You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by br...@apache.org on 2022/12/01 01:59:46 UTC

[ambari] branch trunk updated: [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)

This is an automated email from the ASF dual-hosted git repository.

brahma pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 0525500e9a [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)
0525500e9a is described below

commit 0525500e9a0f8323012b75f29f67a5f9083fcd2b
Author: Yubi Lee <eu...@naver.com>
AuthorDate: Thu Dec 1 10:59:37 2022 +0900

    [AMBARI-25624] "Creating Kerberos keytabs" takes too long (#3588)
    
    Signed-off-by: Brahma Reddy Battula <br...@apache.org>
---
 .../kerberos/CreateKeytabFilesServerAction.java    |  2 +-
 .../stageutils/KerberosKeytabController.java       | 36 +++++++++++++---------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
index f1d546151d..8e7dea745c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
@@ -159,7 +159,7 @@ public class CreateKeytabFilesServerAction extends KerberosServerAction {
     CommandReport commandReport = null;
     String message = null;
 
-    Set<ResolvedKerberosKeytab> keytabsToCreate = kerberosKeytabController.getFromPrincipal(resolvedPrincipal);
+    Set<ResolvedKerberosKeytab> keytabsToCreate = kerberosKeytabController.getFromPrincipalExceptServiceMapping(resolvedPrincipal);
     KerberosPrincipalEntity principalEntity = kerberosPrincipalDAO.find(resolvedPrincipal.getPrincipal());
 
     try {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
index 3c1c2e6cd6..653cccb908 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/KerberosKeytabController.java
@@ -91,7 +91,7 @@ public class KerberosKeytabController {
    * @return found keytab or null
    */
   public ResolvedKerberosKeytab getKeytabByFile(String file, boolean resolvePrincipals) {
-    return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals);
+    return fromKeytabEntity(kerberosKeytabDAO.find(file), resolvePrincipals, false);
   }
 
   /**
@@ -100,7 +100,7 @@ public class KerberosKeytabController {
    * @return all keytabs
    */
   public Set<ResolvedKerberosKeytab> getAllKeytabs() {
-    return fromKeytabEntities(kerberosKeytabDAO.findAll());
+    return fromKeytabEntities(kerberosKeytabDAO.findAll(), false);
   }
 
   /**
@@ -110,10 +110,17 @@ public class KerberosKeytabController {
    * @return set of keytabs found
    */
   public Set<ResolvedKerberosKeytab> getFromPrincipal(ResolvedKerberosPrincipal rkp) {
-    List<KerberosKeytabEntity> keytabs = kerberosKeytabDAO.findByPrincipalAndHost(
-        rkp.getPrincipal(), rkp.getHostId());
+    return fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), rkp.getHostId()), false);
+  }
 
-    return fromKeytabEntities(keytabs);
+  /**
+   * Returns all keytabs that contains given principal without service mapping.
+   *
+   * @param rkp principal to filter keytabs by
+   * @return set of keytabs found
+   */
+  public Set<ResolvedKerberosKeytab> getFromPrincipalExceptServiceMapping(ResolvedKerberosPrincipal rkp) {
+    return fromKeytabEntities(kerberosKeytabDAO.findByPrincipalAndHost(rkp.getPrincipal(), rkp.getHostId()), true);
   }
 
   /**
@@ -135,7 +142,7 @@ public class KerberosKeytabController {
       filter.setPrincipals(identityFilter);
     }
 
-    Set<ResolvedKerberosPrincipal> filteredPrincipals = fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters));
+    Set<ResolvedKerberosPrincipal> filteredPrincipals = fromPrincipalEntities(kerberosKeytabPrincipalDAO.findByFilters(filters), false);
     HashMap<String, ResolvedKerberosKeytab> resultMap = new HashMap<>();
     for (ResolvedKerberosPrincipal principal : filteredPrincipals) {
       if (!resultMap.containsKey(principal.getKeytabPath())) {
@@ -207,8 +214,9 @@ public class KerberosKeytabController {
     return Lists.newArrayList(KerberosKeytabPrincipalDAO.KerberosKeytabPrincipalFilter.createEmptyFilter());
   }
 
-  private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, boolean resolvePrincipals) {
-    Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ? fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities()) : new HashSet<>();
+  private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke, boolean resolvePrincipals, boolean exceptServiceMapping) {
+    Set<ResolvedKerberosPrincipal> principals = resolvePrincipals ?
+        fromPrincipalEntities(kke.getKerberosKeytabPrincipalEntities(), exceptServiceMapping) : new HashSet<>();
     return new ResolvedKerberosKeytab(
       kke.getKeytabPath(),
       kke.getOwnerName(),
@@ -222,18 +230,18 @@ public class KerberosKeytabController {
   }
 
   private ResolvedKerberosKeytab fromKeytabEntity(KerberosKeytabEntity kke) {
-    return fromKeytabEntity(kke, true);
+    return fromKeytabEntity(kke, true, false);
   }
 
-  private Set<ResolvedKerberosKeytab> fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities) {
+  private Set<ResolvedKerberosKeytab> fromKeytabEntities(Collection<KerberosKeytabEntity> keytabEntities, boolean exceptServiceMapping) {
     ImmutableSet.Builder<ResolvedKerberosKeytab> builder = ImmutableSet.builder();
-    for (KerberosKeytabEntity kkpe : keytabEntities) {
-      builder.add(fromKeytabEntity(kkpe));
+    for (KerberosKeytabEntity kke : keytabEntities) {
+      builder.add(fromKeytabEntity(kke, true, exceptServiceMapping));
     }
     return builder.build();
   }
 
-  private Set<ResolvedKerberosPrincipal> fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> principalEntities) {
+  private Set<ResolvedKerberosPrincipal> fromPrincipalEntities(Collection<KerberosKeytabPrincipalEntity> principalEntities, boolean exceptServiceMapping) {
     ImmutableSet.Builder<ResolvedKerberosPrincipal> builder = ImmutableSet.builder();
     for (KerberosKeytabPrincipalEntity kkpe : principalEntities) {
       KerberosPrincipalEntity kpe = kkpe.getKerberosPrincipalEntity();
@@ -246,7 +254,7 @@ public class KerberosKeytabController {
             kpe.isService(),
             kpe.getCachedKeytabPath(),
             kkpe.getKeytabPath(),
-            kkpe.getServiceMappingAsMultimap());
+            exceptServiceMapping ? null : kkpe.getServiceMappingAsMultimap());
         builder.add(rkp);
       }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org