Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C5CD9200C3D for ; Tue, 14 Mar 2017 16:10:06 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C4457160B7E; Tue, 14 Mar 2017 15:10:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BB7BA160B7C for ; Tue, 14 Mar 2017 16:10:04 +0100 (CET) Received: (qmail 60617 invoked by uid 500); 14 Mar 2017 15:10:04 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 60607 invoked by uid 99); 14 Mar 2017 15:10:03 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Mar 2017 15:10:03 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D8972DFE1E; Tue, 14 Mar 2017 15:10:03 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: rlevas@apache.org To: commits@ambari.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-20408. Atlas MetaData server start fails while granting permissions to HBase tables after unkerberizing the cluster (rlevas) Date: Tue, 14 Mar 2017 15:10:03 +0000 (UTC) archived-at: Tue, 14 Mar 2017 15:10:07 -0000 Repository: ambari Updated Branches: refs/heads/branch-2.5 a6eb31308 -> 5cd4d0ee9 AMBARI-20408. Atlas MetaData server start fails while granting permissions to HBase tables after unkerberizing the cluster (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5cd4d0ee Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5cd4d0ee Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5cd4d0ee Branch: refs/heads/branch-2.5 Commit: 5cd4d0ee987e6e37529d70037ff69e0ca6d71163 Parents: a6eb313 Author: Robert Levas Authored: Tue Mar 14 11:09:55 2017 -0400 Committer: Robert Levas Committed: Tue Mar 14 11:09:55 2017 -0400 ---------------------------------------------------------------------- .../server/controller/KerberosHelper.java | 15 +- .../server/controller/KerberosHelperImpl.java | 109 +++----- .../AbstractPrepareKerberosServerAction.java | 262 ++++++++++++------- .../PrepareDisableKerberosServerAction.java | 127 ++------- .../PrepareEnableKerberosServerAction.java | 33 ++- .../PrepareKerberosIdentitiesServerAction.java | 142 +++------- ...AbstractPrepareKerberosServerActionTest.java | 30 +-- 7 files changed, 304 insertions(+), 414 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java index 35235db..d000571 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java @@ -18,6 +18,12 @@ package org.apache.ambari.server.controller; +import java.io.IOException; +import java.util.Collection; +import java.util.List; +import java.util.Map; +import java.util.Set; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.controller.internal.RequestStageContainer; import org.apache.ambari.server.security.credential.PrincipalKeyCredential; @@ -33,12 +39,6 @@ import org.apache.ambari.server.state.kerberos.KerberosConfigurationDescriptor; import org.apache.ambari.server.state.kerberos.KerberosDescriptor; import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor; -import java.io.IOException; -import java.util.Collection; -import java.util.List; -import java.util.Map; -import java.util.Set; - public interface KerberosHelper { /** * directive used to override the behavior of the kerberos-env/manage_identities property @@ -293,8 +293,6 @@ public interface KerberosHelper { * @param existingConfigurations the cluster's existing configurations * @param kerberosConfigurations the configuration updates to make * @param propertiesToIgnore the configuration properties that should be ignored when applying recommendations - * @param propertiesToInsert the configuration properties that must be inserted to cluster config are inserted - * into this map in case if provided (not null) and kerberosEnabled = false * @param propertiesToRemove the configuration properties that must be removed from cluster config are inserted * into this map in case if provided (not null) and kerberosEnabled * @param kerberosEnabled true if kerberos is (to be) enabled; otherwise false @@ -305,7 +303,6 @@ public interface KerberosHelper { Map> existingConfigurations, Map> kerberosConfigurations, Map> propertiesToIgnore, - Map> propertiesToInsert, Map> propertiesToRemove, boolean kerberosEnabled) throws AmbariException; http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java index c2fde46..4975e72 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java @@ -364,7 +364,7 @@ public class KerberosHelperImpl implements KerberosHelper { // If Ambari is managing it own identities then add AMBARI to the set of installed servcie so // that its Kerberos descriptor entries will be included. - if(createAmbariIdentities(existingConfigurations.get("kerberos-env"))) { + if (createAmbariIdentities(existingConfigurations.get("kerberos-env"))) { installedServices = new HashMap>(installedServices); installedServices.put("AMBARI", Collections.singleton("AMBARI_SERVER")); } @@ -415,7 +415,7 @@ public class KerberosHelperImpl implements KerberosHelper { return (applyStackAdvisorUpdates) ? applyStackAdvisorUpdates(cluster, installedServices.keySet(), configurations, kerberosConfigurations, propertiesToIgnore, - null, new HashMap>(), kerberosEnabled) + new HashMap>(), kerberosEnabled) : kerberosConfigurations; } @@ -473,7 +473,6 @@ public class KerberosHelperImpl implements KerberosHelper { Map> existingConfigurations, Map> kerberosConfigurations, Map> propertiesToIgnore, - Map> propertiesToInsert, Map> propertiesToRemove, boolean kerberosEnabled) throws AmbariException { @@ -564,14 +563,12 @@ public class KerberosHelperImpl implements KerberosHelper { Map kerberosConfigProperties = kerberosConfigurations.get(configType); Set ignoreProperties = (propertiesToIgnore == null) ? null : propertiesToIgnore.get(configType); - addRecommendedPropertiesForConfigType(kerberosEnabled, kerberosConfigurations, configType, - recommendedConfigProperties, - existingConfigProperties, kerberosConfigProperties, ignoreProperties, propertiesToInsert); + addRecommendedPropertiesForConfigType(kerberosConfigurations, configType, recommendedConfigProperties, + existingConfigProperties, kerberosConfigProperties, ignoreProperties); + if (recommendedConfigPropertyAttributes != null) { - removeRecommendedPropertiesForConfigType(kerberosEnabled, configType, - recommendedConfigPropertyAttributes, - existingConfigProperties, - kerberosConfigurations, ignoreProperties, propertiesToRemove); + removeRecommendedPropertiesForConfigType(configType, recommendedConfigPropertyAttributes, + existingConfigProperties, kerberosConfigurations, ignoreProperties, propertiesToRemove); } } } @@ -585,71 +582,46 @@ public class KerberosHelperImpl implements KerberosHelper { } /* - * Recommended property will be added to kerberosConfigurations if kerberosEnabled or to propertiesToInsert - * otherwise. + * Recommended property will be updated in or added to kerberosConfigurationS. */ - private void addRecommendedPropertiesForConfigType(boolean kerberosEnabled, Map> kerberosConfigurations, + private void addRecommendedPropertiesForConfigType(Map> kerberosConfigurations, String configType, Map recommendedConfigProperties, Map existingConfigProperties, Map kerberosConfigProperties, - Set ignoreProperties, - Map> propertiesToInsert) { + Set ignoreProperties) { for (Map.Entry property : recommendedConfigProperties.entrySet()) { String propertyName = property.getKey(); if ((ignoreProperties == null) || !ignoreProperties.contains(propertyName)) { String recommendedValue = property.getValue(); - if (kerberosEnabled) { - if (kerberosConfigProperties == null) { - // There is no explicit update for this property from the Kerberos Descriptor... - // add the config and property if it also does not exist in the existing configurations - if ((existingConfigProperties == null) || !existingConfigProperties.containsKey(propertyName)) { - LOG.debug("Adding Kerberos configuration based on StackAdvisor recommendation:" + - "\n\tConfigType: {}\n\tProperty: {}\n\tValue: {}", - configType, propertyName, recommendedValue); - - HashMap properties = new HashMap(); - properties.put(propertyName, recommendedValue); - kerberosConfigurations.put(configType, properties); - } - } else { - String value = kerberosConfigProperties.get(propertyName); - if (value == null) { - // There is no explicit update for this property from the Kerberos Descriptor... - // add the property if it also does not exist in the existing configurations - if ((existingConfigProperties == null) || !existingConfigProperties.containsKey(propertyName)) { - LOG.debug("Adding Kerberos configuration based on StackAdvisor recommendation:" + - "\n\tConfigType: {}\n\tProperty: {}\n\tValue: {}", - configType, propertyName, recommendedValue); - - kerberosConfigProperties.put(propertyName, recommendedValue); - } - } else if (!value.equals(recommendedValue)) { - // If the recommended value is a change, automatically change it. - LOG.debug("Updating Kerberos configuration based on StackAdvisor recommendation:" + - "\n\tConfigType: {}\n\tProperty: {}\n\tOld Value: {}\n\tNew Value: {}", - configType, propertyName, value, recommendedValue); - kerberosConfigProperties.put(propertyName, recommendedValue); + if ((kerberosConfigProperties == null) || !kerberosConfigProperties.containsKey(propertyName)) { + // There is no explicit update for this property from the Kerberos Descriptor... + // add the config and property if it also does not exist in the existing configurations + if ((existingConfigProperties == null) || !existingConfigProperties.containsKey(propertyName)) { + LOG.debug("Adding Kerberos configuration based on StackAdvisor recommendation:" + + "\n\tConfigType: {}\n\tProperty: {}\n\tValue: {}", + configType, propertyName, recommendedValue); + + if(kerberosConfigProperties == null) { + kerberosConfigProperties = new HashMap(); + kerberosConfigurations.put(configType, kerberosConfigProperties); } + + kerberosConfigProperties.put(propertyName, recommendedValue); } - } else if (propertiesToInsert != null && ((existingConfigProperties == null) || !existingConfigProperties - .containsKey(propertyName))) { - Map properties = propertiesToInsert.get(configType); - if (properties == null) { - properties = new HashMap<>(); - propertiesToInsert.put(configType, properties); + } else { + String value = kerberosConfigProperties.get(propertyName); + if ((value == null) ? (recommendedValue != null) : !value.equals(recommendedValue)) { + // If the recommended value is a change, automatically change it. + LOG.debug("Updating Kerberos configuration based on StackAdvisor recommendation:" + + "\n\tConfigType: {}\n\tProperty: {}\n\tOld Value: {}\n\tNew Value: {}", + configType, propertyName, (value == null) ? "" : value, (recommendedValue == null) ? "" : recommendedValue); + + kerberosConfigProperties.put(propertyName, recommendedValue); } - - LOG.debug("Property to add to configuration based on StackAdvisor recommendation:" + - "\n\tConfigType: {}\n\tProperty: {}\n\tValue: {}", - configType, propertyName, recommendedValue); - - properties.put(propertyName, recommendedValue); } - - } } } @@ -657,14 +629,14 @@ public class KerberosHelperImpl implements KerberosHelper { /** * If property is marked with delete flag in recommendedConfigPropertyAttributes map and is not found in * ignoreProperties, nor in kerberosConfigProperties but exits in existingConfigProperties add to - * propertiesToRemove map if kerberosEnabled or kerberosConfigurations otherwise. + * propertiesToRemove map. */ - private void removeRecommendedPropertiesForConfigType(boolean kerberosEnabled, String configType, + private void removeRecommendedPropertiesForConfigType(String configType, Map recommendedConfigPropertyAttributes, Map existingConfigProperties, Map> kerberosConfigurations, - Set ignoreProperties, Map> - propertiesToRemove) { + Set ignoreProperties, + Map> propertiesToRemove) { for (Map.Entry property : recommendedConfigPropertyAttributes.entrySet()) { String propertyName = property.getKey(); @@ -681,7 +653,7 @@ public class KerberosHelperImpl implements KerberosHelper { configType, propertyName); // kerberosEnabled add property to propertiesToRemove, otherwise to kerberosConfigurations map - if (kerberosEnabled && propertiesToRemove != null) { + if (propertiesToRemove != null) { Set properties = propertiesToRemove.get(configType); if (properties == null) { properties = new HashSet(); @@ -2442,9 +2414,10 @@ public class KerberosHelperImpl implements KerberosHelper { * services * @param componentName the name of a component for which to find results, null indicates all * components - * @param kerberosDescriptor the relevant Kerberos Descriptor @return a list of KerberosIdentityDescriptors representing the active identities for the - * requested service component + * @param kerberosDescriptor the relevant Kerberos Descriptor * @param filterContext the context to use for filtering identities based on the state of the cluster + * @return a list of KerberosIdentityDescriptors representing the active identities for the + * requested service component * @throws AmbariException if an error occurs processing the cluster's active identities */ private List getActiveIdentities(Cluster cluster, @@ -3278,6 +3251,8 @@ public class KerberosHelperImpl implements KerberosHelper { commandParameters.put(KerberosServerAction.UPDATE_CONFIGURATION_NOTE, "Enabling Kerberos"); commandParameters.put(KerberosServerAction.UPDATE_CONFIGURATIONS, "true"); commandParameters.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm()); + commandParameters.put(KerberosServerAction.INCLUDE_AMBARI_IDENTITY, (kerberosDetails.createAmbariPrincipal()) ? "true" : "false"); + if (dataDirectory != null) { commandParameters.put(KerberosServerAction.DATA_DIRECTORY, dataDirectory.getAbsolutePath()); } http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java index 7a2fa40..7824019 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java @@ -18,8 +18,17 @@ package org.apache.ambari.server.serveraction.kerberos; -import com.google.common.reflect.TypeToken; -import com.google.inject.Inject; +import java.io.File; +import java.io.IOException; +import java.lang.reflect.Type; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.agent.CommandReport; import org.apache.ambari.server.controller.KerberosHelper; @@ -33,16 +42,8 @@ import org.apache.ambari.server.utils.StageUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.File; -import java.io.IOException; -import java.lang.reflect.Type; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; +import com.google.common.reflect.TypeToken; +import com.google.inject.Inject; public abstract class AbstractPrepareKerberosServerAction extends KerberosServerAction { private final static Logger LOG = LoggerFactory.getLogger(AbstractPrepareKerberosServerAction.class); @@ -56,23 +57,30 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer @Inject private KerberosIdentityDataFileWriterFactory kerberosIdentityDataFileWriterFactory; + @Inject + private KerberosConfigDataFileWriterFactory kerberosConfigDataFileWriterFactory; + @Override protected CommandReport processIdentity(Map identityRecord, String evaluatedPrincipal, KerberosOperationHandler operationHandler, Map kerberosConfiguration, Map requestSharedDataContext) throws AmbariException { throw new UnsupportedOperationException(); } - protected void processServiceComponentHosts(Cluster cluster, KerberosDescriptor kerberosDescriptor, List schToProcess, - Collection identityFilter, String dataDirectory, - Map> kerberosConfigurations, - Map> propertiesToInsert, - Map> propertiesToRemove, - boolean kerberosEnabled, boolean includeAmbariIdentity) throws - AmbariException { + KerberosHelper getKerberosHelper() { + return kerberosHelper; + } + + void processServiceComponentHosts(Cluster cluster, KerberosDescriptor kerberosDescriptor, + List schToProcess, + Collection identityFilter, String dataDirectory, + Map> currentConfigurations, + Map> kerberosConfigurations, + boolean includeAmbariIdentity, + Map> propertiesToBeIgnored) throws AmbariException { actionLog.writeStdOut("Processing Kerberos identities and configurations"); if (!schToProcess.isEmpty()) { - if(dataDirectory == null) { + if (dataDirectory == null) { String message = "The data directory has not been set. Generated data can not be stored."; LOG.error(message); throw new AmbariException(message); @@ -81,16 +89,11 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer // Create the file used to store details about principals and keytabs to create File identityDataFile = new File(dataDirectory, KerberosIdentityDataFileWriter.DATA_FILE_NAME); - Map kerberosDescriptorProperties = kerberosDescriptor.getProperties(); KerberosIdentityDataFileWriter kerberosIdentityDataFileWriter; - // Calculate the current host-specific configurations. These will be used to replace - // variables within the Kerberos descriptor data - Map> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptorProperties); - // Create the context to use for filtering Kerberos Identities based on the state of the cluster Map filterContext = new HashMap(); - filterContext.put("configurations", configurations); + filterContext.put("configurations", currentConfigurations); filterContext.put("services", cluster.getServices().keySet()); actionLog.writeStdOut(String.format("Writing Kerberos identity data metadata file to %s", identityDataFile.getAbsolutePath())); @@ -105,80 +108,76 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer } try { - Set services = cluster.getServices().keySet(); Map> propertiesToIgnore = null; - try { + // Iterate over the components installed on the current host to get the service and + // component-level Kerberos descriptors in order to determine which principals, + // keytab files, and configurations need to be created or updated. + for (ServiceComponentHost sch : schToProcess) { + String hostName = sch.getHostName(); - // Iterate over the components installed on the current host to get the service and - // component-level Kerberos descriptors in order to determine which principals, - // keytab files, and configurations need to be created or updated. - for (ServiceComponentHost sch : schToProcess) { - String hostName = sch.getHostName(); + String serviceName = sch.getServiceName(); + String componentName = sch.getServiceComponentName(); - String serviceName = sch.getServiceName(); - String