You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/05/06 03:51:31 UTC
[2/2] ambari git commit: AMBARI-10930. After disable Kerberos and
change Realm,
test principal with old realm is created when re-enabling Kerberos (Emil Anca
via rlevas)
AMBARI-10930. After disable Kerberos and change Realm, test principal with old realm is created when re-enabling Kerberos (Emil Anca via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d6d3600c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d6d3600c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d6d3600c
Branch: refs/heads/trunk
Commit: d6d3600c566fc1a8b28ef0c89dcc002e844cafc9
Parents: 878b6fa
Author: Emil Anca <ea...@hortonworks.com>
Authored: Tue May 5 21:51:51 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Tue May 5 21:51:51 2015 -0400
----------------------------------------------------------------------
.../server/controller/KerberosHelper.java | 34 +++++-
.../kerberos/CleanupServerAction.java | 108 +++++++++++++++++++
.../server/controller/KerberosHelperTest.java | 8 +-
3 files changed, 147 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 1c4365c..6b970c6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -67,6 +67,7 @@ import org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandlerFa
import org.apache.ambari.server.serveraction.kerberos.KerberosRealmException;
import org.apache.ambari.server.serveraction.kerberos.KerberosServerAction;
import org.apache.ambari.server.serveraction.kerberos.UpdateKerberosConfigsServerAction;
+import org.apache.ambari.server.serveraction.kerberos.CleanupServerAction;
import org.apache.ambari.server.stageplanner.RoleGraph;
import org.apache.ambari.server.stageplanner.RoleGraphFactory;
import org.apache.ambari.server.state.Cluster;
@@ -911,7 +912,7 @@ public class KerberosHelper {
hostParamsJson, event, roleCommandOrder, kerberosDetails, dataDirectory,
requestStageContainer, serviceComponentHostsToProcess, hostsWithValidKerberosClient);
- // Add the cleanup stage...
+ // Add the finalize stage...
handler.addFinalizeOperationStage(cluster, clusterHostInfoJson, hostParamsJson, event,
dataDirectory, roleCommandOrder, requestStageContainer);
@@ -2450,7 +2451,7 @@ public class KerberosHelper {
RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer)
throws AmbariException {
- // Add the cleanup stage...
+ // Add the finalize stage...
Map<String, String> commandParameters = new HashMap<String, String>();
commandParameters.put(KerberosServerAction.AUTHENTICATED_USER_NAME, ambariManagementController.getAuthName());
commandParameters.put(KerberosServerAction.DATA_DIRECTORY, dataDirectory.getAbsolutePath());
@@ -2471,6 +2472,31 @@ public class KerberosHelper {
roleGraph.build(stage);
requestStageContainer.addStages(roleGraph.getStages());
}
+
+ public void addCleanupStage(Cluster cluster, String clusterHostInfoJson,
+ String hostParamsJson, ServiceComponentHostServerActionEvent event,
+ Map<String, String> commandParameters,
+ RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer)
+ throws AmbariException {
+ Stage stage = createServerActionStage(requestStageContainer.getLastStageId(),
+ cluster,
+ requestStageContainer.getId(),
+ "Kerberization Clean Up",
+ clusterHostInfoJson,
+ "{}",
+ hostParamsJson,
+ CleanupServerAction.class,
+ event,
+ commandParameters,
+ "Kerberization Clean Up",
+ 1200);
+
+ RoleGraph roleGraph = roleGraphFactory.createNew(roleCommandOrder);
+ roleGraph.build(stage);
+ requestStageContainer.addStages(roleGraph.getStages());
+ }
+
+
}
/**
@@ -2798,6 +2824,10 @@ public class KerberosHelper {
// Create stage to delete keytabs
addDeleteKeytabFilesStage(cluster, serviceComponentHosts, clusterHostInfoJson,
hostParamsJson, commandParameters, roleCommandOrder, requestStageContainer, hostsWithValidKerberosClient);
+ // *****************************************************************
+ // Create stage to perform data cleanups (e.g. kerberos descriptor artifact database leftovers)
+ addCleanupStage(cluster, clusterHostInfoJson, hostParamsJson, event, commandParameters,
+ roleCommandOrder, requestStageContainer);
}
return requestStageContainer.getLastStageId();
http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
new file mode 100644
index 0000000..52ac8ac
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.serveraction.kerberos;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.actionmanager.HostRoleStatus;
+import org.apache.ambari.server.agent.CommandReport;
+import org.apache.ambari.server.controller.internal.ArtifactResourceProvider;
+import org.apache.ambari.server.controller.spi.*;
+import org.apache.ambari.server.controller.utilities.ClusterControllerHelper;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.state.Cluster;
+import org.apache.ambari.server.state.SecurityType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * Used to perform Kerberos Cleanup Operations as part of the Unkerberization process
+ */
+public class CleanupServerAction extends KerberosServerAction {
+
+ private final static Logger LOG = LoggerFactory.getLogger(CleanupServerAction.class);
+
+ /**
+ * Processes an identity as necessary.
