ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [2/2] ambari git commit: AMBARI-9785. Root user has spnego (HTTP) kerberos ticket set after Kerberos is enabled, root should have no ticket. (rlevas)
Date Sat, 28 Feb 2015 01:41:45 GMT
AMBARI-9785. Root user has spnego (HTTP) kerberos ticket set after Kerberos is enabled, root should have no ticket. (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4c222ce6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4c222ce6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4c222ce6

Branch: refs/heads/trunk
Commit: 4c222ce6fbc51ed4e42e9f2ad0946c84ff17ea48
Parents: e8ea0a5
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Fri Feb 27 20:39:29 2015 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Fri Feb 27 20:41:33 2015 -0500

----------------------------------------------------------------------
 .../ambari_agent/AlertSchedulerHandler.py       |  2 +-
 .../python/ambari_agent/alerts/web_alert.py     | 49 ++++++++++++++++++--
 .../libraries/functions/__init__.py             |  2 +
 .../libraries/functions/get_kdestroy_path.py    | 24 ++++------
 .../libraries/functions/get_kinit_path.py       | 24 ++++------
 .../package/alerts/alert_webhcat_server.py      | 30 +++++++++---
 .../package/alerts/alert_check_oozie_server.py  | 31 ++++++++++---
 .../4.0.0.2.0/package/scripts/oozie_service.py  |  3 +-
 .../services/HBASE/package/scripts/params.py    |  3 +-
 .../0.8/services/HDFS/package/scripts/params.py |  2 +-
 .../0.8/services/HIVE/package/scripts/params.py |  2 +-
 .../package/files/alert_check_oozie_server.py   | 31 ++++++++++---
 .../services/OOZIE/package/scripts/params.py    |  6 +--
 .../0.8/services/PIG/package/scripts/params.py  |  2 +-
 .../package/files/alert_webhcat_server.py       | 30 +++++++++---
 .../0.8/services/YARN/package/scripts/params.py |  4 +-
 .../ZOOKEEPER/package/scripts/params.py         |  2 +-
 .../services/YARN/package/scripts/params.py     |  5 +-
 .../services/FALCON/package/scripts/params.py   |  2 +-
 .../services/YARN/package/scripts/params.py     |  5 +-
 .../services/KNOX/package/scripts/params.py     |  2 +-
 .../services/SLIDER/package/scripts/params.py   |  2 +-
 .../2.1/services/YARN/package/scripts/params.py |  2 +-
 .../services/HBASE/package/scripts/params.py    |  3 +-
 .../services/HDFS/package/scripts/params.py     |  2 +-
 .../services/HIVE/package/scripts/params.py     |  2 +-
 .../services/NAGIOS/package/scripts/params.py   |  2 +-
 .../services/OOZIE/package/scripts/params.py    |  5 +-
 .../services/PIG/package/scripts/params.py      |  2 +-
 .../services/YARN/package/scripts/params.py     |  4 +-
 .../ZOOKEEPER/package/scripts/params.py         |  2 +-
 .../stacks/2.0.6/OOZIE/test_oozie_server.py     |  6 +--
 .../0.11.0.2.0.5.0/package/scripts/params.py    |  2 +-
 .../dummy_stack/HIVE/package/scripts/params.py  |  2 +-
 .../services/HIVE/package/scripts/params.py     |  2 +-
 35 files changed, 192 insertions(+), 107 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py b/ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py
index a53201e..a2ea8ef 100644
--- a/ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py
+++ b/ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py
@@ -268,7 +268,7 @@ class AlertSchedulerHandler():
       source['host_scripts_directory'] = self.host_scripts_dir
       alert = ScriptAlert(json_definition, source, self.config)
     elif source_type == AlertSchedulerHandler.TYPE_WEB:
-      alert = WebAlert(json_definition, source)
+      alert = WebAlert(json_definition, source, self.config)
 
     if alert is not None:
       alert.set_cluster(clusterName, hostName)

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
index 5052ca0..d7a833e 100644
--- a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
+++ b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
@@ -22,20 +22,33 @@ import logging
 import time
 import subprocess
 import os
-
+from  tempfile import gettempdir
 from alerts.base_alert import BaseAlert
 from collections import namedtuple
 from resource_management.libraries.functions.get_port_from_url import get_port_from_url
+from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import get_klist_path
 from ambari_commons import OSCheck
 from ambari_commons.inet_utils import resolve_address
 
+# hashlib is supplied as of Python 2.5 as the replacement interface for md5
+# and other secure hashes.  In 2.6, md5 is deprecated.  Import hashlib if
+# available, avoiding a deprecation warning under 2.6.  Import md5 otherwise,
+# preserving 2.4 compatibility.
+try:
+  import hashlib
+  _md5 = hashlib.md5
+except ImportError:
+  import md5
+  _md5 = md5.new
+
 logger = logging.getLogger()
 
 CURL_CONNECTION_TIMEOUT = '20'
 
 class WebAlert(BaseAlert):
   
