You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/05/06 03:51:31 UTC

[2/2] ambari git commit: AMBARI-10930. After disable Kerberos and change Realm, test principal with old realm is created when re-enabling Kerberos (Emil Anca via rlevas)

AMBARI-10930. After disable Kerberos and change Realm, test principal with old realm is created when re-enabling Kerberos (Emil Anca via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d6d3600c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d6d3600c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d6d3600c

Branch: refs/heads/trunk
Commit: d6d3600c566fc1a8b28ef0c89dcc002e844cafc9
Parents: 878b6fa
Author: Emil Anca <ea...@hortonworks.com>
Authored: Tue May 5 21:51:51 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Tue May 5 21:51:51 2015 -0400

----------------------------------------------------------------------
 .../server/controller/KerberosHelper.java       |  34 +++++-
 .../kerberos/CleanupServerAction.java           | 108 +++++++++++++++++++
 .../server/controller/KerberosHelperTest.java   |   8 +-
 3 files changed, 147 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 1c4365c..6b970c6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -67,6 +67,7 @@ import org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandlerFa
 import org.apache.ambari.server.serveraction.kerberos.KerberosRealmException;
 import org.apache.ambari.server.serveraction.kerberos.KerberosServerAction;
 import org.apache.ambari.server.serveraction.kerberos.UpdateKerberosConfigsServerAction;
+import org.apache.ambari.server.serveraction.kerberos.CleanupServerAction;
 import org.apache.ambari.server.stageplanner.RoleGraph;
 import org.apache.ambari.server.stageplanner.RoleGraphFactory;
 import org.apache.ambari.server.state.Cluster;
@@ -911,7 +912,7 @@ public class KerberosHelper {
             hostParamsJson, event, roleCommandOrder, kerberosDetails, dataDirectory,
             requestStageContainer, serviceComponentHostsToProcess, hostsWithValidKerberosClient);
 
-        // Add the cleanup stage...
+        // Add the finalize stage...
         handler.addFinalizeOperationStage(cluster, clusterHostInfoJson, hostParamsJson, event,
             dataDirectory, roleCommandOrder, requestStageContainer);
 
@@ -2450,7 +2451,7 @@ public class KerberosHelper {
                                           RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer)
         throws AmbariException {
 
-      // Add the cleanup stage...
+      // Add the finalize stage...
       Map<String, String> commandParameters = new HashMap<String, String>();
       commandParameters.put(KerberosServerAction.AUTHENTICATED_USER_NAME, ambariManagementController.getAuthName());
       commandParameters.put(KerberosServerAction.DATA_DIRECTORY, dataDirectory.getAbsolutePath());
@@ -2471,6 +2472,31 @@ public class KerberosHelper {
       roleGraph.build(stage);
       requestStageContainer.addStages(roleGraph.getStages());
     }
+
+    public void addCleanupStage(Cluster cluster, String clusterHostInfoJson,
+                                String hostParamsJson, ServiceComponentHostServerActionEvent event,
+                                Map<String, String> commandParameters,
+                                RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer)
+      throws AmbariException {
+      Stage stage = createServerActionStage(requestStageContainer.getLastStageId(),
+        cluster,
+        requestStageContainer.getId(),
+        "Kerberization Clean Up",
+        clusterHostInfoJson,
+        "{}",
+        hostParamsJson,
+        CleanupServerAction.class,
+        event,
+        commandParameters,
+        "Kerberization Clean Up",
+        1200);
+
+      RoleGraph roleGraph = roleGraphFactory.createNew(roleCommandOrder);
+      roleGraph.build(stage);
+      requestStageContainer.addStages(roleGraph.getStages());
+    }
+
+
   }
 
   /**
@@ -2798,6 +2824,10 @@ public class KerberosHelper {
         // Create stage to delete keytabs
         addDeleteKeytabFilesStage(cluster, serviceComponentHosts, clusterHostInfoJson,
             hostParamsJson, commandParameters, roleCommandOrder, requestStageContainer, hostsWithValidKerberosClient);
+        // *****************************************************************
+        // Create stage to perform data cleanups (e.g. kerberos descriptor artifact database leftovers)
+        addCleanupStage(cluster, clusterHostInfoJson, hostParamsJson, event, commandParameters,
+          roleCommandOrder, requestStageContainer);
       }
 
       return requestStageContainer.getLastStageId();

