You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by vb...@apache.org on 2015/12/01 19:20:51 UTC
ambari git commit: AMBARI-14136. OOZIE alert is present: Exception =
Could not authenticate (after upgrade from 2.1.1 to 2.1.3.0) [AD
security].(vbrodetskyi)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 52553c290 -> a9c5178c4
AMBARI-14136. OOZIE alert is present: Exception = Could not authenticate (after upgrade from 2.1.1 to 2.1.3.0) [AD security].(vbrodetskyi)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a9c5178c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a9c5178c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a9c5178c
Branch: refs/heads/branch-2.1
Commit: a9c5178c450ff5560c8d5b506e897778247c3292
Parents: 52553c2
Author: Vitaly Brodetskyi <vb...@hortonworks.com>
Authored: Tue Dec 1 17:21:45 2015 +0200
Committer: Vitaly Brodetskyi <vb...@hortonworks.com>
Committed: Tue Dec 1 17:21:45 2015 +0200
----------------------------------------------------------------------
.../package/alerts/alert_check_oozie_server.py | 35 +++++++++++++++-----
1 file changed, 27 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9c5178c/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
index db8f172..fcc2d49 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
@@ -93,18 +93,14 @@ def get_check_command(oozie_url, host_name, configurations):
return (command, None, None)
@OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
-def get_check_command(oozie_url, host_name, configurations, parameters):
+def get_check_command(oozie_url, host_name, configurations, parameters, only_kinit):
kerberos_env = None
user = USER_DEFAULT
if USER_KEY in configurations:
user = configurations[USER_KEY]
- security_enabled = False
- if SECURITY_ENABLED in configurations:
- security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
-
- if security_enabled:
+ if is_security_enabled(configurations):
# defaults
user_keytab = USER_KEYTAB_DEFAULT
user_principal = USER_PRINCIPAL_DEFAULT
@@ -136,12 +132,17 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
klist_path_local = get_klist_path(kerberos_executable_search_paths)
kinit_path_local = get_kinit_path(kerberos_executable_search_paths)
+ kinit_part_command = format("{kinit_path_local} -l 5m20s -c {ccache_file} -kt {user_keytab} {user_principal}; ")
# Determine if we need to kinit by testing to see if the relevant cache exists and has
# non-expired tickets. Tickets are marked to expire after 5 minutes to help reduce the number
# it kinits we do but recover quickly when keytabs are regenerated
- kinit_command = "{0} -s {1} || ".format(klist_path_local, ccache_file) + format("{kinit_path_local} -l 5m20s -c {ccache_file} -kt {user_keytab} {user_principal}; ")
+ if only_kinit:
+ kinit_command = kinit_part_command
+ else:
+ kinit_command = "{0} -s {1} || ".format(klist_path_local, ccache_file) + kinit_part_command
+
Execute(kinit_command, environment=kerberos_env, user=user)
# oozie configuration directory uses a symlink when > HDP 2.2
@@ -197,8 +198,19 @@ def execute(configurations={}, parameters={}, host_name=None):
if https_port is None:
oozie_url = oozie_url.replace(urlparse(oozie_url).hostname, host_name)
+ (code, msg) = get_check_result(oozie_url, host_name, configurations, parameters, False)
+
+ # sometimes real lifetime for ticket is less than we have set(5m20s aS of now)
+ # so i've added this double check with rekinit command to be sure thaT it's not problem with ticket lifetime
+ if is_security_enabled(configurations) and code == RESULT_CODE_CRITICAL:
+ (code, msg) = get_check_result(oozie_url, host_name, configurations, parameters, True)
+
+ return (code, msg)
+
+
+def get_check_result(oozie_url, host_name, configurations, parameters, only_kinit):
try:
- command, env, user = get_check_command(oozie_url, host_name, configurations, parameters)
+ command, env, user = get_check_command(oozie_url, host_name, configurations, parameters, only_kinit)
# execute the command
Execute(command, environment=env, user=user)
@@ -207,3 +219,10 @@ def execute(configurations={}, parameters={}, host_name=None):
return (RESULT_CODE_UNKNOWN, [str(ex)])
except Exception, ex:
return (RESULT_CODE_CRITICAL, [str(ex)])
+
+def is_security_enabled(configurations):
+ security_enabled = False
+ if SECURITY_ENABLED in configurations:
+ security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
+
+ return security_enabled