You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by lp...@apache.org on 2017/09/12 10:04:52 UTC
[35/57] [abbrv] ambari git commit: AMBARI-21868. Implement host
recovery - backend changes. (Eugene Chekanskiy via swagle)
AMBARI-21868. Implement host recovery - backend changes. (Eugene Chekanskiy via swagle)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c7a3bcd9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c7a3bcd9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c7a3bcd9
Branch: refs/heads/feature-branch-AMBARI-21307
Commit: c7a3bcd9cd9b4c92990405c6826140dee9ddd46e
Parents: 75c8f5e
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Fri Sep 8 13:53:18 2017 -0700
Committer: Siddharth Wagle <sw...@hortonworks.com>
Committed: Fri Sep 8 13:53:18 2017 -0700
----------------------------------------------------------------------
.../resources/ClusterResourceDefinition.java | 1 +
.../AmbariManagementControllerImpl.java | 25 +++++++++++++-------
.../controller/DeleteIdentityHandler.java | 3 ++-
.../server/controller/KerberosHelper.java | 8 +++++--
.../server/controller/KerberosHelperImpl.java | 13 ++++++----
.../AbstractPrepareKerberosServerAction.java | 14 ++++++-----
.../kerberos/CreateKeytabFilesServerAction.java | 9 +++++--
.../kerberos/CreatePrincipalsServerAction.java | 3 ++-
.../kerberos/KerberosIdentityDataFile.java | 2 +-
.../KerberosIdentityDataFileWriter.java | 9 ++++---
.../PrepareDisableKerberosServerAction.java | 2 +-
.../PrepareEnableKerberosServerAction.java | 2 +-
.../PrepareKerberosIdentitiesServerAction.java | 3 ++-
.../upgrades/PreconfigureKerberosAction.java | 6 ++---
.../server/agent/TestHeartbeatHandler.java | 2 +-
...AbstractPrepareKerberosServerActionTest.java | 2 +-
.../kerberos/KerberosIdentityDataFileTest.java | 8 +++----
.../kerberos/KerberosServerActionTest.java | 2 +-
18 files changed, 72 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
index 8933dd3..9d0c169 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
@@ -87,6 +87,7 @@ public class ClusterResourceDefinition extends BaseResourceDefinition {
directives.add(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS);
directives.add(KerberosHelper.DIRECTIVE_HOSTS);
directives.add(KerberosHelper.DIRECTIVE_COMPONENTS);
+ directives.add(KerberosHelper.DIRECTIVE_IGNORE_CONFIGS);
return directives;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 96280ea..34744eb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -2955,15 +2955,22 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
break;
case INIT:
- throw new AmbariException("Unsupported transition to INIT for"
- + " servicecomponenthost"
- + ", clusterName=" + cluster.getClusterName()
- + ", clusterId=" + cluster.getClusterId()
- + ", serviceName=" + scHost.getServiceName()
- + ", componentName=" + scHost.getServiceComponentName()
- + ", hostname=" + scHost.getHostName()
- + ", currentState=" + oldSchState
- + ", newDesiredState=" + newState);
+ if (oldSchState == State.INSTALLED ||
+ oldSchState == State.INSTALL_FAILED ||
+ oldSchState == State.INIT) {
+ scHost.setState(State.INIT);
+ continue;
+ } else {
+ throw new AmbariException("Unsupported transition to INIT for"
+ + " servicecomponenthost"
+ + ", clusterName=" + cluster.getClusterName()
+ + ", clusterId=" + cluster.getClusterId()
+ + ", serviceName=" + scHost.getServiceName()
+ + ", componentName=" + scHost.getServiceComponentName()
+ + ", hostname=" + scHost.getHostName()
+ + ", currentState=" + oldSchState
+ + ", newDesiredState=" + newState);
+ }
default:
throw new AmbariException("Unsupported state change operation"
+ ", newState=" + newState);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
index a7b9d80..29f8e2a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
@@ -227,7 +227,8 @@ class DeleteIdentityHandler {
calculateConfig(kerberosDescriptor, serviceNames()),
new HashMap<>(),
false,
- new HashMap<>());
+ new HashMap<>(),
+ false);
return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", actionLog.getStdOut(), actionLog.getStdErr());
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index bb360b5..20c5708 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -59,6 +59,10 @@ public interface KerberosHelper {
*/
String DIRECTIVE_COMPONENTS = "regenerate_components";
/**
+ * directive used to pass host list to regenerate keytabs on
+ */
+ String DIRECTIVE_IGNORE_CONFIGS = "ignore_config_updates";
+ /**
* directive used to indicate that the enable Kerberos operation should proceed even if the
* cluster's security type is not changing
*/
@@ -591,6 +595,7 @@ public interface KerberosHelper {
* values
* @param configurations a Map of configurations to use a replacements for variables
* in identity fields
+ * @param ignoreHeadless boolean value to specify if headless principals must not be processed
* @return an integer indicating the number of identities added to the data file
* @throws java.io.IOException if an error occurs while writing a record to the data file
*/
@@ -598,9 +603,8 @@ public interface KerberosHelper {
Collection<KerberosIdentityDescriptor> identities,
Collection<String> identityFilter, String hostname, String serviceName,
String componentName, Map<String, Map<String, String>> kerberosConfigurations,
- Map<String, Map<String, String>> configurations)
+ Map<String, Map<String, String>> configurations, boolean ignoreHeadless)
throws IOException;
-
/**
* Calculates the map of configurations relative to the cluster and host.