http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
new file mode 100644
index 0000000..52ac8ac
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.serveraction.kerberos;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.actionmanager.HostRoleStatus;
+import org.apache.ambari.server.agent.CommandReport;
+import org.apache.ambari.server.controller.internal.ArtifactResourceProvider;
+import org.apache.ambari.server.controller.spi.*;
+import org.apache.ambari.server.controller.utilities.ClusterControllerHelper;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.state.Cluster;
+import org.apache.ambari.server.state.SecurityType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * Used to perform Kerberos Cleanup Operations as part of the Unkerberization process
+ */
+public class CleanupServerAction extends KerberosServerAction {
+
+  private final static Logger LOG = LoggerFactory.getLogger(CleanupServerAction.class);
+
+  /**
+   * Processes an identity as necessary.
+   * <p/>
+   * This method is not used since the {@link #processIdentities(java.util.Map)} is not invoked
+   *
+   * @param identityRecord           a Map containing the data for the current identity record
+   * @param evaluatedPrincipal       a String indicating the relevant principal
+   * @param operationHandler         a KerberosOperationHandler used to perform Kerberos-related
+   *                                 tasks for specific Kerberos implementations
+   *                                 (MIT, Active Directory, etc...)
+   * @param requestSharedDataContext a Map to be used a shared data among all ServerActions related
+   *                                 to a given request
+   * @return null, always
+   * @throws AmbariException
+   */
+  @Override
+  protected CommandReport processIdentity(Map<String, String> identityRecord, String evaluatedPrincipal, KerberosOperationHandler operationHandler, Map<String, Object> requestSharedDataContext) throws AmbariException {
+    return null;
+  }
+
+  /**
+   * @param requestSharedDataContext a Map to be used a shared data among all ServerActions related
+   *                                 to a given request
+   * @return
+   * @throws AmbariException
+   * @throws InterruptedException
+   */
+  @Override
+  public CommandReport execute(ConcurrentMap<String, Object> requestSharedDataContext) throws AmbariException, InterruptedException {
+
+    Cluster cluster = getCluster();
+    if (cluster.getSecurityType().equals(SecurityType.NONE)) { // double check this is done in a non secure environment
+      removeKerberosArtifact(cluster);
+      LOG.info("Kerberos descriptor removed successfully.");
+      actionLog.writeStdOut("Kerberos descriptor removed successfully.");
+    }
+
+    return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr());
+
+  }
+
+  /**
+   * Removes the Kerberos descriptor artifact from the database
+   *
+   * @param cluster targeted for the remove process
+   * @throws AmbariException
+   */
+  private void removeKerberosArtifact(Cluster cluster) throws AmbariException {
+    PredicateBuilder pb = new PredicateBuilder();
+    Predicate predicate = pb.begin().property("Artifacts/cluster_name").equals(cluster.getClusterName()).and().
+      property(ArtifactResourceProvider.ARTIFACT_NAME_PROPERTY).equals("kerberos_descriptor").
+      end().toPredicate();
+
+    ClusterController clusterController = ClusterControllerHelper.getClusterController();
+
+    ResourceProvider artifactProvider =
+      clusterController.ensureResourceProvider(Resource.Type.Artifact);
+
+    try {
+      artifactProvider.deleteResources(predicate);
+    } catch (NoSuchResourceException e) {
+      throw new AmbariException("Could not find the Kerberos descriptor to delete", e);
+    } catch (Exception e) {
+      throw new AmbariException("An unknown error occurred while trying to delete the cluster Kerberos descriptor", e);
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 9bc9b9f..54170a6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -1425,7 +1425,13 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(requestStageContainer.getId()).andReturn(1L).once();
     requestStageContainer.addStages(anyObject(List.class));
     expectLastCall().once();
-    // Clean-up/Finalize Stage
+    // Finalize Stage
+    expect(requestStageContainer.getLastStageId()).andReturn(3L).anyTimes();
+    expect(requestStageContainer.getId()).andReturn(1L).once();
+    requestStageContainer.addStages(anyObject(List.class));
+    expectLastCall().once();
+
+    // Cleanup Stage
     expect(requestStageContainer.getLastStageId()).andReturn(3L).anyTimes();
     expect(requestStageContainer.getId()).andReturn(1L).once();
     requestStageContainer.addStages(anyObject(List.class));