[ambari] branch branch-2.7 updated: [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3353)

Fri, 09 Sep 2022 23:05:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

brahma pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new e00261fc3c [AMBARI-25624] "Creating Kerberos keytabs" takes too long 
(#3353)
e00261fc3c is described below

commit e00261fc3c8cece53438cb1ffdc7bd658ede08c6
Author: Yubi Lee <eubn...@naver.com>
AuthorDate: Sat Sep 10 15:05:12 2022 +0900

    [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3353)
    
    Signed-off-by: Brahma Reddy Battula <bra...@apache.org>
---
 .../kerberos/CreateKeytabFilesServerAction.java    |  2 +-
 .../stageutils/KerberosKeytabController.java       | 36 +++++++++++++---------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
index f1d546151d..8e7dea745c 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
@@ -159,7 +159,7 @@ public class CreateKeytabFilesServerAction extends 
KerberosServerAction {
     CommandReport commandReport = null;
     String message = null;
 
-    Set<ResolvedKerberosKeytab> keytabsToCreate = 
kerberosKeytabController.getFromPrincipal(resolvedPrincipal);
+    Set<ResolvedKerberosKeytab> keytabsToCreate = 
kerberosKeytabController.getFromPrincipalExceptServiceMapping(resolvedPrincipal);
     KerberosPrincipalEntity principalEntity = 
kerberosPrincipalDAO.find(resolvedPrincipal.getPrincipal());
 
     try {
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
index 1fa654c64a..037c796643 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
@@ -91,7 +91,7 @@ public class KerberosKeytabController {
    * @return found keytab or null
    */
   public ResolvedKerberosKeytab getKeytabByFile(String file, boolean 
resolvePrincipals) {
-    return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals);
+    return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals, 
false);
   }
 
   /**
@@ -100,7 +100,7 @@ public class KerberosKeytabController {
    * @return all keytabs
    */
   public Set<ResolvedKerberosKeytab> getAllKeytabs() {
-    return fromKeytabEntities(kerberosKeytabDAO.findAll());
+    return fromKeytabEntities(kerberosKeytabDAO.findAll(), false);
   }
 
   /**
@@ -110,10 +110,17 @@ public class KerberosKeytabController {
    * @return set of keytabs found
    */
   public Set<ResolvedKerberosKeytab> 
getFromPrincipal(ResolvedKerberosPrincipal rkp) {
-    List<KerberosKeytabEntity> keytabs = 
kerberosKeytabDAO.findByPrincipalAndHost(
-        rkp.getPrincipal(), rkp.getHostId());
+    return 
fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), 
rkp.getHostId()), false);
+  }
 
-    return fromKeytabEntities(keytabs);
+  /**
+   * Returns all keytabs that contains given principal without service mapping.
+   *
+   * @param rkp principal to filter keytabs by
+   * @return set of keytabs found
+   */
+  public Set<ResolvedKerberosKeytab> 
getFromPrincipalExceptServiceMapping(ResolvedKerberosPrincipal rkp) {
+    return 
fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), 
rkp.getHostId()), true);
   }
 
   /**
@@ -135,7 +142,7 @@ public class KerberosKeytabController {
       filter.setPrincipals(identityFilter);
     }
 
-    Set<ResolvedKerberosPrincipal> filteredPrincipals = 
fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters));
+    Set<ResolvedKerberosPrincipal> filteredPrincipals = 
fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters), false);
     HashMap<String, ResolvedKerberosKeytab> resultMap = new HashMap<>();
     for (ResolvedKerberosPrincipal principal : filteredPrincipals) {
       if (!resultMap.containsKey(principal.getKeytabPath())) {
@@ -207,8 +214,9 @@ public class KerberosKeytabController {
     return 
Lists.newArrayList(KerberosKeytabPrincipalDAO.KerberosKeytabPrincipalFilter.createEmptyFilter());
   }
 
-  private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, 
boolean resolvePrincipals) {
-    Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ? 
fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities()) : new 
HashSet<>();
+  private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, 
boolean resolvePrincipals, boolean exceptServiceMapping) {
+    Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ?
+        fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities(), 
exceptServiceMapping) : new HashSet<>();
     return new ResolvedKerberosKeytab(
       kke.getKeytabPath(),
       kke.getOwnerName(),
@@ -222,18 +230,18 @@ public class KerberosKeytabController {
   }
 
   private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke) {
-    return fromKeytabEntity(kke, true);
+    return fromKeytabEntity(kke, true, false);
   }
 
-  private Set<ResolvedKerberosKeytab> 
fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities) {
+  private Set<ResolvedKerberosKeytab> 
fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities, boolean 
exceptServiceMapping) {
     ImmutableSet.Builder<ResolvedKerberosKeytab> builder = 
ImmutableSet.builder();
-    for (KerberosKeytabEntity kkpe : keytabEntities) {
-      builder.add(fromKeytabEntity(kkpe));
+    for (KerberosKeytabEntity kke : keytabEntities) {
+      builder.add(fromKeytabEntity(kke, true, exceptServiceMapping));
     }
     return builder.build();
   }
 
-  private Set<ResolvedKerberosPrincipal> 
fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> 
principalEntities) {
+  private Set<ResolvedKerberosPrincipal> 
fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> 
principalEntities, boolean exceptServiceMapping) {
     ImmutableSet.Builder<ResolvedKerberosPrincipal> builder = 
ImmutableSet.builder();
     for (KerberosKeytabPrincipalEntity kkpe : principalEntities) {
       KerberosPrincipalEntity kpe = kkpe.getKerberosPrincipalEntity();
@@ -246,7 +254,7 @@ public class KerberosKeytabController {
             kpe.isService(),
             kpe.getCachedKeytabPath(),
             kkpe.getKeytabPath(),
-            kkpe.getServiceMappingAsMultimap());
+            exceptServiceMapping ? null : kkpe.getServiceMappingAsMultimap());
         builder.add(rkp);
       }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@ambari.apache.org
For additional commands, e-mail: commits-h...@ambari.apache.org

Reply via email to