* <p/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 013a063..67b08fd 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -265,10 +265,13 @@ public class KerberosHelperImpl implements KerberosHelper {
Set<String> hostFilter = parseHostFilter(requestProperties);
Map<String, Set<String>> serviceComponentFilter = parseComponentFilter(requestProperties);
+ boolean updateConfigurations = !requestProperties.containsKey(DIRECTIVE_IGNORE_CONFIGS)
+ || !"true".equalsIgnoreCase(requestProperties.get(DIRECTIVE_IGNORE_CONFIGS));
+
if ("true".equalsIgnoreCase(value) || "all".equalsIgnoreCase(value)) {
- handler = new CreatePrincipalsAndKeytabsHandler(true, true, true);
+ handler = new CreatePrincipalsAndKeytabsHandler(true, updateConfigurations, true);
} else if ("missing".equalsIgnoreCase(value)) {
- handler = new CreatePrincipalsAndKeytabsHandler(false, true, true);
+ handler = new CreatePrincipalsAndKeytabsHandler(false, updateConfigurations, true);
}
if (handler != null) {
@@ -1482,7 +1485,7 @@ public class KerberosHelperImpl implements KerberosHelper {
Collection<KerberosIdentityDescriptor> identities,
Collection<String> identityFilter, String hostname, String serviceName,
String componentName, Map<String, Map<String, String>> kerberosConfigurations,
- Map<String, Map<String, String>> configurations)
+ Map<String, Map<String, String>> configurations, boolean ignoreHeadless)
throws IOException {
int identitiesAdded = 0;
@@ -1534,7 +1537,8 @@ public class KerberosHelperImpl implements KerberosHelper {
keytabFileOwnerAccess,
keytabFileGroupName,
keytabFileGroupAccess,
- (keytabIsCachable) ? "true" : "false");
+ (keytabIsCachable) ? "true" : "false",
+ (ignoreHeadless && principalDescriptor.getType() == KerberosPrincipalType.USER) ? "true" : "false");
}
// Add the principal-related configuration to the map of configurations
@@ -2189,6 +2193,7 @@ public class KerberosHelperImpl implements KerberosHelper {
keytabFileOwnerAccess,
keytabFileGroupName,
keytabFileGroupAccess,
+ "false",
"false");
hostsWithValidKerberosClient.add(hostname);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
index d6b8ffc..3db844a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
@@ -76,12 +76,13 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer
Map<String, Map<String, String>> currentConfigurations,
Map<String, Map<String, String>> kerberosConfigurations,
boolean includeAmbariIdentity,
- Map<String, Set<String>> propertiesToBeIgnored) throws AmbariException {
+ Map<String, Set<String>> propertiesToBeIgnored,
+ boolean excludeHeadless) throws AmbariException {
List<Component> components = new ArrayList<>();
for (ServiceComponentHost each : schToProcess) {
components.add(Component.fromServiceComponentHost(each));
}
- processServiceComponents(cluster, kerberosDescriptor, components, identityFilter, dataDirectory, currentConfigurations, kerberosConfigurations, includeAmbariIdentity, propertiesToBeIgnored);
+ processServiceComponents(cluster, kerberosDescriptor, components, identityFilter, dataDirectory, currentConfigurations, kerberosConfigurations, includeAmbariIdentity, propertiesToBeIgnored, excludeHeadless);
}
protected void processServiceComponents(Cluster cluster, KerberosDescriptor kerberosDescriptor,
@@ -90,7 +91,8 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer
Map<String, Map<String, String>> currentConfigurations,
Map<String, Map<String, String>> kerberosConfigurations,
boolean includeAmbariIdentity,
- Map<String, Set<String>> propertiesToBeIgnored) throws AmbariException {
+ Map<String, Set<String>> propertiesToBeIgnored,
+ boolean excludeHeadless) throws AmbariException {
actionLog.writeStdOut("Processing Kerberos identities and configurations");
@@ -141,7 +143,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer
// Add service-level principals (and keytabs)
kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, serviceIdentities,
- identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations);
+ identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, excludeHeadless);
propertiesToIgnore = gatherPropertiesToIgnore(serviceIdentities, propertiesToIgnore);
KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName);
@@ -156,7 +158,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer
// Add component-level principals (and keytabs)
kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities,
- identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations);
+ identityFilter, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, excludeHeadless);
propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore);
}
}
@@ -177,7 +179,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer
List<KerberosIdentityDescriptor> componentIdentities = Collections.singletonList(identity);
kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, componentIdentities,
- identityFilter, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations);
