You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/02/21 22:43:49 UTC
ambari git commit: Revert "AMBARI-20067. Finalize Operations stage
fails when Enabling Kerberos using the manual option (rlevas)"
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 b32094fa6 -> e3b21903f
Revert "AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)"
This reverts commit 381d43cad0151db59fac6c6ca176369c78fd93af.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e3b21903
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e3b21903
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e3b21903
Branch: refs/heads/branch-2.5
Commit: e3b21903f0e50b42035b8e509ed225d95239dac6
Parents: b32094f
Author: Robert Levas <rl...@hortonworks.com>
Authored: Tue Feb 21 17:43:40 2017 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Tue Feb 21 17:43:40 2017 -0500
----------------------------------------------------------------------
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 207 -------------------
3 files changed, 7 insertions(+), 216 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index 0b845d9..d485eb3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,14 +200,12 @@ public class FinalizeKerberosServerAction extends KerberosServerAction {
}
}
- if(getKDCType(getCommandParameters()) != KDCType.NONE) {
- // Ensure the keytab files for the Ambari identities have the correct permissions
- // This is important in the event a secure cluster was created via Blueprints since some
- // user accounts and group may not have been created when the keytab files were created.
- requestSharedDataContext.put(this.getClass().getName() + "_visited", new HashSet<String>());
- processIdentities(requestSharedDataContext);
- requestSharedDataContext.remove(this.getClass().getName() + "_visited");
- }
+ // Ensure the keytab files for the Ambari identities have the correct permissions
+ // This is important in the event a secure cluster was created via Blueprints since some
+ // user accounts and group may not have been created when the keytab files were created.
+ requestSharedDataContext.put(this.getClass().getName() + "_visited", new HashSet<String>());
+ processIdentities(requestSharedDataContext);
+ requestSharedDataContext.remove(this.getClass().getName() + "_visited");
// Make sure this is a relevant directory. We don't want to accidentally allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index 9755bd6..1d8c1ca 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -194,7 +194,7 @@ public abstract class KerberosServerAction extends AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
- ? KDCType.NONE
+ ? KDCType.MIT_KDC
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
deleted file mode 100644
index cec482e..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.serveraction.kerberos;
-
-import junit.framework.Assert;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.Role;
-import org.apache.ambari.server.RoleCommand;
-import org.apache.ambari.server.actionmanager.HostRoleCommand;
-import org.apache.ambari.server.actionmanager.HostRoleStatus;
-import org.apache.ambari.server.agent.CommandReport;
-import org.apache.ambari.server.agent.ExecutionCommand;
-import org.apache.ambari.server.audit.AuditLogger;
-import org.apache.ambari.server.controller.KerberosHelper;
-import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
-import org.apache.ambari.server.state.Cluster;
-import org.apache.ambari.server.state.Clusters;
-import org.apache.ambari.server.state.Host;
-import org.apache.ambari.server.state.SecurityState;
-import org.apache.ambari.server.state.ServiceComponentHost;
-import org.easymock.EasyMockSupport;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.TemporaryFolder;
-
-import com.google.inject.AbstractModule;
-import com.google.inject.Guice;
-import com.google.inject.Injector;
-
-import static org.apache.ambari.server.serveraction.kerberos.KerberosServerAction.DATA_DIRECTORY_PREFIX;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-
-public class FinalizeKerberosServerActionTest extends EasyMockSupport {
- @Rule
- public TemporaryFolder folder = new TemporaryFolder();
-
- @Test
- public void executeMITKDCOption() throws Exception {
- String clusterName = "c1";
- Injector injector = setup(clusterName);
-
- File dataDirectory = createDataDirectory();
-
- Map<String, String> commandParams = new HashMap<>();
- commandParams.put(KerberosServerAction.KDC_TYPE, KDCType.MIT_KDC.name());
- commandParams.put(KerberosServerAction.DATA_DIRECTORY, dataDirectory.getAbsolutePath());
-
- ExecutionCommand executionCommand = createMockExecutionCommand(clusterName, commandParams);
- HostRoleCommand hostRoleCommand = createMockHostRoleCommand();
-
- PrincipalKeyCredential principleKeyCredential = createMock(PrincipalKeyCredential.class);
-
- KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
- expect(kerberosHelper.getKDCAdministratorCredentials(clusterName)).andReturn(principleKeyCredential).anyTimes();
-
- replayAll();
-