componentName = sch.getServiceComponentName(); + KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(serviceName); - KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(serviceName); + if (serviceDescriptor != null) { + List serviceIdentities = serviceDescriptor.getIdentities(true, filterContext); - if (serviceDescriptor != null) { - List serviceIdentities = serviceDescriptor.getIdentities(true, filterContext); + // Add service-level principals (and keytabs) + kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, serviceIdentities, + identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations); + propertiesToIgnore = gatherPropertiesToIgnore(serviceIdentities, propertiesToIgnore); - // Add service-level principals (and keytabs) - kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, serviceIdentities, - identityFilter, hostName, serviceName, componentName, kerberosConfigurations, configurations); - propertiesToIgnore = gatherPropertiesToIgnore(serviceIdentities, propertiesToIgnore); + KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName); - KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName); + if (componentDescriptor != null) { + List componentIdentities = componentDescriptor.getIdentities(true, filterContext); - if (componentDescriptor != null) { - List componentIdentities = componentDescriptor.getIdentities(true, filterContext); + // Calculate the set of configurations to update and replace any variables + // using the previously calculated Map of configurations for the host. + kerberosHelper.mergeConfigurations(kerberosConfigurations, + componentDescriptor.getConfigurations(true), currentConfigurations); - // Calculate the set of configurations to update and replace any variables - // using the previously calculated Map of configurations for the host. - kerberosHelper.mergeConfigurations(kerberosConfigurations, - componentDescriptor.getConfigurations(true), configurations); - - // Add component-level principals (and keytabs) - kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities, - identityFilter, hostName, serviceName, componentName, kerberosConfigurations, configurations); - propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); - } + // Add component-level principals (and keytabs) + kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities, + identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations); + propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); } } + } - // Add ambari-server identities only if 'kerberos-env.create_ambari_principal = true' - if (includeAmbariIdentity && kerberosHelper.createAmbariIdentities(configurations.get("kerberos-env"))) { - List ambariIdentities = kerberosHelper.getAmbariServerIdentities(kerberosDescriptor); - - if (!ambariIdentities.isEmpty()) { - for (KerberosIdentityDescriptor identity : ambariIdentities) { - // If the identity represents the ambari-server user, use the component name "AMBARI_SERVER_SELF" - // so it can be distinguished between other identities related to the AMBARI-SERVER - // component. - String componentName = KerberosHelper.AMBARI_SERVER_KERBEROS_IDENTITY_NAME.equals(identity.getName()) - ? "AMBARI_SERVER_SELF" - : "AMBARI_SERVER"; - - List componentIdentities = Collections.singletonList(identity); - kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities, - identityFilter, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, configurations); - propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); - } + // Add ambari-server identities only if 'kerberos-env.create_ambari_principal = true' + if (includeAmbariIdentity && kerberosHelper.createAmbariIdentities(currentConfigurations.get("kerberos-env"))) { + List ambariIdentities = kerberosHelper.getAmbariServerIdentities(kerberosDescriptor); + + if (!ambariIdentities.isEmpty()) { + for (KerberosIdentityDescriptor identity : ambariIdentities) { + // If the identity represents the ambari-server user, use the component name "AMBARI_SERVER_SELF" + // so it can be distinguished between other identities related to the AMBARI-SERVER + // component. + String componentName = KerberosHelper.AMBARI_SERVER_KERBEROS_IDENTITY_NAME.equals(identity.getName()) + ? "AMBARI_SERVER_SELF" + : "AMBARI_SERVER"; + + List componentIdentities = Collections.singletonList(identity); + kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities, + identityFilter, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations); + propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); } } - } catch (IOException e) { - String message = String.format("Failed to write index file - %s", identityDataFile.getAbsolutePath()); - LOG.error(message, e); - actionLog.writeStdOut(message); - actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); - throw new AmbariException(message, e); } - kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations, - propertiesToIgnore, propertiesToInsert, propertiesToRemove, kerberosEnabled); - } - finally { + if ((propertiesToBeIgnored != null) && (propertiesToIgnore != null)) { + propertiesToBeIgnored.putAll(propertiesToIgnore); + } + } catch (IOException e) { + String message = String.format("Failed to write index file - %s", identityDataFile.getAbsolutePath()); + LOG.error(message, e); + actionLog.writeStdOut(message); + actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); + throw new AmbariException(message, e); + } finally { if (kerberosIdentityDataFileWriter != null) { // Make sure the data file is closed try { @@ -200,8 +199,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer if(serializedValue != null) { Type type = new TypeToken>>() {}.getType(); return StageUtils.getGson().fromJson(serializedValue, type); - } - else { + } else { return null; } } @@ -212,8 +210,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer if(serializedValue != null) { Type type = new TypeToken>() {}.getType(); return StageUtils.getGson().fromJson(serializedValue, type); - } - else { + } else { return null; } } @@ -224,17 +221,16 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer if(serializedValue != null) { Type type = new TypeToken>() {}.getType(); return StageUtils.getGson().fromJson(serializedValue, type); - } - else { + } else { return null; } } private Map> gatherPropertiesToIgnore(List identities, Map> propertiesToIgnore) { - Map> identityConfigurations = kerberosHelper.getIdentityConfigurations(identities); + Map> identityConfigurations = kerberosHelper.getIdentityConfigurations(identities); if ((identityConfigurations != null) && !identityConfigurations.isEmpty()) { - if(propertiesToIgnore == null) { + if (propertiesToIgnore == null) { propertiesToIgnore = new HashMap>(); } @@ -255,4 +251,88 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer return propertiesToIgnore; } + + /** + * Processes configuration changes to determine if any work needs to be done. + *