-  def __init__(self, alert_meta, alert_source_meta):
+  def __init__(self, alert_meta, alert_source_meta, config):
     super(WebAlert, self).__init__(alert_meta, alert_source_meta)
     
     # extract any lookup keys from the URI structure
@@ -44,7 +57,9 @@ class WebAlert(BaseAlert):
       uri = alert_source_meta['uri']
       self.uri_property_keys = self._lookup_uri_property_keys(uri)
 
-      
+    self.config = config
+
+
   def _collect(self):
     if self.uri_property_keys is None:
       raise Exception("Could not determine result. URL(s) were not defined.")
@@ -131,14 +146,38 @@ class WebAlert(BaseAlert):
         kerberos_keytab = self._get_configuration_value(self.uri_property_keys.kerberos_keytab)
 
       if kerberos_principal is not None and kerberos_keytab is not None:
-        os.system("kinit -kt {0} {1} > /dev/null".format(kerberos_keytab, kerberos_principal))
+        # Create the kerberos credentials cache (ccache) file and set it in the environment to use
+        # when executing curl. Use the md5 hash of the combination of the principal and keytab file
+        # to generate a (relatively) unique cache filename so that we can use it as needed.
+        tmp_dir = self.config.get('agent', 'tmp_dir')
+        if tmp_dir is None:
+          tmp_dir = gettempdir()
+
+        ccache_file_name = _md5("{0}|{1}".format(kerberos_principal, kerberos_keytab)).hexdigest()
+        ccache_file_path = "{0}{1}web_alert_cc_{2}".format(tmp_dir, os.sep, ccache_file_name)
+        kerberos_env = {'KRB5CCNAME': ccache_file_path}
+
+        # If there are no tickets in the cache or they are expired, perform a kinit, else use what
+        # is in the cache
+        klist_path_local = get_klist_path()
+
+        if os.system("{0} -s {1}".format(klist_path_local, ccache_file_path)) != 0:
+          kinit_path_local = get_kinit_path()
+          logger.debug("[Alert][{0}] Enabling Kerberos authentication via GSSAPI using ccache at {1}."
+                       .format(self.get_name(), ccache_file_path))
+          os.system("{0} -l 5m -c {1} -kt {2} {3} > /dev/null".format(kinit_path_local, ccache_file_path, kerberos_keytab, kerberos_principal))
+        else:
+          logger.debug("[Alert][{0}] Kerberos authentication via GSSAPI already enabled using ccache at {1}."
+                       .format(self.get_name(), ccache_file_path))
+      else:
+        kerberos_env = None
 
       # substitute 0.0.0.0 in url with actual fqdn
       url = url.replace('0.0.0.0', self.host_name)
       start_time = time.time()
       curl = subprocess.Popen(['curl', '--negotiate', '-u', ':', '-sL', '-w',
         '%{http_code}', url, '--connect-timeout', CURL_CONNECTION_TIMEOUT,
-        '-o', '/dev/null'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        '-o', '/dev/null'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=kerberos_env)
 
       out, err = curl.communicate()
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/__init__.py b/ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
index 6bcd7cd..f6db722 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
@@ -24,8 +24,10 @@ import platform
 
 from resource_management.libraries.functions.default import *
 from resource_management.libraries.functions.format import *
+from resource_management.libraries.functions.find_path import *
 from resource_management.libraries.functions.get_kinit_path import *
 from resource_management.libraries.functions.get_kdestroy_path import *
+from resource_management.libraries.functions.get_klist_path import *
 from resource_management.libraries.functions.get_unique_id_and_date import *
 from resource_management.libraries.functions.check_process_status import *
 from resource_management.libraries.functions.is_empty import *

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py b/ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py
index f6d7f78..085ba6a 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py
@@ -21,20 +21,14 @@ Ambari Agent
 """
 
 __all__ = ["get_kdestroy_path"]
-import os
+from find_path import find_path
 
-def get_kdestroy_path():
-
-  kdestroy_path = ""
-
-  for x in ["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]:
-    if not x:
-      continue
 
-    path = os.path.join(x,"kdestroy")
-
-    if os.path.isfile(path):
-      kdestroy_path = path
-      break
-
-  return kdestroy_path
+def get_kdestroy_path():
+  """
+  Searches for the kdestroy executable using a default set of of paths to search:
+    /usr/bin
+    /usr/kerberos/bin
+    /usr/sbin
+  """
+  return find_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"], "kdestroy")
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py b/ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py
index 98434a2..7904a0f 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py
@@ -21,20 +21,14 @@ Ambari Agent
 """
 
 __all__ = ["get_kinit_path"]
-import os
+from find_path import find_path
 
-def get_kinit_path():
-
-  kinit_path = ""
-  
-  for x in ["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]:
-    if not x:
-      continue
-    
-    path = os.path.join(x,"kinit")
 
