Repository: ambari Updated Branches: refs/heads/trunk 65369f908 -> ba610b5cf
AMBARI-15805. Provide backward compatibility for kdc_host in krb5-conf for krb5.conf templates (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ba610b5c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ba610b5c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ba610b5c Branch: refs/heads/trunk Commit: ba610b5cf927af306cb79807b7ff4ea8700e7f78 Parents: 65369f9 Author: Robert Levas <[email protected]> Authored: Tue Apr 12 11:57:12 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Tue Apr 12 11:59:17 2016 -0400 ---------------------------------------------------------------------- .../KERBEROS/1.10.3-10/package/scripts/params.py | 9 +++++++++ .../stacks/2.2/KERBEROS/test_kerberos_client.py | 18 ++++++++++++++++++ .../test/python/stacks/2.2/KERBEROS/use_cases.py | 15 +++++++-------- 3 files changed, 34 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ba610b5c/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py index d57b2a1..906d521 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py @@ -145,6 +145,15 @@ if config is not None: manage_krb5_conf = get_property_value(krb5_conf_data, 'manage_krb5_conf', "true") + # For backward compatibility, ensure that kdc_host exists. This may be needed if the krb5.conf + # template in krb5-conf/content had not be updated during the Ambari upgrade to 2.4.0 - which + # will happen if the template was altered from its stack-default value. + kdc_host_parts = kdc_hosts.split(',') + if kdc_host_parts: + kdc_host = kdc_host_parts[0] + else: + kdc_host = kdc_hosts + # ############################################################################################## # Get kdc.conf template data # ############################################################################################## http://git-wip-us.apache.org/repos/asf/ambari/blob/ba610b5c/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py index 0c52e73..444fae6 100644 --- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py +++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py @@ -356,3 +356,21 @@ class TestKerberosClient(RMFTestCase): action=['delete']) self.assertResourceCalled('File', "/etc/security/keytabs/smokeuser.headless.keytab", action=['delete']) + + def test_kdc_host_backwards_compatibility(self): + json_data = use_cases.get_unmanged_kdc_use_case() + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kerberos_client.py", + classname="KerberosClient", + command="configure", + config_dict=json_data, + stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + + # The kdc_hosts is expected to be taken from the JSON configuration data as-is + self.assertEquals('c6401.ambari.apache.org, c6402.ambari.apache.org', sys.modules['params'].kdc_hosts) + + # The kdc_host is expected to generated using kdc_hosts, but only the first host is used since + # previous versions only knew how to handle a single KDC host + self.assertEquals('c6401.ambari.apache.org', sys.modules['params'].kdc_host) http://git-wip-us.apache.org/repos/asf/ambari/blob/ba610b5c/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py index aab01ad..17d9f88 100644 --- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py +++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py @@ -82,14 +82,14 @@ def get_manged_kdc_use_case(): json_data['clusterHostInfo']['kdc_server_hosts'] = ['c6401.ambari.apache.org'] json_data['configurations']['kerberos-env'] = { 'kdc_type': 'mit-kdc', - 'kdc_hosts': 'c6401.ambari.apache.org, c6402.ambari.apache.org' + 'kdc_hosts': 'c6401.ambari.apache.org, c6402.ambari.apache.org', + 'encryption_types' : 'aes256-cts-hmac-sha1-96' } json_data['configurations']['krb5-conf'] = { 'realm': 'MANAGED_REALM.COM', 'admin_principal': "admin/admin", 'admin_password': "hadoop" } - json_data['configurations']['kerberos-env'] = { 'encryption_types' : 'aes256-cts-hmac-sha1-96'} return json_data @@ -101,7 +101,8 @@ def get_unmanged_kdc_use_case(): json_data['configurations']['kerberos-env'] = { 'kdc_hosts': 'c6401.ambari.apache.org, c6402.ambari.apache.org', - 'kdc_type': 'mit-kdc' + 'kdc_type': 'mit-kdc', + 'encryption_types' : 'aes256-cts-hmac-sha1-96' } json_data['configurations']['krb5-conf'] = { 'conf_dir': '/tmp', @@ -117,8 +118,6 @@ def get_unmanged_kdc_use_case(): json_data['configurations']['kadm5-acl'] = { 'content': kadm5_acl_template } - json_data['configurations']['kerberos-env'] = { 'encryption_types' : 'aes256-cts-hmac-sha1-96'} - return json_data @@ -150,6 +149,7 @@ def get_unmanged_ad_use_case(): json_data['configurations']['kerberos-env'] = { 'kdc_hosts': 'c6401.ambari.apache.org, c6402.ambari.apache.org', 'kdc_type': 'active-directory', + 'encryption_types' : 'aes256-cts-hmac-sha1-96' } json_data['configurations']['krb5-conf'] = { 'conf_dir': '/tmp', @@ -165,7 +165,6 @@ def get_unmanged_ad_use_case(): json_data['configurations']['kadm5-acl'] = { 'content': kadm5_acl_template } - json_data['configurations']['kerberos-env'] = { 'encryption_types' : 'aes256-cts-hmac-sha1-96'} return json_data def get_cross_realm_use_case(): @@ -182,7 +181,8 @@ def get_cross_realm_use_case(): json_data['clusterHostInfo']['kdc_server_hosts'] = ['c6401.ambari.apache.org'] json_data['configurations']['kerberos-env'] = { 'kdc_hosts': 'c6401.ambari.apache.org, c6402.ambari.apache.org', - 'kdc_type': 'mit-kdc' + 'kdc_type': 'mit-kdc', + 'encryption_types' : 'aes256-cts-hmac-sha1-96' } json_data['configurations']['krb5-conf'] = { 'content': _krb5_conf_template, @@ -196,7 +196,6 @@ def get_cross_realm_use_case(): json_data['configurations']['kadm5-acl'] = { 'content': kadm5_acl_template } - json_data['configurations']['kerberos-env'] = { 'encryption_types' : 'aes256-cts-hmac-sha1-96'} return json_data def get_value(dictionary, path, nullValue=None):