+ * If work is to be done, a data file containing the details is created so it they changes may be + * processed in the appropriate stage. + * + * @param dataDirectory the directory in which to write the configuration changes data file + * @param kerberosConfigurations the Kerberos-specific configuration map + * @param propertiesToBeRemoved a map of properties to be removed from the current configuration, + * grouped by configuration type. + * @throws AmbariException + */ + protected void processConfigurationChanges(String dataDirectory, + Map> kerberosConfigurations, + Map> propertiesToBeRemoved) + throws AmbariException { + actionLog.writeStdOut("Determining configuration changes"); + + // If there are configurations to set, create a (temporary) data file to store the configuration + // updates and fill it will the relevant configurations. + if (!kerberosConfigurations.isEmpty()) { + if (dataDirectory == null) { + String message = "The data directory has not been set. Generated data can not be stored."; + LOG.error(message); + throw new AmbariException(message); + } + + File configFile = new File(dataDirectory, KerberosConfigDataFileWriter.DATA_FILE_NAME); + KerberosConfigDataFileWriter kerberosConfDataFileWriter = null; + + actionLog.writeStdOut(String.format("Writing configuration changes metadata file to %s", configFile.getAbsolutePath())); + try { + kerberosConfDataFileWriter = kerberosConfigDataFileWriterFactory.createKerberosConfigDataFileWriter(configFile); + // add properties to be set + for (Map.Entry> entry : kerberosConfigurations.entrySet()) { + String type = entry.getKey(); + Map properties = entry.getValue(); + + if (properties != null) { + for (Map.Entry configTypeEntry : properties.entrySet()) { + kerberosConfDataFileWriter.addRecord(type, + configTypeEntry.getKey(), + configTypeEntry.getValue(), + KerberosConfigDataFileWriter.OPERATION_TYPE_SET); + } + } + } + // add properties to be removed + if (propertiesToBeRemoved != null) { + for (Map.Entry> entry : propertiesToBeRemoved.entrySet()) { + String type = entry.getKey(); + Set properties = entry.getValue(); + + if (properties != null) { + for (String property : properties) { + kerberosConfDataFileWriter.addRecord(type, + property, + "", + KerberosConfigDataFileWriter.OPERATION_TYPE_REMOVE); + } + } + } + } + } catch (IOException e) { + String message = String.format("Failed to write kerberos configurations file - %s", configFile.getAbsolutePath()); + LOG.error(message, e); + actionLog.writeStdOut(message); + actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); + throw new AmbariException(message, e); + } finally { + if (kerberosConfDataFileWriter != null) { + try { + kerberosConfDataFileWriter.close(); + } catch (IOException e) { + String message = "Failed to close the kerberos configurations file writer"; + LOG.warn(message, e); + actionLog.writeStdOut(message); + actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); + } + } + } + } + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java index 5c56588..e0d16af 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java @@ -18,7 +18,15 @@ package org.apache.ambari.server.serveraction.kerberos; -import com.google.inject.Inject; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentMap; +import java.util.regex.Matcher; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; @@ -33,16 +41,7 @@ import org.apache.ambari.server.state.kerberos.KerberosDescriptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.File; -import java.io.IOException; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentMap; -import java.util.regex.Matcher; +import com.google.inject.Inject; /** * PrepareEnableKerberosServerAction is a ServerAction implementation that prepares metadata needed @@ -51,19 +50,9 @@ import java.util.regex.Matcher; public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosServerAction { private final static Logger LOG = LoggerFactory.getLogger(PrepareDisableKerberosServerAction.class); - /** - * KerberosHelper - */ - @Inject - private KerberosHelper kerberosHelper; - @Inject private ConfigHelper configHelper; - @Inject - private KerberosConfigDataFileWriterFactory kerberosConfigDataFileWriterFactory; - - /** * Called to execute this action. Upon invocation, calls * {@link KerberosServerAction#processIdentities(Map)} @@ -87,6 +76,8 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS throw new AmbariException("Missing cluster object"); } + KerberosHelper kerberosHelper = getKerberosHelper(); + KerberosDescriptor kerberosDescriptor = kerberosHelper.getKerberosDescriptor(cluster); Collection identityFilter = getIdentityFilter(); List schToProcess = kerberosHelper.getServiceComponentHostsToProcess(cluster, @@ -96,7 +87,7 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS new KerberosHelper.Command() { @Override public Boolean invoke(ServiceComponentHost sch) throws AmbariException { - return (sch.getDesiredSecurityState() == SecurityState.UNSECURED) && (sch.getSecurityState() != SecurityState.UNSECURED); + return (sch.getDesiredSecurityState() == SecurityState.UNSECURED) && (sch.getSecurityState() != SecurityState.UNSECURED); } }); @@ -113,13 +104,21 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS actionLog.writeStdOut(String.format("Processing %d components", schCount)); } - Map> propertiesToInsert = new HashMap<>(); + Map kerberosDescriptorProperties = kerberosDescriptor.getProperties(); + Set services = cluster.getServices().keySet(); + boolean includeAmbariIdentity = "true".equalsIgnoreCase(getCommandParameterValue(commandParameters, KerberosServerAction.INCLUDE_AMBARI_IDENTITY)); + Map> propertiesToIgnore = new HashMap<>(); + + // Calculate the current host-specific configurations. These will be used to replace + // variables within the Kerberos descriptor data + Map> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptorProperties); + processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - kerberosConfigurations, propertiesToInsert, null, false, true); + configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore); // Add auth-to-local configurations to the set of changes Set authToLocalProperties = kerberosDescriptor.getAllAuthToLocalProperties(); - if(authToLocalProperties != null) { + if (authToLocalProperties != null) { for (String authToLocalProperty : authToLocalProperties) { Matcher m = KerberosDescriptor.AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher(authToLocalProperty); @@ -152,15 +151,13 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS // If there are configurations to set, create a (temporary) data file to store the configuration // updates and fill it will the relevant configurations. if (!kerberosConfigurations.isEmpty()) { - if(dataDirectory == null) { + if (dataDirectory == null) { String message = "The data directory has not been set. Generated data can not be stored."; LOG.error(message); throw new AmbariException(message); } - Map> configurationsToRemove = new HashMap>(); - File configFile = new File(dataDirectory, KerberosConfigDataFileWriter.DATA_FILE_NAME); - KerberosConfigDataFileWriter kerberosConfDataFileWriter = null; + Map> configurationsToRemove = new HashMap>(); // Fill the configurationsToRemove map with all Kerberos-related configurations. Values // needed to be kept will have new values from the stack definition and thus pruned from @@ -173,21 +170,6 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS // or properties and the logic below will remove all from this set - which is not desirable. configurationsToRemove.remove("cluster-env"); - // Update kerberosConfigurations with properties recommended by stack advisor - for (Map.Entry> typeEntry : propertiesToInsert.entrySet()) { - String configType = typeEntry.getKey(); - Map propertiesMap = typeEntry.getValue(); - - Map kerberosPropertiesMap = kerberosConfigurations.get(configType); - if (kerberosPropertiesMap == null) { - kerberosConfigurations.put(configType, propertiesMap); - } else { - for (Map.Entry propertyEntry : propertiesMap.entrySet()) { - kerberosPropertiesMap.put(propertyEntry.getKey(), propertyEntry.getValue()); - } - } - } - if (!schToProcess.isEmpty()) { Set visitedServices = new HashSet(); @@ -228,61 +210,10 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS } } - actionLog.writeStdOut(String.format("Writing configuration changes metadata file to %s", configFile.getAbsolutePath())); - try { - kerberosConfDataFileWriter = kerberosConfigDataFileWriterFactory.createKerberosConfigDataFileWriter(configFile); - - for (Map.Entry> entry : kerberosConfigurations.entrySet()) { - String type = entry.getKey(); - Map properties = entry.getValue(); - Collection propertiesToRemove = configurationsToRemove.get(type); - - if (properties != null) { - for (Map.Entry configTypeEntry : properties.entrySet()) { - String propertyName = configTypeEntry.getKey(); - - // Ignore properties that should be removed - if ((propertiesToRemove == null) || !propertiesToRemove.contains(propertyName)) { - String value = configTypeEntry.getValue(); - String operation = (value == null) - ? KerberosConfigDataFileWriter.OPERATION_TYPE_REMOVE - : KerberosConfigDataFileWriter.OPERATION_TYPE_SET; + kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations, + propertiesToIgnore, configurationsToRemove, false); - kerberosConfDataFileWriter.addRecord(type, propertyName, value, operation); - } - } - } - } - - // Declare which properties to remove from the configurations - for (Map.Entry> entry : configurationsToRemove.entrySet()) { - String type = entry.getKey(); - Collection properties = entry.getValue(); - - if (properties != null) { - for (String propertyName : properties) { - kerberosConfDataFileWriter.addRecord(type, propertyName, null, KerberosConfigDataFileWriter.OPERATION_TYPE_REMOVE); - } - } - } - } catch (IOException e) { - String message = String.format("Failed to write kerberos configurations file - %s", configFile.getAbsolutePath()); - LOG.error(message, e); - actionLog.writeStdOut(message); - actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); - throw new AmbariException(message, e); - } finally { - if (kerberosConfDataFileWriter != null) { - try { - kerberosConfDataFileWriter.close(); - } catch (IOException e) { - String message = "Failed to close the kerberos configurations file writer"; - LOG.warn(message, e); - actionLog.writeStdOut(message); - actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); - } - } - } + processConfigurationChanges(dataDirectory, kerberosConfigurations, configurationsToRemove); } return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr()); http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java index 70b7135..ed01633 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java @@ -18,6 +18,13 @@ package org.apache.ambari.server.serveraction.kerberos; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentMap; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; @@ -26,13 +33,6 @@ import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.ambari.server.state.kerberos.KerberosDescriptor; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentMap; - /** * PrepareEnableKerberosServerAction is a ServerAction implementation that prepares metadata needed * to enable Kerberos on the cluster. @@ -79,9 +79,22 @@ public class PrepareEnableKerberosServerAction