You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by br...@apache.org on 2022/12/01 01:59:46 UTC
[ambari] branch trunk updated: [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)
This is an automated email from the ASF dual-hosted git repository.
brahma pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 0525500e9a [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)
0525500e9a is described below
commit 0525500e9a0f8323012b75f29f67a5f9083fcd2b
Author: Yubi Lee <eu...@naver.com>
AuthorDate: Thu Dec 1 10:59:37 2022 +0900
[AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)
Signed-off-by: Brahma Reddy Battula <br...@apache.org>
---
.../kerberos/CreateKeytabFilesServerAction.java | 2 +-
.../stageutils/KerberosKeytabController.java | 36 +++++++++++++---------
2 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
index f1d546151d..8e7dea745c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
@@ -159,7 +159,7 @@ public class CreateKeytabFilesServerAction extends KerberosServerAction {
CommandReport commandReport = null;
String message = null;
- Set<ResolvedKerberosKeytab> keytabsToCreate = kerberosKeytabController.getFromPrincipal(resolvedPrincipal);
+ Set<ResolvedKerberosKeytab> keytabsToCreate = kerberosKeytabController.getFromPrincipalExceptServiceMapping(resolvedPrincipal);
KerberosPrincipalEntity principalEntity = kerberosPrincipalDAO.find(resolvedPrincipal.getPrincipal());
try {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
index 3c1c2e6cd6..653cccb908 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
@@ -91,7 +91,7 @@ public class KerberosKeytabController {
* @return found keytab or null
*/
public ResolvedKerberosKeytab getKeytabByFile(String file, boolean resolvePrincipals) {
- return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals);
+ return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals, false);
}
/**
@@ -100,7 +100,7 @@ public class KerberosKeytabController {
* @return all keytabs
*/
public Set<ResolvedKerberosKeytab> getAllKeytabs() {
- return fromKeytabEntities(kerberosKeytabDAO.findAll());
+ return fromKeytabEntities(kerberosKeytabDAO.findAll(), false);
}
/**
@@ -110,10 +110,17 @@ public class KerberosKeytabController {
* @return set of keytabs found
*/
public Set<ResolvedKerberosKeytab> getFromPrincipal(ResolvedKerberosPrincipal rkp) {
- List<KerberosKeytabEntity> keytabs = kerberosKeytabDAO.findByPrincipalAndHost(
- rkp.getPrincipal(), rkp.getHostId());
+ return fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), rkp.getHostId()), false);
+ }
- return fromKeytabEntities(keytabs);
+ /**
+ * Returns all keytabs that contains given principal without service mapping.
+ *
+ * @param rkp principal to filter keytabs by
+ * @return set of keytabs found
+ */
+ public Set<ResolvedKerberosKeytab> getFromPrincipalExceptServiceMapping(ResolvedKerberosPrincipal rkp) {
+ return fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), rkp.getHostId()), true);
}
/**
@@ -135,7 +142,7 @@ public class KerberosKeytabController {
filter.setPrincipals(identityFilter);
}
- Set<ResolvedKerberosPrincipal> filteredPrincipals = fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters));
+ Set<ResolvedKerberosPrincipal> filteredPrincipals = fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters), false);
HashMap<String, ResolvedKerberosKeytab> resultMap = new HashMap<>();
for (ResolvedKerberosPrincipal principal : filteredPrincipals) {
if (!resultMap.containsKey(principal.getKeytabPath())) {
@@ -207,8 +214,9 @@ public class KerberosKeytabController {
return Lists.newArrayList(KerberosKeytabPrincipalDAO.KerberosKeytabPrincipalFilter.createEmptyFilter());
}
- private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, boolean resolvePrincipals) {
- Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ? fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities()) : new HashSet<>();
+ private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, boolean resolvePrincipals, boolean exceptServiceMapping) {
+ Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ?
+ fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities(), exceptServiceMapping) : new HashSet<>();
return new ResolvedKerberosKeytab(
kke.getKeytabPath(),
kke.getOwnerName(),
@@ -222,18 +230,18 @@ public class KerberosKeytabController {
}
private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke) {
- return fromKeytabEntity(kke, true);
+ return fromKeytabEntity(kke, true, false);
}
- private Set<ResolvedKerberosKeytab> fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities) {
+ private Set<ResolvedKerberosKeytab> fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities, boolean exceptServiceMapping) {
ImmutableSet.Builder<ResolvedKerberosKeytab> builder = ImmutableSet.builder();
- for (KerberosKeytabEntity kkpe : keytabEntities) {
- builder.add(fromKeytabEntity(kkpe));
+ for (KerberosKeytabEntity kke : keytabEntities) {
+ builder.add(fromKeytabEntity(kke, true, exceptServiceMapping));
}
return builder.build();
}
- private Set<ResolvedKerberosPrincipal> fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> principalEntities) {
+ private Set<ResolvedKerberosPrincipal> fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> principalEntities, boolean exceptServiceMapping) {
ImmutableSet.Builder<ResolvedKerberosPrincipal> builder = ImmutableSet.builder();
for (KerberosKeytabPrincipalEntity kkpe : principalEntities) {
KerberosPrincipalEntity kpe = kkpe.getKerberosPrincipalEntity();
@@ -246,7 +254,7 @@ public class KerberosKeytabController {
kpe.isService(),
kpe.getCachedKeytabPath(),
kkpe.getKeytabPath(),
- kkpe.getServiceMappingAsMultimap());
+ exceptServiceMapping ? null : kkpe.getServiceMappingAsMultimap());
builder.add(rkp);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org