You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2018/07/27 06:52:58 UTC

[ambari] branch trunk updated: AMBARI-24319. Reverting previous changes until we did not find out what's happening with BP installations (#1893)

This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 052f28c  AMBARI-24319. Reverting previous changes until we did not find out what's happening with BP installations (#1893)
052f28c is described below

commit 052f28ca9ab14318ef3c4590e3cc79209e9e0ed9
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Fri Jul 27 08:52:55 2018 +0200

    AMBARI-24319. Reverting previous changes until we did not find out what's happening with BP installations (#1893)
---
 .../server/controller/KerberosHelperImpl.java      |  6 ++-
 .../kerberos/KerberosServerAction.java             | 50 ++++++----------------
 2 files changed, 16 insertions(+), 40 deletions(-)

diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index a15f424..13cb8fa 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -138,6 +138,7 @@ import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonObject;
@@ -1866,7 +1867,7 @@ public class KerberosHelperImpl implements KerberosHelper {
 
                   String uniqueKey = String.format("%s|%s", principal, (keytabFile == null) ? "" : keytabFile);
 
-                  if (!hostActiveIdentities.containsKey(uniqueKey) || (StringUtils.isNotBlank(hostActiveIdentities.get(uniqueKey).getReference()) && StringUtils.isBlank(identity.getReference()))) {
+                  if (!hostActiveIdentities.containsKey(uniqueKey)) {
                     KerberosPrincipalType principalType = principalDescriptor.getType();
 
                     // Assume the principal is a service principal if not specified
@@ -2467,7 +2468,8 @@ public class KerberosHelperImpl implements KerberosHelper {
       handler.createStages(cluster,
         clusterHostInfoJson, hostParamsJson, event, roleCommandOrder, kerberosDetails,
         dataDirectory, requestStageContainer, serviceComponentHostsToProcess,
-        null, null, Sets.newHashSet(principal), hostsWithValidKerberosClient);
+        Collections.singletonMap("KERBEROS", Lists.newArrayList("KERBEROS_CLIENT")),
+        null, Sets.newHashSet(principal), hostsWithValidKerberosClient);
 
 
       handler.addFinalizeOperationStage(cluster, clusterHostInfoJson, hostParamsJson, event,
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index 0c11e34..904fd01 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -21,7 +21,6 @@ package org.apache.ambari.server.serveraction.kerberos;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.Type;
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -42,7 +41,6 @@ import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerbero
 import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
-import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
 import org.apache.ambari.server.utils.StageUtils;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
@@ -180,6 +178,12 @@ public abstract class KerberosServerAction extends AbstractServerAction {
   private KerberosOperationHandlerFactory kerberosOperationHandlerFactory;
 
   /**
+   * The KerberosIdentityDataFileReaderFactory to use to obtain KerberosIdentityDataFileReader instances
+   */
+  @Inject
+  private KerberosIdentityDataFileReaderFactory kerberosIdentityDataFileReaderFactory;
+
+  /**
    * KerberosHelper
    */
   @Inject
@@ -451,17 +455,13 @@ public abstract class KerberosServerAction extends AbstractServerAction {
       }
 
       try {
-        final Map<String, Collection<String>> serviceComponentFilter = (Map<String, Collection<String>>) getServiceComponentFilter();
-        final Collection<KerberosIdentityDescriptor> serviceIdentities = serviceComponentFilter == null ? null : calculateServiceIdentities(getClusterName(), serviceComponentFilter);
-        for (ResolvedKerberosKeytab rkk : kerberosKeytabController.getFilteredKeytabs(serviceComponentFilter, getHostFilter(), getIdentityFilter())) {
+        for (ResolvedKerberosKeytab rkk : kerberosKeytabController.getFilteredKeytabs((Map<String, Collection<String>>) getServiceComponentFilter(), getHostFilter(), getIdentityFilter())) {
           for (ResolvedKerberosPrincipal principal : rkk.getPrincipals()) {
-            if (isRelevantIdentity(serviceIdentities, principal)) {
-              commandReport = processIdentity(principal, handler, kerberosConfiguration, requestSharedDataContext);
-              // If the principal processor returns a CommandReport, than it is time to stop
-              // since an error condition has probably occurred, else all is assumed to be well.
-              if (commandReport != null) {
-                break;
-              }
+            commandReport = processIdentity(principal, handler, kerberosConfiguration, requestSharedDataContext);
+            // If the principal processor returns a CommandReport, than it is time to stop since
+            // an error condition has probably occurred, else all is assumed to be well.
+            if (commandReport != null) {
+              break;
             }
           }
         }
@@ -487,32 +487,6 @@ public abstract class KerberosServerAction extends AbstractServerAction {
         : commandReport;
   }
 
-  private boolean isRelevantIdentity(Collection<KerberosIdentityDescriptor> serviceIdentities, ResolvedKerberosPrincipal principal) {
-    if (serviceIdentities != null) {
-      boolean hasValidIdentity = false;
-      for (KerberosIdentityDescriptor serviceIdentity : serviceIdentities) {
-        if (principal.getPrincipal().equals(serviceIdentity.getPrincipalDescriptor().getName()) && StringUtils.isBlank(serviceIdentity.getReference())) {
-          hasValidIdentity = true;
-          break;
-        }
-      }
-      return hasValidIdentity;
-    }
-
-    return true;
-  }
-
-  private Collection<KerberosIdentityDescriptor> calculateServiceIdentities(String clusterName, Map<String, Collection<String>> serviceComponentFilter)
-      throws AmbariException {
-    final Collection<KerberosIdentityDescriptor> serviceIdentities = new ArrayList<>();
-    for (String service : serviceComponentFilter.keySet()) {
-      for (Collection<KerberosIdentityDescriptor> activeIdentities : kerberosHelper.getActiveIdentities(clusterName, null, service, null, true).values()) {
-        serviceIdentities.addAll(activeIdentities);
-      }
-    }
-    return serviceIdentities;
-  }
-
   /**
    * Processes an identity as necessary.
    * <p/>