extends PrepareKerberosIdentities actionLog.writeStdOut(String.format("Processing %d components", schCount)); } - Map> propertiesToBeRemoved = new HashMap<>(); + KerberosHelper kerberosHelper = getKerberosHelper(); + Map kerberosDescriptorProperties = kerberosDescriptor.getProperties(); + Map> propertiesToRemove = new HashMap<>(); + Map> propertiesToIgnore = new HashMap<>(); + Set services = cluster.getServices().keySet(); + + // Calculate the current host-specific configurations. These will be used to replace + // variables within the Kerberos descriptor data + Map> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptorProperties); + processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - kerberosConfigurations, null, propertiesToBeRemoved, true, true); + configurations, kerberosConfigurations, true, propertiesToIgnore); + + kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations, + propertiesToIgnore, propertiesToRemove, true); + processAuthToLocalRules(cluster, kerberosDescriptor, schToProcess, kerberosConfigurations, getDefaultRealm(commandParameters)); // Ensure the cluster-env/security_enabled flag is set properly @@ -92,7 +105,7 @@ public class PrepareEnableKerberosServerAction extends PrepareKerberosIdentities } clusterEnvProperties.put(KerberosHelper.SECURITY_ENABLED_PROPERTY_NAME, "true"); - processConfigurationChanges(dataDirectory, kerberosConfigurations, propertiesToBeRemoved); + processConfigurationChanges(dataDirectory, kerberosConfigurations, propertiesToRemove); return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr()); } http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java index f48b5ef..9935844 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java @@ -18,7 +18,14 @@ package org.apache.ambari.server.serveraction.kerberos; -import com.google.inject.Inject; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentMap; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; @@ -29,16 +36,6 @@ import org.apache.ambari.server.state.kerberos.KerberosDescriptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.File; -import java.io.IOException; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentMap; - /** * PrepareKerberosIdentitiesServerAction is a ServerAction implementation that prepares metadata needed * to process Kerberos identities (principals and keytabs files). @@ -47,15 +44,6 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber private final static Logger LOG = LoggerFactory.getLogger(PrepareKerberosIdentitiesServerAction.class); /** - * KerberosHelper - */ - @Inject - private KerberosHelper kerberosHelper; - - @Inject - private KerberosConfigDataFileWriterFactory kerberosConfigDataFileWriterFactory; - - /** * Called to execute this action. Upon invocation, calls * {@link KerberosServerAction#processIdentities(Map)} * to iterate through the Kerberos identity metadata and call @@ -95,14 +83,26 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber actionLog.writeStdOut(String.format("Processing %d components", schCount)); } - Map> propertiesToBeRemoved = new HashMap<>(); + KerberosHelper kerberosHelper = getKerberosHelper(); + Map kerberosDescriptorProperties = kerberosDescriptor.getProperties(); + Set services = cluster.getServices().keySet(); + Map> propertiesToRemove = new HashMap<>(); + Map> propertiesToIgnore = new HashMap<>(); + boolean includeAmbariIdentity = "true".equalsIgnoreCase(getCommandParameterValue(commandParameters, KerberosServerAction.INCLUDE_AMBARI_IDENTITY)); + + // Calculate the current host-specific configurations. These will be used to replace + // variables within the Kerberos descriptor data + Map> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptorProperties); + processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - kerberosConfigurations, null, propertiesToBeRemoved, true, "true".equalsIgnoreCase(getCommandParameterValue(commandParameters, - KerberosServerAction.INCLUDE_AMBARI_IDENTITY))); + configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore); + + kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations, + propertiesToIgnore, propertiesToRemove, true); if ("true".equalsIgnoreCase(getCommandParameterValue(commandParameters, UPDATE_CONFIGURATIONS))) { processAuthToLocalRules(cluster, kerberosDescriptor, schToProcess, kerberosConfigurations, getDefaultRealm(commandParameters)); - processConfigurationChanges(dataDirectory, kerberosConfigurations, propertiesToBeRemoved); + processConfigurationChanges(dataDirectory, kerberosConfigurations, propertiesToRemove); } return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr()); @@ -134,7 +134,7 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber KerberosDescriptor kerberosDescriptor, Collection identityFilter) throws AmbariException { - return kerberosHelper.getServiceComponentHostsToProcess(cluster, + return getKerberosHelper().getServiceComponentHostsToProcess(cluster, kerberosDescriptor, getServiceComponentFilter(), getHostFilter(), identityFilter, @@ -156,7 +156,7 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber */ protected KerberosDescriptor getKerberosDescriptor(Cluster cluster) throws AmbariException { - return kerberosHelper.getKerberosDescriptor(cluster); + return getKerberosHelper().getKerberosDescriptor(cluster); } /** @@ -179,10 +179,10 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber if (!schToProcess.isEmpty()) { actionLog.writeStdOut("Creating auth-to-local rules"); - Map> services = new HashMap>(); - for(ServiceComponentHost sch: schToProcess) { + Map> services = new HashMap>(); + for (ServiceComponentHost sch : schToProcess) { Set components = services.get(sch.getServiceName()); - if(components == null) { + if (components == null) { components = new HashSet(); services.put(sch.getServiceName(), components); } @@ -190,93 +190,11 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber components.add(sch.getServiceComponentName()); } + KerberosHelper kerberosHelper = getKerberosHelper(); kerberosHelper.setAuthToLocalRules(kerberosDescriptor, defaultRealm, services, kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor.getProperties()), kerberosConfigurations); } } - - /** - * Processes configuration changes to determine if any work needs to be done. - *

