This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 77b5319 [AMBARI-25088] Enable Kerberos fails when Ambari server is
not on a registered host
77b5319 is described below
commit 77b5319381fd083f4f9774581b1fad082bb71e4a
Author: Robert Levas <[email protected]>
AuthorDate: Thu Jan 3 15:09:02 2019 -0500
[AMBARI-25088] Enable Kerberos fails when Ambari server is not on a
registered host
---
.../ambari/server/controller/KerberosHelperImpl.java | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 9f6b17a..4f4763a 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -1763,6 +1763,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
} else {
Collection<String> hosts;
String ambariServerHostname = StageUtils.getHostName();
+ boolean ambariServerHostnameIsForced = false;
if (hostName == null) {
Map<String, Host> hostMap = clusters.getHostsForCluster(clusterName);
@@ -1777,6 +1778,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
extendedHosts.addAll(hosts);
extendedHosts.add(ambariServerHostname);
hosts = extendedHosts;
+ ambariServerHostnameIsForced = true;
}
} else {
hosts = Collections.singleton(hostName);
@@ -1788,14 +1790,14 @@ public class KerberosHelperImpl implements
KerberosHelper {
if (kerberosDescriptor != null) {
Set<String> existingServices = cluster.getServices().keySet();
- for (String hostname : hosts) {
+ for (String host : hosts) {
// Calculate the current host-specific configurations. These will
be used to replace
// variables within the Kerberos descriptor data
Map<String, Map<String, String>> configurations =
calculateConfigurations(cluster,
- hostname,
- kerberosDescriptor,
- false,
- false);
+ (ambariServerHostnameIsForced &&
ambariServerHostname.equals(host)) ? null : host,
+ kerberosDescriptor,
+ false,
+ false);
// Create the context to use for filtering Kerberos Identities
based on the state of the cluster
Map<String, Object> filterContext = new HashMap<>();
@@ -1804,10 +1806,10 @@ public class KerberosHelperImpl implements
KerberosHelper {
Map<String, KerberosIdentityDescriptor> hostActiveIdentities = new
HashMap<>();
- List<KerberosIdentityDescriptor> identities =
getActiveIdentities(cluster, hostname,
+ List<KerberosIdentityDescriptor> identities =
getActiveIdentities(cluster, host,
serviceName, componentName, kerberosDescriptor, filterContext);
- if (hostname.equals(ambariServerHostname)) {
+ if (host.equals(ambariServerHostname)) {
// Determine if we should _calculate_ the Ambari service
identities.
// If kerberos-env/create_ambari_principal is not set to false
the identity should be calculated.
if (createAmbariIdentities(kerberosEnvConfig.getProperties())) {
@@ -1836,7 +1838,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
}
if (replaceHostNames) {
- principal = principal.replace("_HOST", hostname);
+ principal = principal.replace("_HOST", host);
}
String uniqueKey = String.format("%s|%s", principal,
(keytabFile == null) ? "" : keytabFile);
@@ -1883,7 +1885,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
}
}
- activeIdentities.put(hostname, hostActiveIdentities.values());
+ activeIdentities.put(host, hostActiveIdentities.values());
}
}
}