+ identityFilter, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations, excludeHeadless);
propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
index a23ab5d..4396a2b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
@@ -217,9 +217,14 @@ public class CreateKeytabFilesServerAction extends KerberosServerAction {
return commandReport;
}
+ boolean regenerateKeytabs = "true".equalsIgnoreCase(getCommandParameterValue(getCommandParameters(), REGENERATE_ALL));
+ boolean onlyKeytabWrite = "true".equalsIgnoreCase(identityRecord.get(KerberosIdentityDataFileReader.ONLY_KEYTAB_WRITE));
+ boolean grabKeytabFromCache = regenerateKeytabs && onlyKeytabWrite;
+ // if grabKeytabFromCache=true we will try to get keytab from cache and send to agent, it will be true for
+ // headless cached keytabs
if (password == null) {
- if (hostName.equalsIgnoreCase(KerberosHelper.AMBARI_SERVER_HOST_NAME) || kerberosPrincipalHostDAO
- .exists(evaluatedPrincipal, hostEntity.getHostId())) {
+ if (!grabKeytabFromCache && (hostName.equalsIgnoreCase(KerberosHelper.AMBARI_SERVER_HOST_NAME) || kerberosPrincipalHostDAO
+ .exists(evaluatedPrincipal, hostEntity.getHostId()))) {
// There is nothing to do for this since it must already exist and we don't want to
// regenerate the keytab
message = String.format("Skipping keytab file for %s, missing password indicates nothing to do", evaluatedPrincipal);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
index 2fd5abe..069c821 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
@@ -131,7 +131,8 @@ public class CreatePrincipalsServerAction extends KerberosServerAction {
boolean regenerateKeytabs = "true".equalsIgnoreCase(getCommandParameterValue(getCommandParameters(), REGENERATE_ALL));
if (regenerateKeytabs) {
- processPrincipal = true;
+ // do not process cached identities that can be passed as is(headless identities)
+ processPrincipal = "false".equals(identityRecord.get(KerberosIdentityDataFileReader.ONLY_KEYTAB_WRITE).toLowerCase());
} else {
KerberosPrincipalEntity kerberosPrincipalEntity = kerberosPrincipalDAO.find(evaluatedPrincipal);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java
index 81e345a..ddf3d1b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java
@@ -36,6 +36,6 @@ public interface KerberosIdentityDataFile extends KerberosDataFile {
String KEYTAB_FILE_GROUP_NAME = "keytab_file_group_name";
String KEYTAB_FILE_GROUP_ACCESS = "keytab_file_group_access";
String KEYTAB_FILE_IS_CACHABLE = "keytab_file_is_cachable";
-
+ String ONLY_KEYTAB_WRITE = "only_keytab_write";
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java
index f55c6f4..ea742bd 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java
@@ -68,7 +68,8 @@ public class KerberosIdentityDataFileWriter extends AbstractKerberosDataFileWrit
String principal, String principalType,
String keytabFilePath, String keytabFileOwnerName,
String keytabFileOwnerAccess, String keytabFileGroupName,
- String keytabFileGroupAccess, String keytabFileCanCache)
+ String keytabFileGroupAccess, String keytabFileCanCache,
+ String onlyKeytabWrite)
throws IOException {
super.appendRecord(hostName,
serviceName,
@@ -80,7 +81,8 @@ public class KerberosIdentityDataFileWriter extends AbstractKerberosDataFileWrit
keytabFileOwnerAccess,
keytabFileGroupName,
keytabFileGroupAccess,
- keytabFileCanCache);
+ keytabFileCanCache,
+ onlyKeytabWrite);
}
@Override
@@ -95,6 +97,7 @@ public class KerberosIdentityDataFileWriter extends AbstractKerberosDataFileWrit
KEYTAB_FILE_OWNER_ACCESS,
KEYTAB_FILE_GROUP_NAME,
KEYTAB_FILE_GROUP_ACCESS,
- KEYTAB_FILE_IS_CACHABLE);
+ KEYTAB_FILE_IS_CACHABLE,
+ ONLY_KEYTAB_WRITE);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
index 4e63f4a..f56e946 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
@@ -108,7 +108,7 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS
Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false);
processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory,
- configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore);
+ configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore, false);
// Add auth-to-local configurations to the set of changes
Map<String, Set<String>> authToLocalProperties = kerberosHelper.translateConfigurationSpecifications(kerberosDescriptor.getAllAuthToLocalProperties());
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
index e13f033..3ec84fa 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
@@ -117,7 +117,7 @@ public class PrepareEnableKerberosServerAction extends PrepareKerberosIdentities
Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false);
processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory,
- configurations, kerberosConfigurations, true, propertiesToIgnore);
+ configurations, kerberosConfigurations, true, propertiesToIgnore, false);
// Calculate the set of configurations to update and replace any variables
// using the previously calculated Map of configurations for the host.
