You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2018/01/02 16:55:57 UTC
[06/37] ambari git commit: AMBARI-22530. Refactor internal code of
handling info between kerberos wizard actions (echekanskiy)
AMBARI-22530. Refactor internal code of handling info between kerberos wizard actions (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/67fc4a37
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/67fc4a37
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/67fc4a37
Branch: refs/heads/branch-feature-AMBARI-21674
Commit: 67fc4a3785da0a7c39dcb27f220c8573a59ab63d
Parents: 81c0454
Author: root <ro...@build.home.lan>
Authored: Thu Dec 21 10:58:23 2017 -0500
Committer: Eugene Chekanskiy <ec...@hortonworks.com>
Committed: Thu Dec 21 11:00:37 2017 -0500
----------------------------------------------------------------------
.../ambari/server/agent/HeartBeatHandler.java | 122 +-
.../ambari/server/agent/HeartbeatProcessor.java | 33 +-
.../controller/DeleteIdentityHandler.java | 5 +-
.../server/controller/KerberosHelper.java | 2 +-
.../server/controller/KerberosHelperImpl.java | 1129 +++++++++---------
.../HostKerberosIdentityResourceProvider.java | 15 +-
.../server/orm/dao/KerberosKeytabDAO.java | 154 ++-
.../orm/dao/KerberosKeytabPrincipalDAO.java | 309 +++++
.../server/orm/dao/KerberosPrincipalDAO.java | 9 -
.../orm/dao/KerberosPrincipalHostDAO.java | 252 ----
.../entities/HostGroupComponentEntityPK.java | 4 +-
.../orm/entities/KerberosKeytabEntity.java | 152 ++-
.../entities/KerberosKeytabPrincipalEntity.java | 236 ++++
.../KerberosKeytabServiceMappingEntity.java | 88 ++
.../orm/entities/KerberosPrincipalEntity.java | 25 -
.../entities/KerberosPrincipalHostEntity.java | 213 ----
.../entities/KerberosPrincipalHostEntityPK.java | 115 --
.../AbstractPrepareKerberosServerAction.java | 31 +-
.../kerberos/CleanupServerAction.java | 6 +-
.../ConfigureAmbariIdentitiesServerAction.java | 141 ++-
.../kerberos/CreateKeytabFilesServerAction.java | 112 +-
.../kerberos/CreatePrincipalsServerAction.java | 47 +-
.../kerberos/DestroyPrincipalsServerAction.java | 62 +-
.../kerberos/FinalizeKerberosServerAction.java | 24 +-
.../kerberos/KerberosServerAction.java | 291 ++---
.../PrepareEnableKerberosServerAction.java | 16 +-
.../PrepareKerberosIdentitiesServerAction.java | 9 -
.../stageutils/KerberosKeytabController.java | 213 ++++
.../stageutils/ResolvedKerberosKeytab.java | 117 +-
.../stageutils/ResolvedKerberosPrincipal.java | 169 +++
.../upgrades/PreconfigureKerberosAction.java | 12 +-
.../server/state/cluster/ClustersImpl.java | 8 +-
.../main/resources/Ambari-DDL-Derby-CREATE.sql | 34 +-
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 33 +-
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 35 +-
.../resources/Ambari-DDL-Postgres-CREATE.sql | 35 +-
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 33 +-
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 33 +-
.../src/main/resources/META-INF/persistence.xml | 3 +-
.../server/agent/TestHeartbeatHandler.java | 79 +-
.../server/controller/KerberosHelperTest.java | 47 +-
...ostKerberosIdentityResourceProviderTest.java | 15 +-
.../apache/ambari/server/orm/db/DDLTests.java | 2 +-
...nfigureAmbariIdentitiesServerActionTest.java | 36 +-
.../FinalizeKerberosServerActionTest.java | 5 +-
.../kerberos/KerberosServerActionTest.java | 26 +-
.../PreconfigureKerberosActionTest.java | 16 +-
47 files changed, 2618 insertions(+), 1935 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/67fc4a37/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
index 53cceb0..2b82fe3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
@@ -26,6 +26,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -39,8 +40,10 @@ import org.apache.ambari.server.actionmanager.ActionManager;
import org.apache.ambari.server.api.services.AmbariMetaInfo;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFileReader;
-import org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFileReaderFactory;
import org.apache.ambari.server.serveraction.kerberos.KerberosServerAction;
+import org.apache.ambari.server.serveraction.kerberos.stageutils.KerberosKeytabController;
+import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
+import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.ambari.server.state.AgentVersion;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
@@ -104,11 +107,8 @@ public class HeartBeatHandler {
@Inject
private RecoveryConfigHelper recoveryConfigHelper;
- /**
- * KerberosIdentityDataFileReaderFactory used to create KerberosIdentityDataFileReader instances
- */
@Inject
- private KerberosIdentityDataFileReaderFactory kerberosIdentityDataFileReaderFactory;
+ private KerberosKeytabController kerberosKeytabController;
private Map<String, Long> hostResponseIds = new ConcurrentHashMap<>();
@@ -241,7 +241,6 @@ public class HeartBeatHandler {
* TODO: Handle the case when a host is a part of multiple clusters.
