This is an automated email from the ASF dual-hosted git repository.
hapylestat pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 17dc5fd AMBARI-25332. Kerberos keytab regeneration working slow
(dgrinenko) (#3120)
17dc5fd is described below
commit 17dc5fd5610e0037e197934ceb27b61e087c8d57
Author: Dmytro Grinenko
AuthorDate: Fri Nov 8 12:54:42 2019 +0200
AMBARI-25332. Kerberos keytab regeneration working slow (dgrinenko) (#3120)
---
.../ambari/server/configuration/Configuration.java | 19 ++-
.../ambari/server/controller/KerberosHelper.java | 60 ---
.../server/controller/KerberosHelperImpl.java | 83 +++--
.../HostKerberosIdentityResourceProvider.java | 11 +-
.../ambari/server/orm/dao/KerberosKeytabDAO.java | 14 +-
.../server/orm/dao/KerberosKeytabPrincipalDAO.java | 22 ++-
.../server/orm/dao/KerberosPrincipalDAO.java | 6 +-
.../server/orm/entities/KerberosKeytabEntity.java | 7 +-
.../entities/KerberosKeytabPrincipalEntity.java| 30 +++-
.../ConfigureAmbariIdentitiesServerAction.java | 37 ++--
.../kerberos/CreateKeytabFilesServerAction.java| 190 +++--
.../kerberos/CreatePrincipalsServerAction.java | 63 ---
.../kerberos/FinalizeKerberosServerAction.java | 17 +-
.../kerberos/KerberosServerAction.java | 69 +++-
.../stageutils/KerberosKeytabController.java | 40 -
.../server/controller/KerberosHelperTest.java | 18 +-
.../HostKerberosIdentityResourceProviderTest.java | 18 +-
.../ConfigureAmbariIdentitiesServerActionTest.java | 13 +-
18 files changed, 530 insertions(+), 187 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 6b0e383..87549a8 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -2616,6 +2616,13 @@ public class Configuration {
public static final ConfigurationProperty
KERBEROS_SERVER_ACTION_FINALIZE_SECONDS = new ConfigurationProperty<>(
"server.kerberos.finalize.timeout", 600);
+ /**
+ * The number of threads to use when executing server-side Kerberos
commands, such as generate keytabs.
+ */
+ @Markdown(description = "The number of threads to use when executing
server-side Kerberos commands, such as generate keytabs.")
+ public static final ConfigurationProperty
KERBEROS_SERVER_ACTION_THREADPOOL_SIZE = new ConfigurationProperty<>(
+"server.kerberos.action.threadpool.size", 1);
+
private static final Logger LOG = LoggerFactory.getLogger(
Configuration.class);
@@ -3041,7 +3048,7 @@ public class Configuration {
writeConfigFile(existingProperties, false);
// reloading properties
-this.properties = readConfigFile();
+properties = readConfigFile();
}
/**
@@ -5569,6 +5576,16 @@ public class Configuration {
}
/**
+ * Gets the number of threads to use when executing server-side Kerberos
+ * commands, such as generate keytabs.
+ *
+ * @return the threadpool size, defaulting to 1
+ */
+ public int getKerberosServerActionThreadpoolSize() {
+return
Integer.parseInt(getProperty(KERBEROS_SERVER_ACTION_THREADPOOL_SIZE));
+ }
+
+ /**
* Get the timeout, in seconds, when finalizing Kerberos
* enable/disable/regenerate commands.
*
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 3c4d6b2..5f84968 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -704,32 +704,52 @@ public interface KerberosHelper {
Map>
getIdentityConfigurations(List identityDescriptors);
/**
- * Returns the active identities for the named cluster. Results are
filtered by host, service,
- * and/or component; and grouped by host.
+ * Returns the active identities for the named cluster. Results are filtered
+ * by host, service, and/or component; and grouped by host.
*
- * The cluster name is mandatory; however the active identities may be
filtered by one or more of
- * host, service, or component. A null value for any of these
filters indicates no
- * filter for that parameter.
+ * The cluster name is mandatory; however the active identities may be
+ * filtered by one or more of host, service, or component. A
null
+ * value for any of these filters indicates no filter for that parameter.
*
- * The return values are grouped by host and optionally _HOST
in