- * If work is to be done, a data file containing the details is created so it they changes may be - * processed in the appropriate stage. - * - * @param dataDirectory the directory in which to write the configuration changes data file - * @param kerberosConfigurations the Kerberos-specific configuration map - * @param propertiesToBeRemoved - * @throws AmbariException - */ - protected void processConfigurationChanges(String dataDirectory, - Map> kerberosConfigurations, - Map> propertiesToBeRemoved) - throws AmbariException { - actionLog.writeStdOut("Determining configuration changes"); - - // If there are configurations to set, create a (temporary) data file to store the configuration - // updates and fill it will the relevant configurations. - if (!kerberosConfigurations.isEmpty()) { - if (dataDirectory == null) { - String message = "The data directory has not been set. Generated data can not be stored."; - LOG.error(message); - throw new AmbariException(message); - } - - File configFile = new File(dataDirectory, KerberosConfigDataFileWriter.DATA_FILE_NAME); - KerberosConfigDataFileWriter kerberosConfDataFileWriter = null; - - actionLog.writeStdOut(String.format("Writing configuration changes metadata file to %s", configFile.getAbsolutePath())); - try { - kerberosConfDataFileWriter = kerberosConfigDataFileWriterFactory.createKerberosConfigDataFileWriter(configFile); - // add properties to be set - for (Map.Entry> entry : kerberosConfigurations.entrySet()) { - String type = entry.getKey(); - Map properties = entry.getValue(); - - if (properties != null) { - for (Map.Entry configTypeEntry : properties.entrySet()) { - kerberosConfDataFileWriter.addRecord(type, - configTypeEntry.getKey(), - configTypeEntry.getValue(), - KerberosConfigDataFileWriter.OPERATION_TYPE_SET); - } - } - } - // add properties to be removed - if (propertiesToBeRemoved != null) { - for (Map.Entry> entry : propertiesToBeRemoved.entrySet()) { - String type = entry.getKey(); - Set properties = entry.getValue(); - - if (properties != null) { - for (String property : properties) { - kerberosConfDataFileWriter.addRecord(type, - property, - "", - KerberosConfigDataFileWriter.OPERATION_TYPE_REMOVE); - } - } - } - } - } catch (IOException e) { - String message = String.format("Failed to write kerberos configurations file - %s", configFile.getAbsolutePath()); - LOG.error(message, e); - actionLog.writeStdOut(message); - actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); - throw new AmbariException(message, e); - } finally { - if (kerberosConfDataFileWriter != null) { - try { - kerberosConfDataFileWriter.close(); - } catch (IOException e) { - String message = "Failed to close the kerberos configurations file writer"; - LOG.warn(message, e); - actionLog.writeStdOut(message); - actionLog.writeStdErr(message + "\n" + e.getLocalizedMessage()); - } - } - } - } - } } http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java index 99076bf..1942a92 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java @@ -38,10 +38,7 @@ import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor; import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor; import org.apache.ambari.server.state.kerberos.KerberosDescriptor; -import org.easymock.Capture; -import org.easymock.CaptureType; import org.easymock.EasyMock; -import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -51,8 +48,6 @@ import com.google.inject.Injector; import static org.easymock.EasyMock.anyBoolean; import static org.easymock.EasyMock.anyObject; -import static org.easymock.EasyMock.anyString; -import static org.easymock.EasyMock.capture; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.verify; @@ -114,8 +109,7 @@ public class AbstractPrepareKerberosServerActionTest { Collection identityFilter = new ArrayList<>(); Map> kerberosConfigurations = new HashMap<>(); - Map> propertiesToInsert = new HashMap<>(); - Map> propertiesToRemove = new HashMap<>(); + Map> propertiesToIgnore = new HashMap<>(); Map descriptorProperties = new HashMap<>(); Map> configurations = new HashMap<>(); @@ -128,10 +122,7 @@ public class AbstractPrepareKerberosServerActionTest { put(zookeeperService, null); }}; - Capture> serviceCapture = Capture.newInstance(CaptureType.LAST); - expect(kerberosDescriptor.getProperties()).andReturn(descriptorProperties).atLeastOnce(); - expect(kerberosHelper.calculateConfigurations((Cluster)anyObject(), anyString(), (Map)anyObject())).andReturn(configurations).atLeastOnce(); expect(kerberosIdentityDataFileWriterFactory.createKerberosIdentityDataFileWriter((File)anyObject())).andReturn(kerberosIdentityDataFileWriter); // it's important to pass a copy of clusterServices expect(cluster.getServices()).andReturn(new HashMap<>(clusterServices)).atLeastOnce(); @@ -149,16 +140,6 @@ public class AbstractPrepareKerberosServerActionTest { expect(serviceDescriptor.getComponent(hdfsComponent)).andReturn(componentDescriptor).once(); expect(componentDescriptor.getConfigurations(anyBoolean())).andReturn(null); - expect(kerberosHelper.applyStackAdvisorUpdates( - (Cluster)anyObject(), - capture(serviceCapture), - (Map>)anyObject(), - (Map>)anyObject(), - (Map>)anyObject(), - (Map>)anyObject(), - (Map>)anyObject(), - anyBoolean())).andReturn(null).atLeastOnce(); - replay(kerberosDescriptor, kerberosHelper, kerberosIdentityDataFileWriterFactory, cluster, serviceComponentHostHDFS, serviceComponentHostZK, serviceDescriptor, componentDescriptor); @@ -167,15 +148,10 @@ public class AbstractPrepareKerberosServerActionTest { serviceComponentHosts, identityFilter, "", - kerberosConfigurations, - propertiesToInsert, - propertiesToRemove, - false, false); + configurations, kerberosConfigurations, + false, propertiesToIgnore); verify(kerberosHelper); - - Set resultServices = serviceCapture.getValue(); - Assert.assertEquals(clusterServices.keySet(), resultServices); } }