-    if os.path.isfile(path):
-      kinit_path = path
-      break
-    
-  return kinit_path
+def get_kinit_path():
+  """
+  Searches for the kinit executable using a default set of of paths to search:
+    /usr/bin
+    /usr/kerberos/bin
+    /usr/sbin
+  """
+  return find_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"], "kinit")
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
index 9773ec3..0b7535c 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
@@ -24,9 +24,13 @@ import socket
 import time
 import urllib2
 
+from resource_management.core.environment import Environment
 from resource_management.core.resources import Execute
+from resource_management.core.shell import call
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import get_klist_path
+from os import getpid, sep
 
 RESULT_CODE_OK = "OK"
 RESULT_CODE_CRITICAL = "CRITICAL"
@@ -101,16 +105,30 @@ def execute(parameters=None, host_name=None):
       # substitute _HOST in kerberos principal with actual fqdn
       webhcat_principal = webhcat_principal.replace('_HOST', host_name)
 
-      kinit_path_local = get_kinit_path()
-      kinit_command = format("{kinit_path_local} -kt {webhcat_keytab} {webhcat_principal}; ")
+      # Create the kerberos credentials cache (ccache) file and set it in the environment to use
+      # when executing curl
+      env = Environment.get_instance()
+      ccache_file = "{0}{1}webhcat_alert_cc_{2}".format(env.tmp_dir, sep, getpid())
+      kerberos_env = {'KRB5CCNAME': ccache_file}
 
-      # kinit so that curl will work with --negotiate
-      Execute(kinit_command)
+      klist_path_local = get_klist_path()
+      klist_command = format("{klist_path_local} -s {ccache_file}")
+
+      # Determine if we need to kinit by testing to see if the relevant cache exists and has
+      # non-expired tickets.  Tickets are marked to expire after 5 minutes to help reduce the number
+      # it kinits we do but recover quickly when keytabs are regenerated
+      return_code, _ = call(klist_command)
+      if return_code != 0:
+        kinit_path_local = get_kinit_path()
+        kinit_command = format("{kinit_path_local} -l 5m -c {ccache_file} -kt {webhcat_keytab} {webhcat_principal}; ")
+
+        # kinit so that curl will work with --negotiate
+        Execute(kinit_command)
 
       # make a single curl call to get just the http code
       curl = subprocess.Popen(['curl', '--negotiate', '-u', ':', '-sL', '-w',
         '%{http_code}', '--connect-timeout', CURL_CONNECTION_TIMEOUT,
-        '-o', '/dev/null', query_url], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        '-o', '/dev/null', query_url], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=kerberos_env)
 
       stdout, stderr = curl.communicate()
 
@@ -134,7 +152,7 @@ def execute(parameters=None, host_name=None):
       start_time = time.time()
       curl = subprocess.Popen(['curl', '--negotiate', '-u', ':', '-sL',
         '--connect-timeout', CURL_CONNECTION_TIMEOUT, query_url, ],
-        stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=kerberos_env)
 
       stdout, stderr = curl.communicate()
       total_time = time.time() - start_time

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
index 23a3482..9e2775b 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
@@ -17,11 +17,14 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 """
+from resource_management.core.environment import Environment
 from resource_management.core.resources import Execute
+from resource_management.core.shell import call
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import get_klist_path
 from ambari_commons.os_check import OSConst, OSCheck
-
+from os import getpid, sep
 from urlparse import urlparse
 
 RESULT_CODE_OK = 'OK'
@@ -70,6 +73,8 @@ def execute(parameters=None, host_name=None):
 
   try:
     # kinit if security is enabled so that oozie-env.sh can make the web request
+    kerberos_env = None
+
     if security_enabled:
       if OOZIE_KEYTAB in parameters and OOZIE_PRINCIPAL in parameters:
         oozie_keytab = parameters[OOZIE_KEYTAB]
@@ -80,14 +85,28 @@ def execute(parameters=None, host_name=None):
       else:
         return (RESULT_CODE_UNKNOWN, ['The Oozie keytab and principal are required parameters when security is enabled.'])
 
-      kinit_path_local = get_kinit_path()
-      kinit_command = format("{kinit_path_local} -kt {oozie_keytab} {oozie_principal}; ")
+      # Create the kerberos credentials cache (ccache) file and set it in the environment to use
+      # when executing curl
+      env = Environment.get_instance()
+      ccache_file = "{0}{1}oozie_alert_cc_{2}".format(env.tmp_dir, sep, getpid())
+      kerberos_env = {'KRB5CCNAME': ccache_file}
+
+      klist_path_local = get_klist_path()
+      klist_command = format("{klist_path_local} -s {ccache_file}")
+
+      # Determine if we need to kinit by testing to see if the relevant cache exists and has
+      # non-expired tickets.  Tickets are marked to expire after 5 minutes to help reduce the number
+      # it kinits we do but recover quickly when keytabs are regenerated
+      return_code, _ = call(klist_command)
+      if return_code != 0:
+        kinit_path_local = get_kinit_path()
+        kinit_command = format("{kinit_path_local} -l 5m -kt {oozie_keytab} {oozie_principal}; ")
 
