Repository: ambari Updated Branches: refs/heads/branch-2.2 fc970cec9 -> 52c969e42
AMBARI-14409. Blueprints Kerberos deployments fail intermittently due to invalid keytabs. (Sandor Magyari via rnettleton) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/52c969e4 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/52c969e4 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/52c969e4 Branch: refs/heads/branch-2.2 Commit: 52c969e422926834fbf8d55268e3ea53f3f026c5 Parents: fc970ce Author: Bob Nettleton <[email protected]> Authored: Tue Dec 22 17:09:53 2015 -0500 Committer: Bob Nettleton <[email protected]> Committed: Tue Dec 22 17:10:10 2015 -0500 ---------------------------------------------------------------------- .../server/controller/KerberosHelperImpl.java | 21 +++++++++++++++++++- .../topology/ClusterConfigurationRequest.java | 4 ++++ .../server/controller/KerberosHelperTest.java | 6 +++++- .../ClusterConfigurationRequestTest.java | 7 +++++-- 4 files changed, 34 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/52c969e4/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java index a12c1af..275bf84 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java @@ -381,10 +381,20 @@ public class KerberosHelperImpl implements KerberosHelper { Map<String, String> kerberosDescriptorProperties = kerberosDescriptor.getProperties(); Map<String, Map<String, String>> configurations = addAdditionalConfigurations(cluster, - deepCopy(existingConfigurations), null, kerberosDescriptorProperties); + deepCopy(existingConfigurations), null, kerberosDescriptorProperties); Map<String, String> kerberosConfiguration = kerberosDetails.getKerberosEnvProperties(); KerberosOperationHandler kerberosOperationHandler = kerberosOperationHandlerFactory.getKerberosOperationHandler(kerberosDetails.getKdcType()); + PrincipalKeyCredential administratorCredential = getKDCAdministratorCredentials(cluster.getClusterName()); + + try { + kerberosOperationHandler.open(administratorCredential, kerberosDetails.getDefaultRealm(), kerberosConfiguration); + } catch (KerberosOperationException e) { + String message = String.format("Failed to process the identities, could not properly open the KDC operation handler: %s", + e.getMessage()); + LOG.error(message); + throw new AmbariException(message, e); + } for (String serviceName : services) { // Set properties... @@ -415,6 +425,15 @@ public class KerberosHelperImpl implements KerberosHelper { } } } + + // The KerberosOperationHandler needs to be closed, if it fails to close ignore the + // exception since there is little we can or care to do about it now. + try { + kerberosOperationHandler.close(); + } catch (KerberosOperationException e) { + // Ignore this... + } + } return true; http://git-wip-us.apache.org/repos/asf/ambari/blob/52c969e4/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java index 6e8b8a3..c662e28 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java @@ -110,6 +110,10 @@ public class ClusterConfigurationRequest { Configuration clusterConfiguration = clusterTopology.getConfiguration(); try { + AmbariContext.getController().getKerberosHelper() + .ensureHeadlessIdentities(cluster, clusterConfiguration.getFullProperties(), + new HashSet<String>(blueprint.getServices())); + Map<String, Map<String, String>> updatedConfigs = AmbariContext.getController().getKerberosHelper() .getServiceConfigurationUpdates(cluster, clusterConfiguration.getFullProperties(), new HashSet<String>(blueprint.getServices())); http://git-wip-us.apache.org/repos/asf/ambari/blob/52c969e4/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 29949a4..6b7ec6f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -2401,7 +2401,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(cluster.getDesiredConfigByType("kerberos-env")).andReturn(configKerberosEnv).times(1); expect(cluster.getSecurityType()).andReturn(SecurityType.KERBEROS).times(1); expect(cluster.getCurrentStackVersion()).andReturn(new StackId("HDP", "2.2")).times(1); - expect(cluster.getClusterName()).andReturn("c1").times(2); + expect(cluster.getClusterName()).andReturn("c1").times(4); expect(cluster.getHosts()).andReturn(Arrays.asList(host1, host2, host3)).times(1); expect(cluster.getServices()).andReturn(servicesMap).times(1); @@ -2491,6 +2491,10 @@ public class KerberosHelperTest extends EasyMockSupport { AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); ambariMetaInfo.init(); + CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class); + credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, + new PrincipalKeyCredential("principal", "password"), CredentialStoreType.TEMPORARY); + KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); kerberosHelper.ensureHeadlessIdentities(cluster, existingConfigurations, services); http://git-wip-us.apache.org/repos/asf/ambari/blob/52c969e4/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java b/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java index df32684..93f4de6 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java @@ -125,7 +125,7 @@ public class ClusterConfigurationRequestTest { expectLastCall().andReturn(controller).anyTimes(); expect(controller.getClusters()).andReturn(clusters).anyTimes(); - expect(controller.getKerberosHelper()).andReturn(kerberosHelper).once(); + expect(controller.getKerberosHelper()).andReturn(kerberosHelper).times(2); expect(clusters.getCluster("testCluster")).andReturn(cluster).anyTimes(); @@ -154,8 +154,11 @@ public class ClusterConfigurationRequestTest { Map<String, String> properties = new HashMap<>(); properties.put("testPorperty", "testValue"); kerberosConfig.put("testConfigType", properties); + expect(kerberosHelper.ensureHeadlessIdentities(anyObject(Cluster.class), anyObject(Map.class), anyObject + (Set.class))).andReturn(true).once(); expect(kerberosHelper.getServiceConfigurationUpdates(anyObject(Cluster.class), anyObject(Map.class), anyObject - (Set.class))).andReturn(kerberosConfig).anyTimes(); + (Set.class))).andReturn(kerberosConfig).once(); + PowerMock.replay(stack, blueprint, topology, controller, clusters, kerberosHelper, ambariContext, AmbariContext
