You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/03/30 06:37:19 UTC
directory-kerby git commit: Add the deploy keytab in local admin tool.
Repository: directory-kerby
Updated Branches:
refs/heads/has-project 43fe4ec28 -> aab4c7409
Add the deploy keytab in local admin tool.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/aab4c740
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/aab4c740
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/aab4c740
Branch: refs/heads/has-project
Commit: aab4c74091e589dce6be98b6e687dec6a022484e
Parents: 43fe4ec
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Mar 30 14:33:25 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Mar 30 14:33:25 2018 +0800
----------------------------------------------------------------------
has/doc/has-start.md | 33 +++-
.../kerby/has/server/admin/LocalHasAdmin.java | 8 +-
.../server/hadmin/local/HadminLocalTool.java | 10 +-
.../cmd/AddPrincipalsAndDeployKeytabsCmd.java | 177 +++++++++++++++++++
4 files changed, 219 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aab4c740/has/doc/has-start.md
----------------------------------------------------------------------
diff --git a/has/doc/has-start.md b/has/doc/has-start.md
index 65589f2..5d92ae7 100644
--- a/has/doc/has-start.md
+++ b/has/doc/has-start.md
@@ -145,7 +145,9 @@ KdcInitTool: exit
## 3. Prepare for Hadoop
-### Create service principals:
+### Step by Step
+
+#### Create service principals:
```
cd HAS/has-dist
echo { \
@@ -166,7 +168,7 @@ HadminLocalTool.local: exit
```
The admin.keytab file is created by the kdcinit. In local and remote hadmin tool, you can type "?" for help.
-### Get hostRoles list:
+#### Get hostRoles list:
```
cd HAS/has-dist
// Start local or remote hadmin tool
@@ -175,7 +177,7 @@ HadminLocalTool.local: hostroles
HadminLocalTool.local: exit
```
-### Export service keytabs:
+#### Export service keytabs:
```
cd HAS/has-dist
// Start local or remote hadmin tool
@@ -184,3 +186,28 @@ sh bin/hadmin-local.sh(bin/hadmin-remote.sh) <conf_dir> -k <keytab>
HadminLocalTool.local: expkeytabs localhost
HadminLocalTool.local: exit
```
+
+### One step to create service principals, export keytabs and deploy keytabs:
+```
+cd HAS/has-dist
+echo { \
+ HOSTS: [ \
+ {"name":"<host>","hostRoles":"<role>,..., <role>"\}, \
+ ...
+ {"name":"<host>","hostRoles":"<role>,...,<role>"\} \
+ ] \
+\} > hosts.txt
+
+// Start local hadmin tool
+sh bin/hadmin-local.sh <conf_dir> -k <keytab>
+
+// deploy_keytabs [HostRoles-File] [Where-to-Deploy] [UserName] [Password]
+// Where-to-Deploy: The place to store the keytabs
+// UserName: The host user name
+// Password: The host password
+// All the hosts with the same user and password
+HadminLocalTool.local: deploy_keytabs hosts.txt /etc/has/ username password
+HadminLocalTool.local: exit
+```
+Note: The admin.keytab file is created by the kdcinit. In local hadmin tool, you can type "?" for help.
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aab4c740/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
----------------------------------------------------------------------
diff --git a/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java b/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
index 1ce5848..d948ab5 100644
--- a/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
+++ b/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
@@ -204,7 +204,7 @@ public class LocalHasAdmin implements HasAdmin {
} catch (KrbException e) {
throw new HasException(e);
}
- String releam = "/" + host + "@" + kadmin.getKdcConfig().getKdcRealm();
+ String realm = "/" + host + "@" + kadmin.getKdcConfig().getKdcRealm();
String[] princs = HostRoleType.valueOf(role).getPrincs();
if (princs == null) {
LOG.error("Cannot find the role of : " + role);
@@ -212,9 +212,9 @@ public class LocalHasAdmin implements HasAdmin {
}
for (String princ : princs) {
try {
- kadmin.addPrincipal(princ + releam);
- LOG.info("Success to add princ :" + princ + releam);
- result = result + "Success to add princ :" + princ + releam + "\n";
+ kadmin.addPrincipal(princ + realm);
+ LOG.info("Success to add princ :" + princ + realm);
+ result = result + "Success to add princ :" + princ + realm + "\n";
} catch (KrbException e) {
LOG.info(e.getMessage());
result = e.getMessage() + "\n";
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aab4c740/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
index abdb543..7e4741a 100644
--- a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
+++ b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
@@ -23,6 +23,7 @@ import org.apache.kerby.KOptions;
import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.admin.LocalHasAdmin;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.AddPrincipalCmd;
+import org.apache.kerby.has.tool.server.hadmin.local.cmd.AddPrincipalsAndDeployKeytabsCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.AddPrincipalsCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.ChangePasswordCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.DeletePrincipalCmd;
@@ -100,7 +101,9 @@ public class HadminLocalTool {
+ "enable_configure, enable\n"
+ " Enable configure\n"
+ "disable_configure, disable\n"
- + " Disable configure\n";
+ + " Disable configure\n"
+ + "deploy_keytabs, depkeytabs\n"
+ + " Deploy keytabs\n";
private static void execute(LocalHasAdmin hadmin, String input) throws HasException {
// Omit the leading and trailing whitespace.
