org.apache.ambari.server.serveraction.kerberos

Class ConfigureAmbariIdentitiesServerAction

java.lang.Object

org.apache.ambari.server.serveraction.AbstractServerAction

org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

org.apache.ambari.server.serveraction.kerberos.ConfigureAmbariIdentitiesServerAction

All Implemented Interfaces:

ServerAction

public class ConfigureAmbariIdentitiesServerAction
extends KerberosServerAction

ConfigureAmbariIdentitiesServerAction is a ServerAction implementation that creates keytab files as instructed.

This class mainly relies on the KerberosServerAction to iterate through metadata identifying the Kerberos keytab files that need to be created. For each identity in the metadata, this implementation's KerberosServerAction.processIdentity(ResolvedKerberosPrincipal, KerberosOperationHandler, Map, boolean, Map) is invoked attempting the creation of the relevant keytab file.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

KerberosServerAction.KerberosCommandParameters, KerberosServerAction.OperationType

Field Summary

Fields inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

AUTHENTICATED_USER_NAME, DATA_DIRECTORY, DATA_DIRECTORY_PREFIX, DEFAULT_REALM, HOST_FILTER, IDENTITY_FILTER, INCLUDE_AMBARI_IDENTITY, KDC_TYPE, KEYTAB_CONTENT_BASE64, OPERATION_TYPE, PRECONFIGURE_SERVICES, SERVICE_COMPONENT_FILTER, UPDATE_CONFIGURATION_NOTE, UPDATE_CONFIGURATION_POLICY

Fields inherited from class org.apache.ambari.server.serveraction.AbstractServerAction

actionLog, gson

Fields inherited from interface org.apache.ambari.server.serveraction.ServerAction

ACTION_NAME, ACTION_USER_NAME, DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, WRAPPED_CLASS_NAME

Constructor Summary

Constructors

Constructor and Description
ConfigureAmbariIdentitiesServerAction()

Method Summary

Modifier and Type	Method and Description
void	configureJAAS(String principal, String keytabFilePath, ActionLog actionLog) Configure Ambari's JAAS file to reflect the principal name and keytab file for Ambari's Kerberos identity.
CommandReport	execute(ConcurrentMap<String,Object> requestSharedDataContext) Called to execute this action.
boolean	installAmbariServerIdentity(ResolvedKerberosPrincipal principal, String srcKeytabFilePath, String destKeytabFilePath, String ownerName, String ownerAccess, String groupName, String groupAccess, ActionLog actionLog) Installs the Ambari Server Kerberos identity by copying its keytab file to the specified location and then creating the Ambari Server JAAS File.
protected CommandReport	processIdentity(ResolvedKerberosPrincipal resolvedPrincipal, KerberosOperationHandler operationHandler, Map<String,String> kerberosConfiguration, boolean includedInFilter, Map<String,Object> requestSharedDataContext) Creates keytab file for ambari-server identity.

Methods inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

ambariServerHostID, deleteDataDirectory, getCluster, getClusterName, getClusters, getCommandParameterValue, getCommandPreconfigureType, getConfigurationProperties, getDataDirectoryPath, getDataDirectoryPath, getDefaultRealm, getHostFilter, getIdentityFilter, getKDCType, getOperationType, getPrincipalKeyNumberMap, getPrincipalPasswordMap, getServiceComponentFilter, getUpdateConfigurationPolicy, hasHostFilters, processIdentities, pruneServiceFilter, setPrincipalPasswordMap

Methods inherited from class org.apache.ambari.server.serveraction.AbstractServerAction

auditLog, createCommandReport, createCompletedCommandReport, getCommandParameters, getCommandParameterValue, getExecutionCommand, getHostRoleCommand, setExecutionCommand, setHostRoleCommand

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConfigureAmbariIdentitiesServerAction

public ConfigureAmbariIdentitiesServerAction()

Method Detail

execute

public CommandReport execute(ConcurrentMap<String,Object> requestSharedDataContext)
                      throws org.apache.ambari.server.AmbariException,
                             InterruptedException

Called to execute this action. Upon invocation, calls KerberosServerAction.processIdentities(Map) )} to iterate through the Kerberos identity metadata and call KerberosServerAction.processIdentities(Map) for each identity to process.

Parameters:

requestSharedDataContext - a Map to be used a shared data among all ServerActions related to a given request

Returns:

a CommandReport indicating the result of this action

Throws:

org.apache.ambari.server.AmbariException

InterruptedException

processIdentity

protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedPrincipal,
                                        KerberosOperationHandler operationHandler,
                                        Map<String,String> kerberosConfiguration,
                                        boolean includedInFilter,
                                        Map<String,Object> requestSharedDataContext)
                                 throws org.apache.ambari.server.AmbariException

Creates keytab file for ambari-server identity.

It is expected that the CreatePrincipalsServerAction (or similar) and CreateKeytabFilesServerAction has executed before this action.

Specified by:

processIdentity in class KerberosServerAction

Parameters:

resolvedPrincipal - a ResolvedKerberosPrincipal object to process

operationHandler - a KerberosOperationHandler used to perform Kerberos-related tasks for specific Kerberos implementations (MIT, Active Directory, etc...)

kerberosConfiguration - a Map of configuration properties from kerberos-env

includedInFilter - a Boolean value indicating whather the principal is included in the current filter or not

requestSharedDataContext - a Map to be used a shared data among all ServerActions related to a given request @return a CommandReport, indicating an error condition; or null, indicating a success condition

Throws:

org.apache.ambari.server.AmbariException - if an error occurs while processing the identity record

installAmbariServerIdentity

public boolean installAmbariServerIdentity(ResolvedKerberosPrincipal principal,
                                           String srcKeytabFilePath,
                                           String destKeytabFilePath,
                                           String ownerName,
                                           String ownerAccess,
                                           String groupName,
                                           String groupAccess,
                                           ActionLog actionLog)
                                    throws org.apache.ambari.server.AmbariException

Installs the Ambari Server Kerberos identity by copying its keytab file to the specified location and then creating the Ambari Server JAAS File.

Parameters:

principal - the ambari server principal name

srcKeytabFilePath - the source location of the ambari server keytab file

destKeytabFilePath - the destination location of the ambari server keytab file

ownerName - the username for the owner of the generated keytab file

ownerAccess - the user file access, "", "r" or "rw"

groupName - the name of the group for the generated keytab file

groupAccess - the group file access, "", "r" or "rw"

actionLog - the logger

Returns:

true if success; false otherwise

Throws:

org.apache.ambari.server.AmbariException

configureJAAS

public void configureJAAS(String principal,
                          String keytabFilePath,
                          ActionLog actionLog)

Configure Ambari's JAAS file to reflect the principal name and keytab file for Ambari's Kerberos identity.

Parameters:

principal - the Ambari server's principal name

keytabFilePath - the absolute path to the Ambari server's keytab file

actionLog - the logger