You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/05/13 20:43:42 UTC
ambari git commit: AMBARI-11085. Kerberos: missing identities for AMS
in the CSV (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk a103aaa0b -> db748e555
AMBARI-11085. Kerberos: missing identities for AMS in the CSV (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/db748e55
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/db748e55
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/db748e55
Branch: refs/heads/trunk
Commit: db748e55544549c0fdea71356977e79d1ad5b509
Parents: a103aaa
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed May 13 14:43:41 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed May 13 14:43:50 2015 -0400
----------------------------------------------------------------------
.../ambari/server/controller/KerberosHelper.java | 18 +++++++++++++-----
.../AMBARI_METRICS/0.1.0/kerberos.json | 4 ++--
.../server/controller/KerberosHelperTest.java | 14 +++++++-------
3 files changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 6b970c6..e083b0e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -2077,11 +2077,20 @@ public class KerberosHelper {
}
if (principal != null) {
+ KerberosKeytabDescriptor keytabDescriptor = identity.getKeytabDescriptor();
+ String keytabFile = null;
+
+ if (keytabDescriptor != null) {
+ keytabFile = KerberosDescriptor.replaceVariables(keytabDescriptor.getFile(), configurations);
+ }
+
if (replaceHostNames) {
principal = principal.replace("_HOST", hostname);
}
- if (!hostActiveIdentities.containsKey(principal)) {
+ String uniqueKey = String.format("%s|%s", principal, (keytabFile == null) ? "" : keytabFile);
+
+ if (!hostActiveIdentities.containsKey(uniqueKey)) {
KerberosPrincipalDescriptor resolvedPrincipalDescriptor =
new KerberosPrincipalDescriptor(principal,
principalDescriptor.getType(),
@@ -2090,13 +2099,12 @@ public class KerberosHelper {
KerberosKeytabDescriptor resolvedKeytabDescriptor;
- KerberosKeytabDescriptor keytabDescriptor = identity.getKeytabDescriptor();
- if (keytabDescriptor == null) {
+ if (keytabFile == null) {
resolvedKeytabDescriptor = null;
} else {
resolvedKeytabDescriptor =
new KerberosKeytabDescriptor(
- KerberosDescriptor.replaceVariables(keytabDescriptor.getFile(), configurations),
+ keytabFile,
KerberosDescriptor.replaceVariables(keytabDescriptor.getOwnerName(), configurations),
KerberosDescriptor.replaceVariables(keytabDescriptor.getOwnerAccess(), configurations),
KerberosDescriptor.replaceVariables(keytabDescriptor.getGroupName(), configurations),
@@ -2105,7 +2113,7 @@ public class KerberosHelper {
keytabDescriptor.isCachable());
}
- hostActiveIdentities.put(principal, new KerberosIdentityDescriptor(
+ hostActiveIdentities.put(uniqueKey, new KerberosIdentityDescriptor(
identity.getName(),
resolvedPrincipalDescriptor,
resolvedKeytabDescriptor));
http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
index 03c3f93..33443e6 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
@@ -80,13 +80,13 @@
{
"name": "ams_zookeeper",
"principal": {
- "value": "zookeeper/_HOST@${realm}",
+ "value": "amszk/_HOST@${realm}",
"type": "service",
"configuration": "ams-hbase-security-site/ams.zookeeper.principal",
"local_username": "${ams-env/ambari_metrics_user}"
},
"keytab": {
- "file": "${keytab_dir}/zk.service.ams.keytab",
+ "file": "${keytab_dir}/ams-zk.service.keytab",
"owner": {
"name": "${ams-env/ambari_metrics_user}",
"access": "r"
http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 54170a6..5a6ddd3 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -462,7 +462,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host1@EXAMPLE.COM");
+ put("principal_name", "service1/host1@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -526,7 +526,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host1@EXAMPLE.COM");
+ put("principal_name", "service1/host1@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -564,7 +564,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host2@EXAMPLE.COM");
+ put("principal_name", "service1/host2@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -611,7 +611,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host2@EXAMPLE.COM");
+ put("principal_name", "service1/host2@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -712,7 +712,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host1@EXAMPLE.COM");
+ put("principal_name", "service1/host1@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -766,7 +766,7 @@ public class KerberosHelperTest extends EasyMockSupport {
validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
put("identity1", new HashMap<String, Object>() {
{
- put("principal_name", "component1/host2@EXAMPLE.COM");
+ put("principal_name", "service1/host2@EXAMPLE.COM");
put("principal_type", KerberosPrincipalType.SERVICE);
put("principal_configuration", "service1-site/component1.kerberos.principal");
put("principal_local_username", "service1");
@@ -3049,7 +3049,7 @@ public class KerberosHelperTest extends EasyMockSupport {
.anyTimes();
final KerberosPrincipalDescriptor principalDescriptor1 = createMock(KerberosPrincipalDescriptor.class);
- expect(principalDescriptor1.getValue()).andReturn("component1/_HOST@${realm}").anyTimes();
+ expect(principalDescriptor1.getValue()).andReturn("service1/_HOST@${realm}").anyTimes();
expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.SERVICE).anyTimes();
expect(principalDescriptor1.getConfiguration()).andReturn("service1-site/component1.kerberos.principal").anyTimes();
expect(principalDescriptor1.getLocalUsername()).andReturn("service1").anyTimes();