@@ -146,9 +149,12 @@ public class HadminLocalTool {
} else if (cmd.startsWith("disable_configure")
|| cmd.startsWith("disable")) {
executor = new DisableConfigureCmd(hadmin);
- } else if (cmd.startsWith("get_principal")
+ } else if (cmd.startsWith("get_principal")
|| cmd.startsWith("getprinc")) {
executor = new GetPrincipalCmd(hadmin);
+ } else if (cmd.startsWith("deploy_keytabs")
+ || cmd.startsWith("depkeytabs")) {
+ executor = new AddPrincipalsAndDeployKeytabsCmd(hadmin);
} else {
System.out.println(LEGAL_COMMANDS);
return;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aab4c740/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/AddPrincipalsAndDeployKeytabsCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/AddPrincipalsAndDeployKeytabsCmd.java b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/AddPrincipalsAndDeployKeytabsCmd.java
new file mode 100644
index 0000000..21edf20
--- /dev/null
+++ b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/AddPrincipalsAndDeployKeytabsCmd.java
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.has.tool.server.hadmin.local.cmd;
+
+
+import com.jcraft.jsch.ChannelSftp;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import com.jcraft.jsch.SftpException;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHasAdmin;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class AddPrincipalsAndDeployKeytabsCmd extends HadminCmd {
+ private static final String USAGE
+ = "\nUsage: deploy_keytabs [HostRoles-File] [Where-to-Deploy] [UserName] [Password]\n"
+ + "\tExample:\n"
+ + "\t\tdeploy_keytabs hostroles.txt /etc/has/ username password\n";
+
+ public AddPrincipalsAndDeployKeytabsCmd(LocalHasAdmin hadmin) {
+ super(hadmin);
+ }
+
+ @Override
+ public void execute(String[] items) throws HasException {
+
+ if (items.length < 4 || items.length > 5) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ File hostfile = new File(items[1]);
+ if (!hostfile.exists()) {
+ throw new HasException("HostRoles file is not exists.");
+ }
+ String pathToDeploy = items[2];
+ String username = items[3];
+ String password = "";
+ if (items.length == 5) {
+ password = items[4];
+ }
+
+ BufferedReader reader;
+ try {
+ reader = new BufferedReader(new FileReader(hostfile));
+ } catch (FileNotFoundException e) {
+ throw new HasException("The host roles file: " + hostfile + "is not exist. " + e.getMessage());
+ }
+ StringBuilder sb = new StringBuilder();
+ String tempString;
+ try {
+ while ((tempString = reader.readLine()) != null) {
+ sb.append(tempString);
+ }
+ } catch (IOException e) {
+ throw new HasException("Failed to read file: " + e.getMessage());
+ }
+ JSONArray hostArray;
+ try {
+ hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ for (int i = 0; i < hostArray.length(); i++) {
+ JSONObject host;
+ try {
+ host = (JSONObject) hostArray.get(i);
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ String hostname;
+ try {
+ hostname = host.getString("name");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ String[] roles;
+ try {
+ roles = host.getString("hostRoles").split(",");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ List<File> keytabs = new ArrayList<>();
+ for (String role : roles) {
+ // Add principal.
+ System.out.println(getHadmin().addPrincByRole(hostname,
+ role.toUpperCase()));
+ // Export keytab
+ File keytab = new File(role + "-" + hostname + ".keytab");
+ getHadmin().getKeytabByHostAndRole(hostname, role, keytab);
+
+ keytabs.add(keytab);
+ }
+
+ JSch jsch = new JSch();
+ Session session;
+ try {
+ session = jsch.getSession(username, hostname);
+ } catch (JSchException e) {
+ throw new HasException(e.getMessage());
+ }
+ session.setPassword(password);
+
+ java.util.Properties config = new java.util.Properties();
+ config.put("StrictHostKeyChecking", "no");
+ session.setConfig(config);
+
+ ChannelSftp channel;
+ try {
+ session.connect();
+ channel = (ChannelSftp) session.openChannel("sftp");
+ channel.connect();
+ } catch (JSchException e) {
+ throw new HasException("Failed to set the session: " + e.getMessage());
+ }
+ try {
+ String path = "";
+ String[] paths = pathToDeploy.split("/");
+ for (i = 1; i < paths.length; i++) {
+ path = path + "/" + paths[i];
+
+ try {
+ channel.cd(path);
+ } catch (SftpException e) {
+ if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
+ channel.mkdir(path);
+ } else {
+ throw new HasException(e.getMessage());
+ }
+ }
+ }
+ } catch (SftpException e) {
+ throw new HasException("Failed to mkdir path: " + e.getMessage());
+ }
+
+ for (File keytab : keytabs) {
+ // Send the keytab to remote
+ try {
+ channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
+ } catch (SftpException e) {
+ throw new HasException("Failed to send the keytab file: " + keytab.getName());
+ }
+ }
+ channel.disconnect();
+ }
+ }
+}
+
+