-      # kinit
-      Execute(kinit_command)
+        # kinit
+        Execute(kinit_command, environment=kerberos_env)
 
     # execute the command
-    Execute(command)
+    Execute(command, environment=kerberos_env)
 
     return (RESULT_CODE_OK, ["Successful connection to {0}".format(oozie_url)])
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py
index 092149d..1715f82 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py
@@ -70,7 +70,8 @@ def oozie_service(action = 'start', rolling_restart=False):
       Execute( cmd1, user = params.oozie_user, not_if = no_op_test,
         ignore_failures = True )
 
-      not_if_command = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit 1}}}}'")
+      not_if_command = as_user(format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit 1}}}}'"),
+                               params.oozie_user)
       Execute( cmd2, user = params.oozie_user, not_if = not_if_command,
         path = params.execute_path )
     

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HBASE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HBASE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HBASE/package/scripts/params.py
index f368703..88e02e7 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HBASE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HBASE/package/scripts/params.py
@@ -102,7 +102,7 @@ master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab
 regionserver_keytab_path = config['configurations']['hbase-site']['hbase.regionserver.keytab.file']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 hbase_user_keytab = config['configurations']['hbase-env']['hbase_user_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 if security_enabled:
   kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_principal_name};")
 else:
@@ -123,7 +123,6 @@ hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
 hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
index 9fbce1d..7360835 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
@@ -57,7 +57,7 @@ hdfs_exclude_file = default("/clusterHostInfo/decom_dn_hosts", [])
 exclude_file_path = config['configurations']['hdfs-site']['dfs.hosts.exclude']
 update_exclude_file_only = default("/commandParams/update_exclude_file_only",False)
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 #hosts
 hostname = config["hostname"]
 rm_host = default("/clusterHostInfo/rm_host", [])

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HIVE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HIVE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HIVE/package/scripts/params.py
index 90235e9..9dd7f89 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HIVE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HIVE/package/scripts/params.py
@@ -119,7 +119,7 @@ smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 fs_root = config['configurations']['core-site']['fs.defaultFS']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 hive_metastore_keytab_path =  config['configurations']['hive-site']['hive.metastore.kerberos.keytab.file']
 
 #hive_env

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py
index a5a066b..9e2775b 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py
@@ -17,11 +17,14 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 """
+from resource_management.core.environment import Environment
 from resource_management.core.resources import Execute
+from resource_management.core.shell import call
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import get_klist_path
 from ambari_commons.os_check import OSConst, OSCheck
-
+from os import getpid, sep
 from urlparse import urlparse
 
 RESULT_CODE_OK = 'OK'
@@ -70,6 +73,8 @@ def execute(parameters=None, host_name=None):
 
   try:
     # kinit if security is enabled so that oozie-env.sh can make the web request
+    kerberos_env = None
+
     if security_enabled:
       if OOZIE_KEYTAB in parameters and OOZIE_PRINCIPAL in parameters:
         oozie_keytab = parameters[OOZIE_KEYTAB]
@@ -80,14 +85,28 @@ def execute(parameters=None, host_name=None):
       else:
         return (RESULT_CODE_UNKNOWN, ['The Oozie keytab and principal are required parameters when security is enabled.'])
 
-      kinit_path_local = get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
-      kinit_command = format("{kinit_path_local} -kt {oozie_keytab} {oozie_principal}; ")
+      # Create the kerberos credentials cache (ccache) file and set it in the environment to use
+      # when executing curl
+      env = Environment.get_instance()
+      ccache_file = "{0}{1}oozie_alert_cc_{2}".format(env.tmp_dir, sep, getpid())
+      kerberos_env = {'KRB5CCNAME': ccache_file}
+
+      klist_path_local = get_klist_path()
+      klist_command = format("{klist_path_local} -s {ccache_file}")
+
+      # Determine if we need to kinit by testing to see if the relevant cache exists and has
+      # non-expired tickets.  Tickets are marked to expire after 5 minutes to help reduce the number
+      # it kinits we do but recover quickly when keytabs are regenerated
+      return_code, _ = call(klist_command)
+      if return_code != 0:
+        kinit_path_local = get_kinit_path()
+        kinit_command = format("{kinit_path_local} -l 5m -kt {oozie_keytab} {oozie_principal}; ")
 
-      # kinit
-      Execute(kinit_command)
+        # kinit
+        Execute(kinit_command, environment=kerberos_env)
 
     # execute the command
-    Execute(command)
+    Execute(command, environment=kerberos_env)
 
     return (RESULT_CODE_OK, ["Successful connection to {0}".format(oozie_url)])
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/scripts/params.py
index f13fbaf..a7236ce 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/scripts/params.py
@@ -101,7 +101,7 @@ catalina_properties_common_loader = "/usr/lib/hive-hcatalog/share/hcatalog/*.jar
 if (len(hive_jar_files) != 0):
     catalina_properties_common_loader = hive_jar_files + "," + catalina_properties_common_loader
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 oozie_service_keytab = config['configurations']['oozie-site']['oozie.service.HadoopAccessorService.keytab.file']
 oozie_principal = config['configurations']['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal']
 smokeuser_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
@@ -118,7 +118,6 @@ oozie_log_dir = config['configurations']['oozie-env']['oozie_log_dir']
 oozie_data_dir = config['configurations']['oozie-env']['oozie_data_dir']
 oozie_server_port = get_port_from_url(config['configurations']['oozie-site']['oozie.base.url'])
 oozie_server_admin_port = config['configurations']['oozie-env']['oozie_admin_port']
-oozie_env_sh_template = config['configurations']['oozie-env']['content']
 fs_root = config['configurations']['core-site']['fs.defaultFS']
 
 put_shared_lib_to_hdfs_cmd = format("{oozie_setup_sh} sharelib create -fs {fs_root} -locallib {oozie_shared_lib}")
@@ -145,14 +144,11 @@ if (('oozie-log4j' in config['configurations']) and ('content' in config['config
 else:
   log4j_props = None
 
-oozie_hdfs_user_dir = format("/user/{oozie_user}")
 oozie_hdfs_user_mode = 0775
 #for create_hdfs_directory
-hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
 hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/PIG/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/PIG/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/PIG/package/scripts/params.py
index b334f3b..b2c5441 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/PIG/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/PIG/package/scripts/params.py
@@ -46,7 +46,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 user_group = config['configurations']['cluster-env']['user_group']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 pig_env_sh_template = config['configurations']['pig-env']['content']
 
 # not supporting 32 bit jdk.

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py
index 970ddde..c484f0b 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py
@@ -24,9 +24,13 @@ import socket
 import time
 import urllib2
 
+from resource_management.core.environment import Environment
 from resource_management.core.resources import Execute
+from resource_management.core.shell import call
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import get_klist_path
+from os import getpid, sep
 
 RESULT_CODE_OK = "OK"
 RESULT_CODE_CRITICAL = "CRITICAL"
@@ -101,16 +105,30 @@ def execute(parameters=None, host_name=None):
       # substitute _HOST in kerberos principal with actual fqdn
       webhcat_principal = webhcat_principal.replace('_HOST', host_name)
 
-      kinit_path_local = get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
-      kinit_command = format("{kinit_path_local} -kt {webhcat_keytab} {webhcat_principal}; ")
+      # Create the kerberos credentials cache (ccache) file and set it in the environment to use
+      # when executing curl
+      env = Environment.get_instance()
+      ccache_file = "{0}{1}webhcat_alert_cc_{2}".format(env.tmp_dir, sep, getpid())
+      kerberos_env = {'KRB5CCNAME': ccache_file}
 
-      # kinit so that curl will work with --negotiate
-      Execute(kinit_command)
+      klist_path_local = get_klist_path()
+      klist_command = format("{klist_path_local} -s {ccache_file}")
+
+      # Determine if we need to kinit by testing to see if the relevant cache exists and has
+      # non-expired tickets.  Tickets are marked to expire after 5 minutes to help reduce the number
+      # it kinits we do but recover quickly when keytabs are regenerated
+      return_code, _ = call(klist_command)
+      if return_code != 0:
+        kinit_path_local = get_kinit_path()
+        kinit_command = format("{kinit_path_local} -l 5m -c {ccache_file} -kt {webhcat_keytab} {webhcat_principal}; ")
+
+        # kinit so that curl will work with --negotiate
+        Execute(kinit_command)
 
       # make a single curl call to get just the http code
       curl = subprocess.Popen(['curl', '--negotiate', '-u', ':', '-sL', '-w',
         '%{http_code}', '--connect-timeout', CURL_CONNECTION_TIMEOUT,
-        '-o', '/dev/null', query_url], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        '-o', '/dev/null', query_url], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=kerberos_env)
 
       stdout, stderr = curl.communicate()
 
@@ -134,7 +152,7 @@ def execute(parameters=None, host_name=None):
       start_time = time.time()
       curl = subprocess.Popen(['curl', '--negotiate', '-u', ':', '-sL',
         '--connect-timeout', CURL_CONNECTION_TIMEOUT, query_url, ],
-        stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=kerberos_env)
 
       stdout, stderr = curl.communicate()
       total_time = time.time() - start_time

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/YARN/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/YARN/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/YARN/package/scripts/params.py
index 187ddc0..5a31518 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/YARN/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/YARN/package/scripts/params.py
@@ -64,7 +64,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 yarn_executor_container_group = config['configurations']['yarn-site']['yarn.nodemanager.linux-container-executor.group']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 rm_hosts = config['clusterHostInfo']['rm_host']
 rm_host = rm_hosts[0]
 rm_port = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'].split(':')[-1]
@@ -149,9 +149,7 @@ jobhistory_heapsize = default("/configurations/mapred-env/jobhistory_heapsize",
 #for create_hdfs_directory
 hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
-hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/ZOOKEEPER/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/ZOOKEEPER/package/scripts/params.py b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/ZOOKEEPER/package/scripts/params.py
index b668f67..a0d504b 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/ZOOKEEPER/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/ZOOKEEPER/package/scripts/params.py
@@ -77,7 +77,7 @@ security_enabled = config['configurations']['cluster-env']['security_enabled']
 
