Skip to content
Permalink
Browse files
[AMBARI-25088] Enable Kerberos fails when Ambari server is not on a r…
…egistered host
  • Loading branch information
rlevas committed Jan 4, 2019
1 parent c20e418 commit 77b5319381fd083f4f9774581b1fad082bb71e4a
Showing 1 changed file with 11 additions and 9 deletions.
@@ -1763,6 +1763,7 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S
} else {
Collection<String> hosts;
String ambariServerHostname = StageUtils.getHostName();
boolean ambariServerHostnameIsForced = false;

if (hostName == null) {
Map<String, Host> hostMap = clusters.getHostsForCluster(clusterName);
@@ -1777,6 +1778,7 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S
extendedHosts.addAll(hosts);
extendedHosts.add(ambariServerHostname);
hosts = extendedHosts;
ambariServerHostnameIsForced = true;
}
} else {
hosts = Collections.singleton(hostName);
@@ -1788,14 +1790,14 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S
if (kerberosDescriptor != null) {
Set<String> existingServices = cluster.getServices().keySet();

for (String hostname : hosts) {
for (String host : hosts) {
// Calculate the current host-specific configurations. These will be used to replace
// variables within the Kerberos descriptor data
Map<String, Map<String, String>> configurations = calculateConfigurations(cluster,
hostname,
kerberosDescriptor,
false,
false);
(ambariServerHostnameIsForced && ambariServerHostname.equals(host)) ? null : host,
kerberosDescriptor,
false,
false);

// Create the context to use for filtering Kerberos Identities based on the state of the cluster
Map<String, Object> filterContext = new HashMap<>();
@@ -1804,10 +1806,10 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S


Map<String, KerberosIdentityDescriptor> hostActiveIdentities = new HashMap<>();
List<KerberosIdentityDescriptor> identities = getActiveIdentities(cluster, hostname,
List<KerberosIdentityDescriptor> identities = getActiveIdentities(cluster, host,
serviceName, componentName, kerberosDescriptor, filterContext);

if (hostname.equals(ambariServerHostname)) {
if (host.equals(ambariServerHostname)) {
// Determine if we should _calculate_ the Ambari service identities.
// If kerberos-env/create_ambari_principal is not set to false the identity should be calculated.
if (createAmbariIdentities(kerberosEnvConfig.getProperties())) {
@@ -1836,7 +1838,7 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S
}

if (replaceHostNames) {
principal = principal.replace("_HOST", hostname);
principal = principal.replace("_HOST", host);
}

String uniqueKey = String.format("%s|%s", principal, (keytabFile == null) ? "" : keytabFile);
@@ -1883,7 +1885,7 @@ public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(S
}
}

activeIdentities.put(hostname, hostActiveIdentities.values());
activeIdentities.put(host, hostActiveIdentities.values());
}
}
}

0 comments on commit 77b5319

Please sign in to comment.