*/
Set<Cluster> clusters = clusterFsm.getClustersForHost(hostname);
-
if (clusters.size() > 0) {
String clusterName = clusters.iterator().next().getClusterName();
@@ -584,80 +583,75 @@ public class HeartBeatHandler {
*/
void injectKeytab(ExecutionCommand ec, String command, String targetHost) throws AmbariException {
String dataDir = ec.getCommandParams().get(KerberosServerAction.DATA_DIRECTORY);
-
+ KerberosServerAction.KerberosCommandParameters kerberosCommandParameters = new KerberosServerAction.KerberosCommandParameters(ec);
if(dataDir != null) {
- KerberosIdentityDataFileReader reader = null;
List<Map<String, String>> kcp = ec.getKerberosCommandParams();
try {
- reader = kerberosIdentityDataFileReaderFactory.createKerberosIdentityDataFileReader(new File(dataDir, KerberosIdentityDataFileReader.DATA_FILE_NAME));
-
- for (Map<String, String> record : reader) {
- String hostName = record.get(KerberosIdentityDataFileReader.HOSTNAME);
-
- if (targetHost.equalsIgnoreCase(hostName)) {
-
- if (SET_KEYTAB.equalsIgnoreCase(command)) {
- String keytabFilePath = record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH);
-
- if (keytabFilePath != null) {
-
- String sha1Keytab = DigestUtils.sha1Hex(keytabFilePath);
- File keytabFile = new File(dataDir + File.separator + hostName + File.separator + sha1Keytab);
-
- if (keytabFile.canRead()) {
- Map<String, String> keytabMap = new HashMap<>();
- String principal = record.get(KerberosIdentityDataFileReader.PRINCIPAL);
- String isService = record.get(KerberosIdentityDataFileReader.SERVICE);
-
+ Set<ResolvedKerberosKeytab> keytabsToInject = kerberosKeytabController.getFilteredKeytabs((Map<String, Collection<String>>)kerberosCommandParameters.getServiceComponentFilter(), kerberosCommandParameters.getHostFilter(), kerberosCommandParameters.getIdentityFilter());
+ for (ResolvedKerberosKeytab resolvedKeytab : keytabsToInject) {
+ for(ResolvedKerberosPrincipal resolvedPrincipal: resolvedKeytab.getPrincipals()) {
+ String hostName = resolvedPrincipal.getHostName();
+
+ if (targetHost.equalsIgnoreCase(hostName)) {
+
+ if (SET_KEYTAB.equalsIgnoreCase(command)) {
+ String keytabFilePath = resolvedKeytab.getFile();
+
+ if (keytabFilePath != null) {
+
+ String sha1Keytab = DigestUtils.sha256Hex(keytabFilePath);
+ File keytabFile = new File(dataDir + File.separator + hostName + File.separator + sha1Keytab);
+
+ if (keytabFile.canRead()) {
+ Map<String, String> keytabMap = new HashMap<>();
+ String principal = resolvedPrincipal.getPrincipal();
+
+ keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName);
+ keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, principal);
+ keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, keytabFilePath);
+ keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME, resolvedKeytab.getOwnerName());
+ keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS, resolvedKeytab.getOwnerAccess());
+ keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME, resolvedKeytab.getGroupName());
+ keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS, resolvedKeytab.getGroupAccess());
+
+ BufferedInputStream bufferedIn = new BufferedInputStream(new FileInputStream(keytabFile));
+ byte[] keytabContent = null;
+ try {
+ keytabContent = IOUtils.toByteArray(bufferedIn);
+ } finally {
+ bufferedIn.close();
+ }
+ String keytabContentBase64 = Base64.encodeBase64String(keytabContent);
+ keytabMap.put(KerberosServerAction.KEYTAB_CONTENT_BASE64, keytabContentBase64);
+
+ kcp.add(keytabMap);
+ }
+ }
+ } else if (REMOVE_KEYTAB.equalsIgnoreCase(command) || CHECK_KEYTABS.equalsIgnoreCase(command)) {
+ Map<String, String> keytabMap = new HashMap<>();
+ String keytabFilePath = resolvedKeytab.getFile();
+
+ String principal = resolvedPrincipal.getPrincipal();
+ for (Map.Entry<String, String> mappingEntry: resolvedPrincipal.getServiceMapping().entries()) {
+ String serviceName = mappingEntry.getKey();
+ String componentName = mappingEntry.getValue();
keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName);