+ * <p/>
+ * This method is not used since the {@link #processIdentities(java.util.Map)} is not invoked
+ *
+ * @param identityRecord a Map containing the data for the current identity record
+ * @param evaluatedPrincipal a String indicating the relevant principal
+ * @param operationHandler a KerberosOperationHandler used to perform Kerberos-related
+ * tasks for specific Kerberos implementations
+ * (MIT, Active Directory, etc...)
+ * @param requestSharedDataContext a Map to be used a shared data among all ServerActions related
+ * to a given request
+ * @return null, always
+ * @throws AmbariException
+ */
+ @Override
+ protected CommandReport processIdentity(Map<String, String> identityRecord, String evaluatedPrincipal, KerberosOperationHandler operationHandler, Map<String, Object> requestSharedDataContext) throws AmbariException {
+ return null;
+ }
+
+ /**
+ * @param requestSharedDataContext a Map to be used a shared data among all ServerActions related
+ * to a given request
+ * @return
+ * @throws AmbariException
+ * @throws InterruptedException
+ */
+ @Override
+ public CommandReport execute(ConcurrentMap<String, Object> requestSharedDataContext) throws AmbariException, InterruptedException {
+
+ Cluster cluster = getCluster();
+ if (cluster.getSecurityType().equals(SecurityType.NONE)) { // double check this is done in a non secure environment
+ removeKerberosArtifact(cluster);
+ LOG.info("Kerberos descriptor removed successfully.");
+ actionLog.writeStdOut("Kerberos descriptor removed successfully.");
+ }
+
+ return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr());
+
+ }
+
+ /**
+ * Removes the Kerberos descriptor artifact from the database
+ *
+ * @param cluster targeted for the remove process
+ * @throws AmbariException
+ */
+ private void removeKerberosArtifact(Cluster cluster) throws AmbariException {
+ PredicateBuilder pb = new PredicateBuilder();
+ Predicate predicate = pb.begin().property("Artifacts/cluster_name").equals(cluster.getClusterName()).and().
+ property(ArtifactResourceProvider.ARTIFACT_NAME_PROPERTY).equals("kerberos_descriptor").
+ end().toPredicate();
+
+ ClusterController clusterController = ClusterControllerHelper.getClusterController();
+
+ ResourceProvider artifactProvider =
+ clusterController.ensureResourceProvider(Resource.Type.Artifact);
+
+ try {
+ artifactProvider.deleteResources(predicate);
+ } catch (NoSuchResourceException e) {
+ throw new AmbariException("Could not find the Kerberos descriptor to delete", e);
+ } catch (Exception e) {
+ throw new AmbariException("An unknown error occurred while trying to delete the cluster Kerberos descriptor", e);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d6d3600c/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 9bc9b9f..54170a6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -1425,7 +1425,13 @@ public class KerberosHelperTest extends EasyMockSupport {
expect(requestStageContainer.getId()).andReturn(1L).once();
requestStageContainer.addStages(anyObject(List.class));
expectLastCall().once();
- // Clean-up/Finalize Stage
+ // Finalize Stage
+ expect(requestStageContainer.getLastStageId()).andReturn(3L).anyTimes();
+ expect(requestStageContainer.getId()).andReturn(1L).once();
+ requestStageContainer.addStages(anyObject(List.class));
+ expectLastCall().once();
+
+ // Cleanup Stage
expect(requestStageContainer.getLastStageId()).andReturn(3L).anyTimes();
expect(requestStageContainer.getId()).andReturn(1L).once();
requestStageContainer.addStages(anyObject(List.class));