You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/12/18 22:23:55 UTC
ambari git commit: AMBARI-14434. Passwords for headless principals
with cached keytab files are changed unnecessarily (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk fd6e9cc00 -> f0b029e57
AMBARI-14434. Passwords for headless principals with cached keytab files are changed unnecessarily (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f0b029e5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f0b029e5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f0b029e5
Branch: refs/heads/trunk
Commit: f0b029e57daf5e3ec01b8dbc53ea41886ebe5e55
Parents: fd6e9cc
Author: Robert Levas <rl...@hortonworks.com>
Authored: Fri Dec 18 16:23:45 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Fri Dec 18 16:23:45 2015 -0500
----------------------------------------------------------------------
.../kerberos/CreatePrincipalsServerAction.java | 56 +++++++++++++-------
1 file changed, 38 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f0b029e5/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
index fdcc672..8009ae1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
@@ -24,8 +24,10 @@ import org.apache.ambari.server.actionmanager.HostRoleStatus;
import org.apache.ambari.server.agent.CommandReport;
import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO;
import org.apache.ambari.server.orm.dao.KerberosPrincipalHostDAO;
+import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity;
import org.apache.ambari.server.security.SecurePasswordHelper;
import org.apache.ambari.server.serveraction.ActionLog;
+import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -111,10 +113,30 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
throws AmbariException {
CommandReport commandReport = null;
+ boolean processPrincipal;
boolean regenerateKeytabs = "true".equalsIgnoreCase(getCommandParameterValue(getCommandParameters(), REGENERATE_ALL));
- if (regenerateKeytabs || !kerberosPrincipalHostDAO.exists(evaluatedPrincipal)) {
+ if (regenerateKeytabs) {
+ processPrincipal = true;
+ } else {
+ KerberosPrincipalEntity kerberosPrincipalEntity = kerberosPrincipalDAO.find(evaluatedPrincipal);
+
+ if (kerberosPrincipalEntity == null) {
+ // This principal has not been processed before, process it.
+ processPrincipal = true;
+ } else if (!StringUtils.isEmpty(kerberosPrincipalEntity.getCachedKeytabPath())) {
+ // This principal has been processed and a keytab file has been cached for it... do not process it.
+ processPrincipal = false;
+ } else if (kerberosPrincipalHostDAO.exists(evaluatedPrincipal)) {
+ // This principal has been processed and a keytab file has been distributed... do not process it.
+ processPrincipal = false;
+ } else {
+ // This principal has been processed but a keytab file for it has been distributed... process it.
+ processPrincipal = true;
+ }
+ }
+ if (processPrincipal) {
Map<String, String> principalPasswordMap = getPrincipalPasswordMap(requestSharedDataContext);
Map<String, Integer> principalKeyNumberMap = getPrincipalKeyNumberMap(requestSharedDataContext);
@@ -124,10 +146,9 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
boolean servicePrincipal = "service".equalsIgnoreCase(identityRecord.get(KerberosIdentityDataFileReader.PRINCIPAL_TYPE));
CreatePrincipalResult result = createPrincipal(evaluatedPrincipal, servicePrincipal, kerberosConfiguration, operationHandler, actionLog);
- if(result == null) {
+ if (result == null) {
commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", actionLog.getStdOut(), actionLog.getStdErr());
- }
- else {
+ } else {
principalPasswordMap.put(evaluatedPrincipal, result.getPassword());
principalKeyNumberMap.put(evaluatedPrincipal, result.getKeyNumber());
}
@@ -156,7 +177,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
String message = String.format("Creating principal, %s", principal);
LOG.info(message);
- if(actionLog != null) {
+ if (actionLog != null) {
actionLog.writeStdOut(message);
}
@@ -167,15 +188,14 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
Integer minPunctuation;
Integer minWhitespace;
- if(kerberosConfiguration == null) {
+ if (kerberosConfiguration == null) {
length = null;
- minLowercaseLetters= null;
- minUppercaseLetters= null;
- minDigits= null;
- minPunctuation= null;
- minWhitespace= null;
- }
- else {
+ minLowercaseLetters = null;
+ minUppercaseLetters = null;
+ minDigits = null;
+ minPunctuation = null;
+ minWhitespace = null;
+ } else {
length = toInt(kerberosConfiguration.get("password_length"));
minLowercaseLetters = toInt(kerberosConfiguration.get("password_min_lowercase_letters"));
minUppercaseLetters = toInt(kerberosConfiguration.get("password_min_uppercase_letters"));
@@ -193,20 +213,20 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
// A new password/key would have been generated after exporting the keytab anyways.
message = String.format("Principal, %s, already exists, setting new password", principal);
LOG.warn(message);
- if(actionLog != null) {
+ if (actionLog != null) {
actionLog.writeStdOut(message);
}
Integer keyNumber = kerberosOperationHandler.setPrincipalPassword(principal, password);
if (keyNumber != null) {
+ result = new CreatePrincipalResult(principal, password, keyNumber);
message = String.format("Successfully set password for %s", principal);
LOG.debug(message);
- result = new CreatePrincipalResult(principal, password, keyNumber);
} else {
message = String.format("Failed to set password for %s - unknown reason", principal);
LOG.error(message);
- if(actionLog != null) {
+ if (actionLog != null) {
actionLog.writeStdErr(message);
}
}
@@ -223,7 +243,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
} else {
message = String.format("Failed to create principal, %s - unknown reason", principal);
LOG.error(message);
- if(actionLog != null) {
+ if (actionLog != null) {
actionLog.writeStdErr(message);
}
}
@@ -236,7 +256,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
} catch (KerberosOperationException e) {
message = String.format("Failed to create principal, %s - %s", principal, e.getMessage());
LOG.error(message, e);
- if(actionLog != null) {
+ if (actionLog != null) {
actionLog.writeStdErr(message);
}
}