Repository: ambari Updated Branches: refs/heads/branch-2.4 4eb3c4f99 -> aaf267b11 refs/heads/trunk b55e8fc72 -> 851a5d2e0
AMBARI-18026 : Restart of plugin enabled services fails in secured env with Ranger HA.(gautam) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/851a5d2e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/851a5d2e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/851a5d2e Branch: refs/heads/trunk Commit: 851a5d2e0a526ead09d2aff393614eb8ecf69c9c Parents: b55e8fc Author: Gautam Borad <[email protected]> Authored: Thu Aug 4 20:15:15 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Fri Aug 5 12:10:08 2016 +0530 ---------------------------------------------------------------------- .../libraries/functions/ranger_functions_v2.py | 41 ++++++++++++++++++-- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 5 ++- 2 files changed, 42 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/851a5d2e/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py index 5c3a3bb..6a236fb 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py @@ -144,12 +144,15 @@ class RangeradminV2: repo_data = json.dumps(repo_properties) while retryCount <= 5: response = self.get_repository_by_name_curl(component_user,component_user_keytab,component_user_principal,repo_name, component, 'true') - if response is not None: + if response is not None and ('exists' in str(response).lower() or 'name' in str(response).lower()): Logger.info('{0} Repository {1} exist'.format(component.title(), (response['name']))) break + elif response is not None and 'error' in str(response).lower(): + Logger.error('Ranger service get failed.') + break else: response = self.create_repository_curl(component_user,component_user_keytab,component_user_principal,repo_name, repo_data,policy_user) - if response and len(response) > 0: + if response is not None and len(response) > 0: Logger.info('{0} Repository created in Ranger admin'.format(component.title())) break else: @@ -330,7 +333,7 @@ class RangeradminV2: - @safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=None) + @safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail='error') def get_repository_by_name_curl(self, component_user, component_user_keytab, component_user_principal, name, component, status, is_keyadmin = False): """ :param component_user: service user for which call is to be made @@ -347,6 +350,22 @@ class RangeradminV2: if is_keyadmin: search_repo_url = '{0}&suser=keyadmin'.format(search_repo_url) response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,search_repo_url,False,request_method='GET') + if ('http' in response.lower() and ('401' in response.lower() and ('authentication failed' in response.lower() or 'unauthorized' in response.lower()))): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 401.') + elif ('http' in response.lower() and ('400' in response.lower() or 'bad request' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 400.') + elif ('http' in response.lower() and ('403' in response.lower() or 'forbidden' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 403.') + elif ('http' in response.lower() and ('404' in response.lower() or 'not found' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 404.') + elif ('http' in response.lower() and ('419' in response.lower() or 'session expired' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 419.') + elif ('http' in response.lower() and ('500' in response.lower() or 'server error' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 500.') + elif ('http' in response.lower() and ('307' in response.lower() or 'forbidden' in response.lower())): + raise Fail('Ranger get call Error: HTTP RESPONSE CODE 307.') + elif 'exists' in response.lower(): + return response response_stripped = response[1:len(response) - 1] if response_stripped and len(response_stripped) > 0: response_json = json.loads(response_stripped) @@ -379,6 +398,22 @@ class RangeradminV2: method = 'POST' response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,search_repo_url,False,method,data,header) + if ('http' in response.lower() and ('401' in response.lower() and ('authentication failed' in response.lower() or 'unauthorized' in response.lower()))): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 401.') + elif ('http' in response.lower() and ('400' in response.lower() or 'bad request' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 400.') + elif ('http' in response.lower() and ('403' in response.lower() or 'forbidden' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 403.') + elif ('http' in response.lower() and ('404' in response.lower() or 'not found' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 404.') + elif ('http' in response.lower() and ('419' in response.lower() or 'session expired' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 419.') + elif ('http' in response.lower() and ('500' in response.lower() or 'server error' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 500.') + elif ('http' in response.lower() and ('307' in response.lower() or 'forbidden' in response.lower())): + raise Fail('Ranger create call Error: HTTP RESPONSE CODE 307.') + elif 'exists' in response.lower(): + return response if response and len(response) > 0: response_json = json.loads(response) if 'name' in response_json and response_json['name'].lower() == name.lower(): http://git-wip-us.apache.org/repos/asf/ambari/blob/851a5d2e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index 0a8c7d3..ca2ef9f 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -577,9 +577,12 @@ def check_ranger_service_support_kerberos(user, keytab, principal): if response_code is not None and response_code[0] == 200: get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(user, keytab, principal, params.repo_name, 'kms', 'true', is_keyadmin = True) - if get_repo_name_response is not None: + if get_repo_name_response is not None and ('exist' in str(get_repo_name_response).lower() or 'name' in str(get_repo_name_response).lower()): Logger.info('KMS repository {0} exist'.format(get_repo_name_response['name'])) return True + elif get_repo_name_response is not None and 'error' in str(get_repo_name_response).lower(): + Logger.error('Ranger service get failed.') + return False else: create_repo_response = ranger_adm_obj.create_repository_curl(user, keytab, principal, params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None, is_keyadmin = True) if create_repo_response is not None and len(create_repo_response) > 0:
