Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ambari-dev@ambari.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: aonishuk@apache.org
To: commits@ambari.apache.org
Date: Wed, 09 Nov 2016 12:25:49 -0000
Message-Id: <fe1792c8eab040bc9c55a0eb1a0a39f6@git.apache.org>
In-Reply-To: <5d95da2ec1df425caabb1f0c97f81c70@git.apache.org>
References: <5d95da2ec1df425caabb1f0c97f81c70@git.apache.org>
Subject: [2/2] ambari git commit: AMBARI-18755. Deployment failing at creating
 principal (aonishuk)
archived-at: Wed, 09 Nov 2016 12:25:51 -0000

AMBARI-18755. Deployment failing at creating principal (aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/012ccc6f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/012ccc6f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/012ccc6f

Branch: refs/heads/branch-2.5
Commit: 012ccc6f6978e27c9ff8d3e7ec04f22377b75d7d
Parents: 91d480e
Author: Andrew Onishuk <aonishuk@hortonworks.com>
Authored: Wed Nov 9 14:25:41 2016 +0200
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Wed Nov 9 14:25:41 2016 +0200

----------------------------------------------------------------------
 ambari-server/docs/configuration/index.md       |  1 +
 .../server/configuration/Configuration.java     | 20 ++++++-
 .../kerberos/MITKerberosOperationHandler.java   | 28 +++++++++-
 .../MITKerberosOperationHandlerTest.java        | 57 ++++++++++----------
 4 files changed, 75 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/012ccc6f/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 52b4744..ae6019c 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -133,6 +133,7 @@ The following are the properties which can be used to configure Ambari.
 | kdcserver.connection.check.timeout | The timeout, in milliseconds, to wait when communicating with a Kerberos Key Distribution Center. |`10000` | 
 | kerberos.check.jaas.configuration | Determines whether Kerberos-enabled Ambari deployments should use JAAS to validate login credentials. |`false` | 
 | kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are cached. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/data/cache` | 
+| kerberos.operation.retries | The number of times failed kerberos operations should be retried to execute. |`3` | 
 | ldap.sync.username.collision.behavior | Determines how to handle username collision while updating from LDAP.<br/><br/>The following are examples of valid values:<ul><li>`skip`<li>`convert`</ul> |`convert` | 
 | metadata.path | The location on the Ambari Server where the stack resources exist.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/stacks`</ul> | | 
 | metrics.retrieval-service.cache.timeout | The amount of time, in minutes, that JMX and REST metrics retrieved directly can remain in the cache. |`30` | 

http://git-wip-us.apache.org/repos/asf/ambari/blob/012ccc6f/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 8857e19..210c98d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -116,6 +116,10 @@ import com.google.inject.Singleton;
  */
 @Singleton
 public class Configuration {
+  /**
+   * JVM property with optional path to Makrdown template file.
+   */
+  private static final String AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY = "ambari.configuration.md.template";
 
   /**
    * The file to generate the complete Markdown documentation.
@@ -1383,6 +1387,11 @@ public class Configuration {
    * Kerberos authentication-specific properties (end)
    * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
 
+
+  @Markdown(description = "The number of times failed kerberos operations should be retried to execute.")
+  public static final ConfigurationProperty<Integer> KERBEROS_OPERATION_RETRIES = new ConfigurationProperty<>(
+      "kerberos.operation.retries", 3);
+
   /**
    * The type of connection pool to use with JDBC connections to the database.
    */
@@ -5112,7 +5121,12 @@ public class Configuration {
     // replace the tokens in the markdown template and write out the final MD file
     InputStream inputStream = null;
     try {
-      inputStream = Configuration.class.getResourceAsStream(MARKDOWN_TEMPLATE_FILE);
+      if (System.getProperties().containsKey(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY)) {
+        // for using from IDEA or other tools without whole compilation
+        inputStream = new FileInputStream(System.getProperties().getProperty(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY));
+      } else {
+        inputStream = Configuration.class.getResourceAsStream(MARKDOWN_TEMPLATE_FILE);
+      }
       String template = IOUtils.toString(inputStream);
       String markdown = template.replace(MARKDOWN_CONFIGURATION_TABLE_KEY, allPropertiesBuffer.toString());
       markdown = markdown.replace(MARKDOWN_BASELINE_VALUES_KEY, baselineBuffer.toString());
@@ -5469,4 +5483,8 @@ public class Configuration {
 
     return kerberosAuthProperties;
   }
+
+  public int getKerberosOperationRetries(){
+    return Integer.valueOf(getProperty(KERBEROS_OPERATION_RETRIES));
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/012ccc6f/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
index 7e915fc..a21d330 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
@@ -18,6 +18,8 @@
 
 package org.apache.ambari.server.serveraction.kerberos;
 
