Repository: ambari Updated Branches: refs/heads/trunk d804eb398 -> 232522483
AMBARI-14409. Blueprints Kerberos deployments fail intermittently due to invalid keytabs. (Sandor Magyari via rnettleton) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/23252248 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/23252248 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/23252248 Branch: refs/heads/trunk Commit: 232522483bb3445aabd0c2a5eec99dc789eda47a Parents: d804eb3 Author: Bob Nettleton <rnettle...@hortonworks.com> Authored: Fri Dec 18 13:21:33 2015 -0500 Committer: Bob Nettleton <rnettle...@hortonworks.com> Committed: Fri Dec 18 13:21:56 2015 -0500 ---------------------------------------------------------------------- .../server/controller/KerberosHelperImpl.java | 21 +++++++++++++++++++- .../kerberos/CreatePrincipalsServerAction.java | 2 ++ .../topology/ClusterConfigurationRequest.java | 4 ++++ .../server/controller/KerberosHelperTest.java | 6 +++++- .../ClusterConfigurationRequestTest.java | 7 +++++-- 5 files changed, 36 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/23252248/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java index bfa6701..a9f11f7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java @@ -382,10 +382,20 @@ public class KerberosHelperImpl implements KerberosHelper { Map<String, String> kerberosDescriptorProperties = kerberosDescriptor.getProperties(); Map<String, Map<String, String>> configurations = addAdditionalConfigurations(cluster, - deepCopy(existingConfigurations), null, kerberosDescriptorProperties); + deepCopy(existingConfigurations), null, kerberosDescriptorProperties); Map<String, String> kerberosConfiguration = kerberosDetails.getKerberosEnvProperties(); KerberosOperationHandler kerberosOperationHandler = kerberosOperationHandlerFactory.getKerberosOperationHandler(kerberosDetails.getKdcType()); + PrincipalKeyCredential administratorCredential = getKDCAdministratorCredentials(cluster.getClusterName()); + + try { + kerberosOperationHandler.open(administratorCredential, kerberosDetails.getDefaultRealm(), kerberosConfiguration); + } catch (KerberosOperationException e) { + String message = String.format("Failed to process the identities, could not properly open the KDC operation handler: %s", + e.getMessage()); + LOG.error(message); + throw new AmbariException(message, e); + } for (String serviceName : services) { // Set properties... @@ -416,6 +426,15 @@ public class KerberosHelperImpl implements KerberosHelper { } } } + + // The KerberosOperationHandler needs to be closed, if it fails to close ignore the + // exception since there is little we can or care to do about it now. + try { + kerberosOperationHandler.close(); + } catch (KerberosOperationException e) { + // Ignore this... + } + } return true; http://git-wip-us.apache.org/repos/asf/ambari/blob/23252248/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java index 83bf103..fdcc672 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java @@ -114,6 +114,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction { boolean regenerateKeytabs = "true".equalsIgnoreCase(getCommandParameterValue(getCommandParameters(), REGENERATE_ALL)); if (regenerateKeytabs || !kerberosPrincipalHostDAO.exists(evaluatedPrincipal)) { + Map<String, String> principalPasswordMap = getPrincipalPasswordMap(requestSharedDataContext); Map<String, Integer> principalKeyNumberMap = getPrincipalKeyNumberMap(requestSharedDataContext); @@ -201,6 +202,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction { if (keyNumber != null) { message = String.format("Successfully set password for %s", principal); LOG.debug(message); + result = new CreatePrincipalResult(principal, password, keyNumber); } else { message = String.format("Failed to set password for %s - unknown reason", principal); LOG.error(message); http://git-wip-us.apache.org/repos/asf/ambari/blob/23252248/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java index 6e8b8a3..c662e28 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java @@ -110,6 +110,10 @@ public class ClusterConfigurationRequest { Configuration clusterConfiguration = clusterTopology.getConfiguration(); try { + AmbariContext.getController().getKerberosHelper() + .ensureHeadlessIdentities(cluster, clusterConfiguration.getFullProperties(), + new HashSet<String>(blueprint.getServices())); + Map<String, Map<String, String>> updatedConfigs = AmbariContext.getController().getKerberosHelper() .getServiceConfigurationUpdates(cluster, clusterConfiguration.getFullProperties(), new HashSet<String>(blueprint.getServices())); http://git-wip-us.apache.org/repos/asf/ambari/blob/23252248/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 29949a4..6b7ec6f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -2401,7 +2401,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(cluster.getDesiredConfigByType("kerberos-env")).andReturn(configKerberosEnv).times(1); expect(cluster.getSecurityType()).andReturn(SecurityType.KERBEROS).times(1); expect(cluster.getCurrentStackVersion()).andReturn(new StackId("HDP", "2.2")).times(1); - expect(cluster.getClusterName()).andReturn("c1").times(2); + expect(cluster.getClusterName()).andReturn("c1").times(4); expect(cluster.getHosts()).andReturn(Arrays.asList(host1, host2, host3)).times(1); expect(cluster.getServices()).andReturn(servicesMap).times(1); @@ -2491,6 +2491,10 @@ public class KerberosHelperTest extends EasyMockSupport { AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); ambariMetaInfo.init(); + CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class); + credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, + new PrincipalKeyCredential("principal", "password"), CredentialStoreType.TEMPORARY); + KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); kerberosHelper.ensureHeadlessIdentities(cluster, existingConfigurations, services); http://git-wip-us.apache.org/repos/asf/ambari/blob/23252248/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java b/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java index df32684..93f4de6 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java @@ -125,7 +125,7 @@ public class ClusterConfigurationRequestTest { expectLastCall().andReturn(controller).anyTimes(); expect(controller.getClusters()).andReturn(clusters).anyTimes(); - expect(controller.getKerberosHelper()).andReturn(kerberosHelper).once(); + expect(controller.getKerberosHelper()).andReturn(kerberosHelper).times(2); expect(clusters.getCluster("testCluster")).andReturn(cluster).anyTimes(); @@ -154,8 +154,11 @@ public class ClusterConfigurationRequestTest { Map<String, String> properties = new HashMap<>(); properties.put("testPorperty", "testValue"); kerberosConfig.put("testConfigType", properties); + expect(kerberosHelper.ensureHeadlessIdentities(anyObject(Cluster.class), anyObject(Map.class), anyObject + (Set.class))).andReturn(true).once(); expect(kerberosHelper.getServiceConfigurationUpdates(anyObject(Cluster.class), anyObject(Map.class), anyObject - (Set.class))).andReturn(kerberosConfig).anyTimes(); + (Set.class))).andReturn(kerberosConfig).once(); + PowerMock.replay(stack, blueprint, topology, controller, clusters, kerberosHelper, ambariContext, AmbariContext