You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2021/01/23 03:24:17 UTC
[airflow] branch v1-10-test updated: Restores accidentally removed
kerberos authenttication
This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new e8a0e57 Restores accidentally removed kerberos authenttication
e8a0e57 is described below
commit e8a0e57f44259b1888ed790db56a522b54aaa662
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Sat Jan 23 04:09:22 2021 +0100
Restores accidentally removed kerberos authenttication
---
scripts/in_container/_in_container_utils.sh | 34 +++++++++++++++++++++++++++++
scripts/in_container/entrypoint_ci.sh | 18 +++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/scripts/in_container/_in_container_utils.sh b/scripts/in_container/_in_container_utils.sh
index f1a55c8..8963571 100644
--- a/scripts/in_container/_in_container_utils.sh
+++ b/scripts/in_container/_in_container_utils.sh
@@ -198,6 +198,40 @@ function stop_output_heartbeat() {
wait "${HEARTBEAT_PID}" || true 2>/dev/null
}
+function setup_kerberos() {
+ FQDN=$(hostname)
+ ADMIN="admin"
+ PASS="airflow"
+ KRB5_KTNAME=/etc/airflow.keytab
+
+ sudo cp "${AIRFLOW_SOURCES}/scripts/in_container/krb5/krb5.conf" /etc/krb5.conf
+
+ echo -e "${PASS}\n${PASS}" | \
+ sudo kadmin -p "${ADMIN}/admin" -w "${PASS}" -q "addprinc -randkey airflow/${FQDN}" 2>&1 \
+ | sudo tee "${AIRFLOW_HOME}/logs/kadmin_1.log" >/dev/null
+ RES_1=$?
+
+ sudo kadmin -p "${ADMIN}/admin" -w "${PASS}" -q "ktadd -k ${KRB5_KTNAME} airflow" 2>&1 \
+ | sudo tee "${AIRFLOW_HOME}/logs/kadmin_2.log" >/dev/null
+ RES_2=$?
+
+ sudo kadmin -p "${ADMIN}/admin" -w "${PASS}" -q "ktadd -k ${KRB5_KTNAME} airflow/${FQDN}" 2>&1 \
+ | sudo tee "${AIRFLOW_HOME}/logs``/kadmin_3.log" >/dev/null
+ RES_3=$?
+
+ if [[ ${RES_1} != 0 || ${RES_2} != 0 || ${RES_3} != 0 ]]; then
+ echo
+ echo "Error when setting up Kerberos: ${RES_1} ${RES_2} ${RES_3}}!"
+ echo
+ exit 1
+ else
+ echo
+ echo "Kerberos enabled and working."
+ echo
+ sudo chmod 0644 "${KRB5_KTNAME}"
+ fi
+}
+
function dump_airflow_logs() {
local dump_file
dump_file=/files/airflow_logs_$(date "+%Y-%m-%d")_${CI_BUILD_ID}_${CI_JOB_ID}.log.tar.gz
diff --git a/scripts/in_container/entrypoint_ci.sh b/scripts/in_container/entrypoint_ci.sh
index 1483732..56a3f9c 100755
--- a/scripts/in_container/entrypoint_ci.sh
+++ b/scripts/in_container/entrypoint_ci.sh
@@ -183,6 +183,24 @@ if [[ ${ENVIRONMENT_EXIT_CODE} != 0 ]]; then
exit ${ENVIRONMENT_EXIT_CODE}
fi
+
+if [[ ${INTEGRATION_KERBEROS:="false"} == "true" ]]; then
+ set +e
+ setup_kerberos
+ RES=$?
+ set -e
+
+ if [[ ${RES} != 0 ]]; then
+ echo
+ echo "ERROR !!!!Kerberos initialisation requested, but failed"
+ echo
+ echo "I will exit now, and you need to run 'breeze --integration kerberos restart'"
+ echo "to re-enter breeze and restart kerberos."
+ echo
+ exit 1
+ fi
+fi
+
# Create symbolic link to fix possible issues with kubectl config cmd-path
mkdir -p /usr/lib/google-cloud-sdk/bin
touch /usr/lib/google-cloud-sdk/bin/gcloud