+import com.google.inject.Inject;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
 import org.apache.ambari.server.utils.ShellCommandUtil;
 import org.apache.commons.lang.ArrayUtils;
@@ -44,6 +46,9 @@ import java.util.regex.Pattern;
  */
 public class MITKerberosOperationHandler extends KerberosOperationHandler {
 
+  @Inject
+  private Configuration configuration;
+
   /**
    * A regular expression pattern to use to parse the key number from the text captured from the
    * get_principal kadmin command
@@ -388,7 +393,7 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
       throw new KerberosOperationException("Missing kadmin query");
     }
 
-    ShellCommandUtil.Result result;
+    ShellCommandUtil.Result result = null;
     PrincipalKeyCredential administratorCredential = getAdministratorCredential();
     String defaultRealm = getDefaultRealm();
 
@@ -451,7 +456,26 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
       LOG.debug(String.format("Executing: %s", command));
     }
 
-    result = executeCommand(command.toArray(new String[command.size()]), null, interactiveHandler);
+    int retryCount = configuration.getKerberosOperationRetries();
+    int tries = 0;
+
+    while (tries <= retryCount) {
+      try {
+        result = executeCommand(command.toArray(new String[command.size()]), null, interactiveHandler);
+      } catch (KerberosOperationException exception) {
+        if (tries == retryCount) {
+          throw exception;
+        }
+      } finally {
+        if (result != null && result.isSuccessful()) {
+          break; // break on successful result
+        }
+        tries++;
+        String message = String.format("Retrying to execute kadmin:\n\tCommand: %s", command);
+        LOG.warn(message);
+      }
+    }
+
 
     if (!result.isSuccessful()) {
       String message = String.format("Failed to execute kadmin:\n\tCommand: %s\n\tExitCode: %s\n\tSTDOUT: %s\n\tSTDERR: %s",

http://git-wip-us.apache.org/repos/asf/ambari/blob/012ccc6f/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
index 6fd30ee..4c40a5d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
@@ -32,6 +32,7 @@ import org.apache.ambari.server.utils.ShellCommandUtil;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
 import org.easymock.IAnswer;
+import org.easymock.IMockBuilder;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -122,10 +123,11 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosPrincipalDoesNotExistException.class)
   public void testSetPrincipalPasswordPrincipalDoesNotExist() throws Exception {
+
     MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
         .addMockedMethod(methodExecuteCommand)
         .createNiceMock();
-
+    injector.injectMembers(handler);
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -187,9 +189,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosPrincipalAlreadyExistsException.class)
   public void testCreatePrincipalPrincipalAlreadyNotExists() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -254,9 +254,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPassword() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -287,9 +285,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPrincipal() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -320,9 +316,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosRealmException.class)
   public void testTestAdministratorCredentialsInvalidRealm() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -353,9 +347,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosRealmException.class)
   public void testTestAdministratorCredentialsInvalidRealm2() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -386,9 +378,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosKDCConnectionException.class)
   public void testTestAdministratorCredentialsKDCConnectionException() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -419,9 +409,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test(expected = KerberosKDCConnectionException.class)
   public void testTestAdministratorCredentialsKDCConnectionException2() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -452,9 +440,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test
   public void testTestAdministratorCredentialsNotFound() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -485,9 +471,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
   @Test
   public void testTestAdministratorCredentialsSuccess() throws Exception {
-    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
-        .addMockedMethod(methodExecuteCommand)
-        .createNiceMock();
+    MITKerberosOperationHandler handler = createMock();
 
     expect(handler.executeCommand(anyObject(String[].class), anyObject(Map.class), anyObject(MITKerberosOperationHandler.InteractivePasswordHandler.class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
@@ -562,4 +546,21 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
     handler.testAdministratorCredentials();
     handler.close();
   }
+
+  private MITKerberosOperationHandler createMock(){
+    return createMock(false);
+  }
+
+  private MITKerberosOperationHandler createMock(boolean strict) {
+    IMockBuilder<MITKerberosOperationHandler> mockBuilder = createMockBuilder(MITKerberosOperationHandler.class)
+        .addMockedMethod(methodExecuteCommand);
+    MITKerberosOperationHandler result;
+    if(strict){
+      result = mockBuilder.createStrictMock();
+    } else {
+      result = mockBuilder.createNiceMock();
+    }
+    injector.injectMembers(result);
+    return result;
+  }
 }
\ No newline at end of file