.separator + hostName + File.separator + sha1Keytab); + String sha1Keytab = DigestUtils.sha1Hex(keytabFilePath); + File keytabFile = new File(dataDir + File.separator + hostName + File.separator + sha1Keytab); - if (keytabFile.canRead()) { - Map<String, String> keytabMap = new HashMap<String, String>(); - String principal = record.get(KerberosIdentityDataFileReader.PRINCIPAL); - String isService = record.get(KerberosIdentityDataFileReader.SERVICE); + if (keytabFile.canRead()) { + Map<String, String> keytabMap = new HashMap<String, String>(); + String principal = record.get(KerberosIdentityDataFileReader.PRINCIPAL); + String isService = record.get(KerberosIdentityDataFileReader.SERVICE); - keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName); - keytabMap.put(KerberosIdentityDataFileReader.SERVICE, isService); - keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT)); - keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, principal); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, keytabFilePath); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME)); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS)); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME)); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS)); + keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName); + keytabMap.put(KerberosIdentityDataFileReader.SERVICE, isService); + keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT)); + keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, principal); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, keytabFilePath); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME)); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS)); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME)); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS)); - BufferedInputStream bufferedIn = new BufferedInputStream(new FileInputStream(keytabFile)); - byte[] keytabContent = IOUtils.toByteArray(bufferedIn); - String keytabContentBase64 = Base64.encodeBase64String(keytabContent); - keytabMap.put(KerberosServerAction.KEYTAB_CONTENT_BASE64, keytabContentBase64); + BufferedInputStream bufferedIn = new BufferedInputStream(new FileInputStream(keytabFile)); + byte[] keytabContent = IOUtils.toByteArray(bufferedIn); + String keytabContentBase64 = Base64.encodeBase64String(keytabContent); + keytabMap.put(KerberosServerAction.KEYTAB_CONTENT_BASE64, keytabContentBase64); - kcp.add(keytabMap); + kcp.add(keytabMap); + } } - } - } else if ("REMOVE_KEYTAB".equalsIgnoreCase(command)) { - Map<String, String> keytabMap = new HashMap<String, String>(); + } else if ("REMOVE_KEYTAB".equalsIgnoreCase(command)) { + Map<String, String> keytabMap = new HashMap<String, String>(); - keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName); - keytabMap.put(KerberosIdentityDataFileReader.SERVICE, record.get(KerberosIdentityDataFileReader.SERVICE)); - keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT)); - keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, record.get(KerberosIdentityDataFileReader.PRINCIPAL)); - keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH)); + keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName); + keytabMap.put(KerberosIdentityDataFileReader.SERVICE, record.get(KerberosIdentityDataFileReader.SERVICE)); + keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT)); + keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, record.get(KerberosIdentityDataFileReader.PRINCIPAL)); + keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH)); - kcp.add(keytabMap); + kcp.add(keytabMap); + } } } - } - } catch (IOException e) { - throw new AmbariException("Could not inject keytabs to enable kerberos"); - } finally { - if (reader != null) { - try { - reader.close(); - } catch (Throwable t) { - // ignored + } catch (IOException e) { + throw new AmbariException("Could not inject keytabs to enable kerberos"); + } finally { + if (reader != null) { + try { + reader.close(); + } catch (Throwable t) { + // ignored + } } } - } - ec.setKerberosCommandParams(kcp); + ec.setKerberosCommandParams(kcp); + } } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/e3acc7f0/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java index 72c33bd..ac651ce 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java @@ -284,6 +284,7 @@ public class ControllerModule extends AbstractModule { bind(KerberosOperationHandlerFactory.class); bind(KerberosDescriptorFactory.class); bind(KerberosServiceDescriptorFactory.class); + bind(KerberosHelper.class).to(KerberosHelperImpl.class); bind(Configuration.class).toInstance(configuration); bind(OsFamily.class).toInstance(os_family);