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 smokeuser = config['configurations']['cluster-env']['smokeuser']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 
 #log4j.properties
 if (('zookeeper-log4j' in config['configurations']) and ('content' in config['configurations']['zookeeper-log4j'])):

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDP/2.0.6.GlusterFS/services/YARN/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6.GlusterFS/services/YARN/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6.GlusterFS/services/YARN/package/scripts/params.py
index 0fdaf18..55fda42 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6.GlusterFS/services/YARN/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6.GlusterFS/services/YARN/package/scripts/params.py
@@ -36,7 +36,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 yarn_executor_container_group = config['configurations']['yarn-site']['yarn.nodemanager.linux-container-executor.group']
-kinit_path_local = functions.get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 rm_hosts = config['clusterHostInfo']['rm_host']
 rm_host = rm_hosts[0]
 rm_port = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'].split(':')[-1]
@@ -116,10 +116,7 @@ mapreduce_jobhistory_done_dir = config['configurations']['mapred-site']['mapredu
 
 #for create_hdfs_directory
 hostname = config["hostname"]
-hadoop_conf_dir = "/etc/hadoop/conf"
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
-hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
-kinit_path_local = functions.get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/FALCON/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/FALCON/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/FALCON/package/scripts/params.py
index 056380b..78d22b4 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/FALCON/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/FALCON/package/scripts/params.py
@@ -56,7 +56,7 @@ hostname = config["hostname"]
 hadoop_conf_dir = "/etc/hadoop/conf"
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
 hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/package/scripts/params.py
index 0fdaf18..55fda42 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/package/scripts/params.py
@@ -36,7 +36,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 yarn_executor_container_group = config['configurations']['yarn-site']['yarn.nodemanager.linux-container-executor.group']
-kinit_path_local = functions.get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 rm_hosts = config['clusterHostInfo']['rm_host']
 rm_host = rm_hosts[0]
 rm_port = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'].split(':')[-1]
@@ -116,10 +116,7 @@ mapreduce_jobhistory_done_dir = config['configurations']['mapred-site']['mapredu
 
 #for create_hdfs_directory
 hostname = config["hostname"]
-hadoop_conf_dir = "/etc/hadoop/conf"
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
-hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
-kinit_path_local = functions.get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/package/scripts/params.py
index b11eddb..b5c61e8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/package/scripts/params.py
@@ -131,7 +131,7 @@ java_home = config['hostLevelParams']['java_home']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smokeuser = config['configurations']['cluster-env']['smokeuser']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 if security_enabled:
   knox_keytab_path = config['configurations']['knox-env']['knox_keytab_path']
   _hostname_lowercase = config['hostname'].lower()

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/SLIDER/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/SLIDER/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/SLIDER/package/scripts/params.py
index 121bbd4..9b6731e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/SLIDER/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/SLIDER/package/scripts/params.py
@@ -39,7 +39,7 @@ hadoop_conf_dir = "/etc/hadoop/conf"
 smokeuser = config['configurations']['cluster-env']['smokeuser']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smokeuser_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 slider_env_sh_template = config['configurations']['slider-env']['content']
 
 java64_home = config['hostLevelParams']['java_home']

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/HDPWIN/2.1/services/YARN/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDPWIN/2.1/services/YARN/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDPWIN/2.1/services/YARN/package/scripts/params.py
index a548f98..e48655d 100644
--- a/ambari-server/src/main/resources/stacks/HDPWIN/2.1/services/YARN/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/HDPWIN/2.1/services/YARN/package/scripts/params.py
@@ -38,7 +38,7 @@ hadoop_ssl_enabled = default("/configurations/core-site/hadoop.ssl.enabled", Fal
 _authentication = config['configurations']['core-site']['hadoop.security.authentication']
 security_enabled = ( not is_empty(_authentication) and _authentication == 'kerberos')
 smoke_user_keytab = config['configurations']['hadoop-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 rm_host = config['clusterHostInfo']['rm_host'][0]
 rm_port = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'].split(':')[-1]
 rm_https_port = "8090"

