Conversation
…le present in cache (apappu)
…if no file present in cache (apappu)" This reverts commit 629ab71.
…le present in cache (apappu)
|
Refer to this link for build results (access rights to CI server needed): |
| } else { | ||
| try { | ||
| if(regenerateKeytabs) { | ||
| Keytab keytab = createKeytab(resolvedPrincipal.getPrincipal(), password, keyNumber, operationHandler, visitedPrincipalKeys != null, true, actionLog); |
There was a problem hiding this comment.
we can't create here a keytab as password would be always null and keytab would be invalid at the end
There was a problem hiding this comment.
I guess the proper place to do the change is CreatePrincipalsServerAction, there is a place like:
} else if (!StringUtils.isEmpty(kerberosPrincipalEntity.getCachedKeytabPath())) {
// This principal has been processed and a keytab file has been cached for it... do not process it.
processPrincipal = false;
} else {
if we change it to something like:
} else if (!StringUtils.isEmpty(kerberosPrincipalEntity.getCachedKeytabPath())) {
File file = new File(kerberosPrincipalEntity.getCachedKeytabPath());
// Process the principal if the cache is missing, otherwise skip it
processPrincipal = !file.exists();
} else {
It would process with the the proper keytab re-generation
There was a problem hiding this comment.
@hapylestat I thought changing CreateKeytab operation code is more relevant - in the above recommendation we are touching the CreatePrincipleAction right.
There was a problem hiding this comment.
we can't create here a keytab as
passwordwould be alwaysnulland keytab would be invalid at the end
Look like we don't need password here - see https://github.com/apache/ambari/blob/branch-2.7/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCKerberosOperationHandler.java#L177
There was a problem hiding this comment.
for Kerberos yes, but check please code for non-Kerberos handlers
.../main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
Show resolved
Hide resolved
.../main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
Show resolved
Hide resolved
3 participants
What changes were proposed in this pull request?
(Please fill in changes proposed in this fix)
How was this patch tested?
(Please explain how this patch was tested. Ex: unit tests, manual tests)
(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)
Please review Ambari Contributing Guide before opening a pull request.