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
index 00c82a5..49828cb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
@@ -33,6 +33,7 @@ import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.ServiceComponentHost;
import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
+import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -94,7 +95,7 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber
Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false);
processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory,
- configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore);
+ configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore, !CollectionUtils.isEmpty(getHostFilter()));
kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations,
propertiesToIgnore, propertiesToRemove, true);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
index 697f1d1..30bc47f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
@@ -310,7 +310,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction {
// Add service-level principals (and keytabs)
kerberosHelper.addIdentities(null, serviceIdentities,
- null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations);
+ null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, false);
propertiesToIgnore = gatherPropertiesToIgnore(serviceIdentities, propertiesToIgnore);
KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName);
@@ -325,7 +325,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction {
// Add component-level principals (and keytabs)
kerberosHelper.addIdentities(null, componentIdentities,
- null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations);
+ null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, false);
propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore);
}
}
@@ -346,7 +346,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction {
List<KerberosIdentityDescriptor> componentIdentities = Collections.singletonList(identity);
kerberosHelper.addIdentities(null, componentIdentities,
- null, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations);
+ null, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations, false);
propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
index b4ff5c1..20ff949 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
@@ -1549,7 +1549,7 @@ public class TestHeartbeatHandler {
kerberosIdentityDataFileWriter.writeRecord("c6403.ambari.apache.org", "HDFS", "DATANODE",
"dn/_HOST@_REALM", "service",
"/etc/security/keytabs/dn.service.keytab",
- "hdfs", "r", "hadoop", "", "false");
+ "hdfs", "r", "hadoop", "", "false", "false");
kerberosIdentityDataFileWriter.close();
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
index 95e5513..8ff5ad2 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
@@ -149,7 +149,7 @@ public class AbstractPrepareKerberosServerActionTest {
identityFilter,
"",
configurations, kerberosConfigurations,
- false, propertiesToIgnore);
+ false, propertiesToIgnore, false);
verify(kerberosHelper);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java
index 323ba8e..cfe0fee 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java
@@ -54,7 +54,7 @@ public class KerberosIdentityDataFileTest {
"principal" + i, "principal_type" + i, "keytabFilePath" + i,
"keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i,
"keytabFileGroupName" + i, "keytabFileGroupAccess" + i,
- "false");
+ "false", "false");
}
// Add some odd characters
@@ -62,7 +62,7 @@ public class KerberosIdentityDataFileTest {
"principal", "principal_type", "keytabFilePath",
"'keytabFileOwnerName'", "<keytabFileOwnerAccess>",
"\"keytabFileGroupName\"", "keytab,File,Group,Access",
- "false");
+ "false", "false");
writer.close();
Assert.assertTrue(writer.isClosed());
@@ -153,7 +153,7 @@ public class KerberosIdentityDataFileTest {
"principal", "principal_type", "keytabFilePath",
"keytabFileOwnerName", "keytabFileOwnerAccess",
"keytabFileGroupName", "keytabFileGroupAccess",
- "true");
+ "true", "false");
writer.close();
Assert.assertTrue(writer.isClosed());
@@ -179,7 +179,7 @@ public class KerberosIdentityDataFileTest {
"principal", "principal_type", "keytabFilePath",
"keytabFileOwnerName", "keytabFileOwnerAccess",
"keytabFileGroupName", "keytabFileGroupAccess",
- "true");
+ "true", "false");
writer.close();
Assert.assertTrue(writer.isClosed());
http://git-wip-us.apache.org/repos/asf/ambari/blob/c7a3bcd9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
index f63e6b8..a43db4d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
@@ -120,7 +120,7 @@ public class KerberosServerActionTest {
"principal|_HOST|_REALM" + i, "principal_type", "keytabFilePath" + i,
"keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i,
"keytabFileGroupName" + i, "keytabFileGroupAccess" + i,
- "false");
+ "false", "false");
}
writer.close();