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HBASE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HBASE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HBASE/package/scripts/params.py
index 8c4f5e5..f745e39 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HBASE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HBASE/package/scripts/params.py
@@ -102,7 +102,7 @@ master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab
 regionserver_keytab_path = config['configurations']['hbase-site']['hbase.regionserver.keytab.file']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 hbase_user_keytab = config['configurations']['hbase-env']['hbase_user_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 if security_enabled:
   kinit_cmd = format("{kinit_path_local} -kt {hbase_user_keytab} {hbase_principal_name};")
 else:
@@ -123,7 +123,6 @@ hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
 hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HDFS/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HDFS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HDFS/package/scripts/params.py
index ff61dd7..91aca2f 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HDFS/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HDFS/package/scripts/params.py
@@ -57,7 +57,7 @@ hdfs_exclude_file = default("/clusterHostInfo/decom_dn_hosts", [])
 exclude_file_path = config['configurations']['hdfs-site']['dfs.hosts.exclude']
 update_exclude_file_only = config['commandParams']['update_exclude_file_only']
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 #hosts
 hostname = config["hostname"]
 rm_host = default("/clusterHostInfo/rm_host", [])

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HIVE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HIVE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HIVE/package/scripts/params.py
index a9a67f7..fed3287 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HIVE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/HIVE/package/scripts/params.py
@@ -118,7 +118,7 @@ smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 fs_root = config['configurations']['core-site']['fs.defaultFS']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 hive_metastore_keytab_path =  config['configurations']['hive-site']['hive.metastore.kerberos.keytab.file']
 
 #hive_env

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/NAGIOS/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/NAGIOS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/NAGIOS/package/scripts/params.py
index 5a0ffbb..8bec940 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/NAGIOS/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/NAGIOS/package/scripts/params.py
@@ -229,7 +229,7 @@ java64_home = config['hostLevelParams']['java_home']
 check_cpu_on = is_jdk_greater_6(java64_home)
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 nagios_keytab_path = default("/configurations/nagios-env/nagios_keytab_path", "/etc/security/keytabs/nagios.service.keytab")
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 
 dfs_ha_enabled = False
 dfs_ha_nameservices = default("/configurations/hdfs-site/dfs.nameservices", None)

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/OOZIE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/OOZIE/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/OOZIE/package/scripts/params.py
index 7659529..b46ab73 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/OOZIE/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/OOZIE/package/scripts/params.py
@@ -101,7 +101,7 @@ catalina_properties_common_loader = "/usr/lib/hive-hcatalog/share/hcatalog/*.jar
 if (len(hive_jar_files) != 0):
     catalina_properties_common_loader = hive_jar_files + "," + catalina_properties_common_loader
 
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 oozie_service_keytab = config['configurations']['oozie-site']['oozie.service.HadoopAccessorService.keytab.file']
 oozie_principal = config['configurations']['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal']
 smokeuser_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
@@ -145,14 +145,11 @@ if (('oozie-log4j' in config['configurations']) and ('content' in config['config
 else:
   log4j_props = None
 
-oozie_hdfs_user_dir = format("/user/{oozie_user}")
 oozie_hdfs_user_mode = 0775
 #for create_hdfs_directory
-hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
 hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/PIG/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/PIG/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/PIG/package/scripts/params.py
index 60a9806..6284aed 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/PIG/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/PIG/package/scripts/params.py
@@ -46,7 +46,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 user_group = config['configurations']['cluster-env']['user_group']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 pig_env_sh_template = config['configurations']['pig-env']['content']
 
 # not supporting 32 bit jdk.

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/YARN/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/YARN/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/YARN/package/scripts/params.py
index 6e7f170..23bbc39 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/YARN/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/YARN/package/scripts/params.py
@@ -64,7 +64,7 @@ smokeuser = config['configurations']['cluster-env']['smokeuser']
 security_enabled = config['configurations']['cluster-env']['security_enabled']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 yarn_executor_container_group = config['configurations']['yarn-site']['yarn.nodemanager.linux-container-executor.group']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 rm_hosts = config['clusterHostInfo']['rm_host']
 rm_host = rm_hosts[0]
 rm_port = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'].split(':')[-1]
@@ -149,9 +149,7 @@ jobhistory_heapsize = default("/configurations/mapred-env/jobhistory_heapsize",
 #for create_hdfs_directory
 hostname = config["hostname"]
 hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
-hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
 hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
 import functools
 #create partial functions with common arguments for every HdfsDirectory call
 #to create hdfs directory we need to call params.HdfsDirectory in code

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/ZOOKEEPER/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/ZOOKEEPER/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/ZOOKEEPER/package/scripts/params.py
index 9fa99b5..fdf7ddc 100644
--- a/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/ZOOKEEPER/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PHD/3.0.0.0/services/ZOOKEEPER/package/scripts/params.py
@@ -77,7 +77,7 @@ security_enabled = config['configurations']['cluster-env']['security_enabled']
 
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
 smokeuser = config['configurations']['cluster-env']['smokeuser']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = functions.get_kinit_path()
 
 #log4j.properties
 if (('zookeeper-log4j' in config['configurations']) and ('content' in config['configurations']['zookeeper-log4j'])):