- keytabMap.put(KerberosIdentityDataFileReader.SERVICE, isService);
- keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT));
+ keytabMap.put(KerberosIdentityDataFileReader.SERVICE, serviceName);
+ keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, componentName);
keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, principal);
keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, keytabFilePath);
- keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_NAME));
- keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_OWNER_ACCESS));
- keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_NAME));
- keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_GROUP_ACCESS));
-
- BufferedInputStream bufferedIn = new BufferedInputStream(new FileInputStream(keytabFile));
- byte[] keytabContent = null;
- try {
- keytabContent = IOUtils.toByteArray(bufferedIn);
- } finally {
- bufferedIn.close();
- }
- String keytabContentBase64 = Base64.encodeBase64String(keytabContent);
- keytabMap.put(KerberosServerAction.KEYTAB_CONTENT_BASE64, keytabContentBase64);
- kcp.add(keytabMap);
}
- }
- } else if (REMOVE_KEYTAB.equalsIgnoreCase(command) || CHECK_KEYTABS.equalsIgnoreCase(command)) {
- Map<String, String> keytabMap = new HashMap<>();
- keytabMap.put(KerberosIdentityDataFileReader.HOSTNAME, hostName);
- keytabMap.put(KerberosIdentityDataFileReader.SERVICE, record.get(KerberosIdentityDataFileReader.SERVICE));
- keytabMap.put(KerberosIdentityDataFileReader.COMPONENT, record.get(KerberosIdentityDataFileReader.COMPONENT));
- keytabMap.put(KerberosIdentityDataFileReader.PRINCIPAL, record.get(KerberosIdentityDataFileReader.PRINCIPAL));
- keytabMap.put(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH, record.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH));
-
- kcp.add(keytabMap);
+ kcp.add(keytabMap);
+ }
}
}
}
} catch (IOException e) {
throw new AmbariException("Could not inject keytabs to enable kerberos");
- } finally {
- if (reader != null) {
- try {
- reader.close();
- } catch (Throwable t) {
- // ignored
- }
- }
}
-
ec.setKerberosCommandParams(kcp);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/67fc4a37/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
index 83d2c98..1374a3d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
@@ -53,8 +53,8 @@ import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
import org.apache.ambari.server.events.publishers.VersionEventPublisher;
import org.apache.ambari.server.metadata.ActionMetadata;
import org.apache.ambari.server.orm.dao.KerberosKeytabDAO;
-import org.apache.ambari.server.orm.dao.KerberosPrincipalHostDAO;
-import org.apache.ambari.server.orm.entities.KerberosPrincipalHostEntity;
+import org.apache.ambari.server.orm.dao.KerberosKeytabPrincipalDAO;
+import org.apache.ambari.server.orm.entities.KerberosKeytabPrincipalEntity;
import org.apache.ambari.server.state.Alert;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
@@ -133,10 +133,10 @@ public class HeartbeatProcessor extends AbstractService{
AmbariMetaInfo ambariMetaInfo;
@Inject
- KerberosPrincipalHostDAO kerberosPrincipalHostDAO;
+ KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;
@Inject
- KerberosKeytabDAO kerberosKeytabDao;
+ KerberosKeytabDAO kerberosKeytabDAO;
@Inject
Gson gson;
@@ -439,35 +439,32 @@ public class HeartbeatProcessor extends AbstractService{
}
if (writeKeytabsStructuredOut != null) {
+ // TODO rework this. Make sure that keytab check and write commands returns principal list for each keytab
if (SET_KEYTAB.equalsIgnoreCase(customCommand)) {
Map<String, String> keytabs = writeKeytabsStructuredOut.getKeytabs();
if (keytabs != null) {
for (Map.Entry<String, String> entry : keytabs.entrySet()) {
String principal = entry.getKey();
String keytabPath = entry.getValue();
- KerberosPrincipalHostEntity kphe = kerberosPrincipalHostDAO.find(principal, host.getHostId(), keytabPath);
- kphe.setDistributed(true);
- kerberosPrincipalHostDAO.merge(kphe);
