You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by am...@apache.org on 2019/03/14 09:53:00 UTC
[ambari] branch branch-2.7 updated: [AMBARI-25088] Enable Kerberos
fails when Ambari server is not on a registered host (#2863)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new ca79b6d [AMBARI-25088] Enable Kerberos fails when Ambari server is not on a registered host (#2863)
ca79b6d is described below
commit ca79b6d2c634db2eb392af66ad8e2e767497eea7
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Thu Mar 14 10:52:53 2019 +0100
[AMBARI-25088] Enable Kerberos fails when Ambari server is not on a registered host (#2863)
---
.../ambari/server/controller/KerberosHelperImpl.java | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index fd8f9dc..94f5994 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -1769,6 +1769,7 @@ public class KerberosHelperImpl implements KerberosHelper {
} else {
Collection<String> hosts;
String ambariServerHostname = StageUtils.getHostName();
+ boolean ambariServerHostnameIsForced = false;
if (hostName == null) {
Map<String, Host> hostMap = clusters.getHostsForCluster(clusterName);
@@ -1783,6 +1784,7 @@ public class KerberosHelperImpl implements KerberosHelper {
extendedHosts.addAll(hosts);
extendedHosts.add(ambariServerHostname);
hosts = extendedHosts;
+ ambariServerHostnameIsForced = true;
}
} else {
hosts = Collections.singleton(hostName);
@@ -1794,14 +1796,14 @@ public class KerberosHelperImpl implements KerberosHelper {
if (kerberosDescriptor != null) {
Set<String> existingServices = cluster.getServices().keySet();
- for (String hostname : hosts) {
+ for (String host : hosts) {
// Calculate the current host-specific configurations. These will be used to replace
// variables within the Kerberos descriptor data
Map<String, Map<String, String>> configurations = calculateConfigurations(cluster,
- hostname,
- kerberosDescriptor,
- false,
- false);
+ (ambariServerHostnameIsForced && ambariServerHostname.equals(host)) ? null : host,
+ kerberosDescriptor,
+ false,
+ false);
// Create the context to use for filtering Kerberos Identities based on the state of the cluster
Map<String, Object> filterContext = new HashMap<>();
@@ -1810,10 +1812,10 @@ public class KerberosHelperImpl implements KerberosHelper {
Map<String, KerberosIdentityDescriptor> hostActiveIdentities = new HashMap<>();
- List<KerberosIdentityDescriptor> identities = getActiveIdentities(cluster, hostname,
+ List<KerberosIdentityDescriptor> identities = getActiveIdentities(cluster, host,
serviceName, componentName, kerberosDescriptor, filterContext);
- if (hostname.equals(ambariServerHostname)) {
+ if (host.equals(ambariServerHostname)) {
// Determine if we should _calculate_ the Ambari service identities.
// If kerberos-env/create_ambari_principal is not set to false the identity should be calculated.
if (createAmbariIdentities(kerberosEnvConfig.getProperties())) {
@@ -1842,7 +1844,7 @@ public class KerberosHelperImpl implements KerberosHelper {
}
if (replaceHostNames) {
- principal = principal.replace("_HOST", hostname);
+ principal = principal.replace("_HOST", host);
}
String uniqueKey = String.format("%s|%s", principal, (keytabFile == null) ? "" : keytabFile);
@@ -1889,7 +1891,7 @@ public class KerberosHelperImpl implements KerberosHelper {
}
}
- activeIdentities.put(hostname, hostActiveIdentities.values());
+ activeIdentities.put(host, hostActiveIdentities.values());
}
}
}