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py b/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
index 321a9c1..31c8d0d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
@@ -58,8 +58,8 @@ class TestOozieServer(RMFTestCase):
         user = 'oozie',
         )
     self.assertResourceCalled('Execute', ' hadoop --config /etc/hadoop/conf dfs -put /usr/lib/oozie/share /user/oozie ; hadoop --config /etc/hadoop/conf dfs -chmod -R 755 /user/oozie/share',
-        not_if = " hadoop --config /etc/hadoop/conf dfs -ls /user/oozie/share | awk 'BEGIN {count=0;} /share/ {count++} END {if (count > 0) {exit 0} else {exit 1}}'",
-        user = 'oozie',
+        not_if = shell.as_user(" hadoop --config /etc/hadoop/conf dfs -ls /user/oozie/share | awk 'BEGIN {count=0;} /share/ {count++} END {if (count > 0) {exit 0} else {exit 1}}'", "oozie"),
+        user = u'oozie',
         path = ['/usr/bin:/usr/bin'],
         )
     self.assertResourceCalled('Execute', 'cd /var/tmp/oozie && /usr/lib/oozie/bin/oozie-start.sh',
@@ -115,7 +115,7 @@ class TestOozieServer(RMFTestCase):
                               user = 'oozie',
                               )
     self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/oozie.service.keytab oozie/c6402.ambari.apache.org@EXAMPLE.COM; hadoop --config /etc/hadoop/conf dfs -put /usr/lib/oozie/share /user/oozie ; hadoop --config /etc/hadoop/conf dfs -chmod -R 755 /user/oozie/share',
-                              not_if = "/usr/bin/kinit -kt /etc/security/keytabs/oozie.service.keytab oozie/c6402.ambari.apache.org@EXAMPLE.COM; hadoop --config /etc/hadoop/conf dfs -ls /user/oozie/share | awk 'BEGIN {count=0;} /share/ {count++} END {if (count > 0) {exit 0} else {exit 1}}'",
+                              not_if = shell.as_user("/usr/bin/kinit -kt /etc/security/keytabs/oozie.service.keytab oozie/c6402.ambari.apache.org@EXAMPLE.COM; hadoop --config /etc/hadoop/conf dfs -ls /user/oozie/share | awk 'BEGIN {count=0;} /share/ {count++} END {if (count > 0) {exit 0} else {exit 1}}'", "oozie"),
                               user = 'oozie',
                               path = ['/usr/bin:/usr/bin'],
                               )

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_common_services/HIVE/0.11.0.2.0.5.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_common_services/HIVE/0.11.0.2.0.5.0/package/scripts/params.py b/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_common_services/HIVE/0.11.0.2.0.5.0/package/scripts/params.py
index 0cf89be..a49e231 100644
--- a/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_common_services/HIVE/0.11.0.2.0.5.0/package/scripts/params.py
+++ b/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_common_services/HIVE/0.11.0.2.0.5.0/package/scripts/params.py
@@ -56,7 +56,7 @@ smoke_user_keytab = config['configurations']['global']['smokeuser_keytab']
 
 security_enabled = config['configurations']['global']['security_enabled']
 
-kinit_path_local = get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = get_kinit_path()
 hive_metastore_keytab_path =  config['configurations']['hive-site']['hive.metastore.kerberos.keytab.file']
 
 #hive_env

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/scripts/params.py b/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/scripts/params.py
index 0cf89be..a49e231 100644
--- a/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/scripts/params.py
+++ b/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/scripts/params.py
@@ -56,7 +56,7 @@ smoke_user_keytab = config['configurations']['global']['smokeuser_keytab']
 
 security_enabled = config['configurations']['global']['security_enabled']
 
-kinit_path_local = get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = get_kinit_path()
 hive_metastore_keytab_path =  config['configurations']['hive-site']['hive.metastore.kerberos.keytab.file']
 
 #hive_env

http://git-wip-us.apache.org/repos/asf/ambari/blob/4c222ce6/ambari-server/src/test/resources/stacks/HDP/2.0.7/services/HIVE/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/resources/stacks/HDP/2.0.7/services/HIVE/package/scripts/params.py b/ambari-server/src/test/resources/stacks/HDP/2.0.7/services/HIVE/package/scripts/params.py
index 648913b..7817a4d 100644
--- a/ambari-server/src/test/resources/stacks/HDP/2.0.7/services/HIVE/package/scripts/params.py
+++ b/ambari-server/src/test/resources/stacks/HDP/2.0.7/services/HIVE/package/scripts/params.py
@@ -57,7 +57,7 @@ smoke_user_keytab = config['configurations']['global']['smokeuser_keytab']
 _authentication = config['configurations']['core-site']['hadoop.security.authentication']
 security_enabled = ( not is_empty(_authentication) and _authentication == 'kerberos')
 
-kinit_path_local = get_kinit_path([default("kinit_path_local",None), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+kinit_path_local = get_kinit_path()
 hive_metastore_keytab_path =  config['configurations']['hive-site']['hive.metastore.kerberos.keytab.file']
 
 #hive_env


Mime
View raw message