+ for (KerberosKeytabPrincipalEntity kkpe: kerberosKeytabPrincipalDAO.findByHostAndKeytab(host.getHostId(), keytabPath)) {
+ kkpe.setDistributed(true);
+ kerberosKeytabPrincipalDAO.merge(kkpe);
+ }
}
}
} else if (REMOVE_KEYTAB.equalsIgnoreCase(customCommand)) {
- Map<String, String> deletedKeytabs = writeKeytabsStructuredOut.getRemovedKeytabs();
- if (deletedKeytabs != null) {
- for (Map.Entry<String, String> entry : deletedKeytabs.entrySet()) {
- String keytabPath = entry.getValue();
- kerberosPrincipalHostDAO.removeByKeytabPath(keytabPath);
- kerberosKeytabDao.remove(keytabPath);
- }
- }
+ // TODO check if additional processing of removed records(besides existent in DestroyPrincipalsServerAction)
+ // TODO is required
}
}
} else if (CHECK_KEYTABS.equalsIgnoreCase(customCommand)) {
ListKeytabsStructuredOut structuredOut = gson.fromJson(report.getStructuredOut(), ListKeytabsStructuredOut.class);
for (MissingKeytab each : structuredOut.missingKeytabs) {
LOG.info("Missing principal: {} for keytab: {} on host: {}", each.principal, each.keytabFilePath, hostname);
- KerberosPrincipalHostEntity kphe = kerberosPrincipalHostDAO.find(each.principal, host.getHostId(), each.keytabFilePath);
- kphe.setDistributed(false);
- kerberosPrincipalHostDAO.merge(kphe);
+ for (KerberosKeytabPrincipalEntity kkpe: kerberosKeytabPrincipalDAO.findByHostAndKeytab(host.getHostId(), each.keytabFilePath)) {
+ kkpe.setDistributed(false);
+ kerberosKeytabPrincipalDAO.merge(kkpe);
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/67fc4a37/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
index a7b9d80..9837d70 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
@@ -45,6 +45,7 @@ import org.apache.ambari.server.serveraction.kerberos.DestroyPrincipalsServerAct
import org.apache.ambari.server.serveraction.kerberos.KDCType;
import org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler;
import org.apache.ambari.server.serveraction.kerberos.KerberosServerAction;
+import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.state.StackId;
@@ -78,7 +79,7 @@ class DeleteIdentityHandler {
public void addDeleteIdentityStages(Cluster cluster, OrderedRequestStageContainer stageContainer, CommandParams commandParameters, boolean manageIdentities)
throws AmbariException
{
- ServiceComponentHostServerActionEvent event = new ServiceComponentHostServerActionEvent("AMBARI_SERVER", StageUtils.getHostName(), System.currentTimeMillis());
+ ServiceComponentHostServerActionEvent event = new ServiceComponentHostServerActionEvent(RootComponent.AMBARI_SERVER.name(), StageUtils.getHostName(), System.currentTimeMillis());
String hostParamsJson = StageUtils.getGson().toJson(customCommandExecutionHelper.createDefaultHostParams(cluster, cluster.getDesiredStackVersion()));
stageContainer.setClusterHostInfo(StageUtils.getGson().toJson(StageUtils.getClusterHostInfo(cluster)));
if (manageIdentities) {
@@ -321,7 +322,7 @@ class DeleteIdentityHandler {
}
@Override
- protected CommandReport processIdentity(Map<String, String> identityRecord, String evaluatedPrincipal, KerberosOperationHandler operationHandler, Map<String, String> kerberosConfiguration, Map<String, Object> requestSharedDataContext) throws AmbariException {
+ protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedPrincipal, KerberosOperationHandler operationHandler, Map<String, String> kerberosConfiguration, Map<String, Object> requestSharedDataContext) throws AmbariException {
return null;
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/67fc4a37/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 749943d..0aef548 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -740,7 +740,7 @@ public interface KerberosHelper {
*
* @param resolvedKerberosKeytab kerberos keytab to be persisted
*/
- void processResolvedKeytab(ResolvedKerberosKeytab resolvedKerberosKeytab);
+ void createResolvedKeytab(ResolvedKerberosKeytab resolvedKerberosKeytab);
/**
* Removes existent persisted keytabs if they are not in {@code expectedKeytabs} collection.