- ConcurrentMap<String, Object> requestSharedDataContext = new ConcurrentHashMap<String, Object>();
-
- FinalizeKerberosServerAction action = injector.getInstance(FinalizeKerberosServerAction.class);
- action.setExecutionCommand(executionCommand);
- action.setHostRoleCommand(hostRoleCommand);
-
- Assert.assertTrue(dataDirectory.exists());
-
- CommandReport commandReport = action.execute(requestSharedDataContext);
-
- assertSuccess(commandReport);
- Assert.assertTrue(!dataDirectory.exists());
-
- verifyAll();
- }
-
- @Test
- public void executeManualOption() throws Exception {
- String clusterName = "c1";
- Injector injector = setup(clusterName);
-
- File dataDirectory = createDataDirectory();
-
- Map<String, String> commandParams = new HashMap<>();
- commandParams.put(KerberosServerAction.DATA_DIRECTORY, dataDirectory.getAbsolutePath());
-
- ExecutionCommand executionCommand = createMockExecutionCommand(clusterName, commandParams);
- HostRoleCommand hostRoleCommand = createMockHostRoleCommand();
-
- replayAll();
-
- ConcurrentMap<String, Object> requestSharedDataContext = new ConcurrentHashMap<String, Object>();
-
- FinalizeKerberosServerAction action = injector.getInstance(FinalizeKerberosServerAction.class);
- action.setExecutionCommand(executionCommand);
- action.setHostRoleCommand(hostRoleCommand);
-
- Assert.assertTrue(dataDirectory.exists());
-
- CommandReport commandReport = action.execute(requestSharedDataContext);
-
- assertSuccess(commandReport);
-
- Assert.assertTrue(!dataDirectory.exists());
-
- verifyAll();
- }
-
- private File createDataDirectory() throws IOException {
- File directory = folder.newFolder();
- File dataDirectory = new File(directory, DATA_DIRECTORY_PREFIX + "_test");
-
- Assert.assertTrue(dataDirectory.mkdir());
-
- return dataDirectory;
- }
-
- private void assertSuccess(CommandReport commandReport) {
- Assert.assertEquals(0, commandReport.getExitCode());
- Assert.assertEquals(HostRoleStatus.COMPLETED.name(), commandReport.getStatus());
- Assert.assertEquals("{}", commandReport.getStructuredOut());
- }
-
- private ExecutionCommand createMockExecutionCommand(String clusterName, Map<String, String> commandParams) {
- ExecutionCommand executionCommand = createMock(ExecutionCommand.class);
- expect(executionCommand.getClusterName()).andReturn(clusterName).anyTimes();
- expect(executionCommand.getCommandParams()).andReturn(commandParams).anyTimes();
- expect(executionCommand.getRoleCommand()).andReturn(RoleCommand.EXECUTE).anyTimes();
- expect(executionCommand.getRole()).andReturn(Role.AMBARI_SERVER_ACTION.name()).anyTimes();
- expect(executionCommand.getConfigurationTags()).andReturn(Collections.<String, Map<String, String>>emptyMap()).anyTimes();
- expect(executionCommand.getServiceName()).andReturn("AMBARI_SERVER").anyTimes();
- expect(executionCommand.getTaskId()).andReturn(3L).anyTimes();
-
- return executionCommand;
- }
-
- private HostRoleCommand createMockHostRoleCommand() {
- HostRoleCommand hostRoleCommand = createMock(HostRoleCommand.class);
-
- expect(hostRoleCommand.getRequestId()).andReturn(1L).anyTimes();
- expect(hostRoleCommand.getStageId()).andReturn(2L).anyTimes();
- expect(hostRoleCommand.getTaskId()).andReturn(3L).anyTimes();
-
- return hostRoleCommand;
- }
-
- private Injector setup(String clusterName) throws AmbariException {
- final Map<String, Host> clusterHostMap = new HashMap<>();
- clusterHostMap.put("host1", createMock(Host.class));
-
- final ServiceComponentHost serviceComponentHost = createMock(ServiceComponentHost.class);
- expect(serviceComponentHost.getSecurityState()).andReturn(SecurityState.SECURING).anyTimes();
- expect(serviceComponentHost.getServiceName()).andReturn("SERVICE1").anyTimes();
- expect(serviceComponentHost.getServiceComponentName()).andReturn("COMPONENT1A").anyTimes();
- expect(serviceComponentHost.getHostName()).andReturn("host1").anyTimes();
- expect(serviceComponentHost.getDesiredSecurityState()).andReturn(SecurityState.SECURED_KERBEROS).anyTimes();
- serviceComponentHost.setSecurityState(SecurityState.SECURED_KERBEROS);
- expectLastCall().once();
-
- final List<ServiceComponentHost> serviceComponentHosts = new ArrayList<>();
- serviceComponentHosts.add(serviceComponentHost);
-
- final Cluster cluster = createMock(Cluster.class);
- expect(cluster.getClusterName()).andReturn(clusterName).anyTimes();
- expect(cluster.getServiceComponentHosts("host1")).andReturn(serviceComponentHosts).anyTimes();
-
- final Clusters clusters = createMock(Clusters.class);
- expect(clusters.getHostsForCluster(clusterName)).andReturn(clusterHostMap).anyTimes();
- expect(clusters.getCluster(clusterName)).andReturn(cluster).anyTimes();
-
- return Guice.createInjector(new AbstractModule() {
-
- @Override
- protected void configure() {
- bind(KerberosHelper.class).toInstance(createMock(KerberosHelper.class));
- bind(Clusters.class).toInstance(clusters);
- bind(AuditLogger.class).toInstance(createNiceMock(AuditLogger.class));
- }
- });
- }
-
-}
\ No newline at end of file