public class CreateKeytabFilesServerAction extends KerberosServerAction
KerberosServerAction.processIdentity(ResolvedKerberosPrincipal, KerberosOperationHandler, Map, boolean, Map)
is invoked attempting the creation of the relevant keytab file.KerberosServerAction.KerberosCommandParameters, KerberosServerAction.OperationTypeAUTHENTICATED_USER_NAME, DATA_DIRECTORY, DATA_DIRECTORY_PREFIX, DEFAULT_REALM, HOST_FILTER, IDENTITY_FILTER, INCLUDE_AMBARI_IDENTITY, KDC_TYPE, KEYTAB_CONTENT_BASE64, OPERATION_TYPE, PRECONFIGURE_SERVICES, SERVICE_COMPONENT_FILTER, UPDATE_CONFIGURATION_NOTE, UPDATE_CONFIGURATION_POLICYactionLog, gsonACTION_NAME, ACTION_USER_NAME, DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, WRAPPED_CLASS_NAME| Constructor and Description |
|---|
CreateKeytabFilesServerAction() |
| Modifier and Type | Method and Description |
|---|---|
org.apache.directory.server.kerberos.shared.keytab.Keytab |
createKeytab(String principal,
String password,
Integer keyNumber,
KerberosOperationHandler operationHandler,
boolean checkCache,
boolean canCache,
ActionLog actionLog)
Creates the keytab or gets one from the cache for a principal.
|
protected void |
ensureAmbariOnlyAccess(File file)
Ensures that the owner of the Ambari server process is the only local user account able to
read and write to the specified file or read, write to, and execute the specified directory.
|
CommandReport |
execute(ConcurrentMap<String,Object> requestSharedDataContext)
Called to execute this action.
|
protected CommandReport |
processIdentity(ResolvedKerberosPrincipal resolvedPrincipal,
KerberosOperationHandler operationHandler,
Map<String,String> kerberosConfiguration,
boolean includedInFilter,
Map<String,Object> requestSharedDataContext)
For each identity, create a keytab and append to a new or existing keytab file.
|
ambariServerHostID, deleteDataDirectory, getCluster, getClusterName, getClusters, getCommandParameterValue, getCommandPreconfigureType, getConfigurationProperties, getDataDirectoryPath, getDataDirectoryPath, getDefaultRealm, getHostFilter, getIdentityFilter, getKDCType, getOperationType, getPrincipalKeyNumberMap, getPrincipalPasswordMap, getServiceComponentFilter, getUpdateConfigurationPolicy, hasHostFilters, processIdentities, pruneServiceFilter, setPrincipalPasswordMapauditLog, createCommandReport, createCompletedCommandReport, getCommandParameters, getCommandParameterValue, getExecutionCommand, getHostRoleCommand, setExecutionCommand, setHostRoleCommandpublic CommandReport execute(ConcurrentMap<String,Object> requestSharedDataContext) throws org.apache.ambari.server.AmbariException, InterruptedException
KerberosServerAction.processIdentities(java.util.Map) )}
to iterate through the Kerberos identity metadata and call
KerberosServerAction.processIdentities(java.util.Map)
for each identity to process.requestSharedDataContext - a Map to be used a shared data among all ServerActions related
to a given requestorg.apache.ambari.server.AmbariExceptionInterruptedExceptionprotected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedPrincipal, KerberosOperationHandler operationHandler, Map<String,String> kerberosConfiguration, boolean includedInFilter, Map<String,Object> requestSharedDataContext) throws org.apache.ambari.server.AmbariException
CreatePrincipalsServerAction
(or similar) has executed before this action and a set of passwords has been created, map to
their relevant (evaluated) principals and stored in the requestSharedDataContext.
If a password exists for the current evaluatedPrincipal, use a
KerberosOperationHandler to generate
the keytab file. To help avoid filename collisions and to build a structure that is easy to
discover, each keytab file is stored in host-specific directory using the SHA1 hash of its destination file path.
data_directory |- host1 | |- 16a054404c8826cd604a27ac970e8cc4b9c7a3fa (keytab file) | |- ... (keytab files) | |- a3c09cae73406912e8c55296d1c85b674d24f576 (keytab file) |- host2 | |- ...
processIdentity in class KerberosServerActionresolvedPrincipal - a ResolvedKerberosPrincipal object to processoperationHandler - a KerberosOperationHandler used to perform Kerberos-related
tasks for specific Kerberos implementations
(MIT, Active Directory, etc...)kerberosConfiguration - a Map of configuration properties from kerberos-envincludedInFilter - a Boolean value indicating whather the principal is included in
the current filter or notrequestSharedDataContext - a Map to be used a shared data among all ServerActions related
to a given request @return a CommandReport, indicating an error
condition; or null, indicating a success conditionorg.apache.ambari.server.AmbariException - if an error occurs while processing the identity recordpublic org.apache.directory.server.kerberos.shared.keytab.Keytab createKeytab(String principal, String password, Integer keyNumber, KerberosOperationHandler operationHandler, boolean checkCache, boolean canCache, ActionLog actionLog) throws org.apache.ambari.server.AmbariException
principal - the principal name for the Keytab to createpassword - the password for the Keytab to createkeyNumber - the key number for the Keytab to createoperationHandler - the KerberosOperationHandler for the relevant KDCcheckCache - true to check the cache for an existing Keytab; otherwise falsecanCache - true to cache the resulting keytab (if generated); otherwise falseactionLog - the logger (may be null if no logging is desired)org.apache.ambari.server.AmbariExceptionprotected void ensureAmbariOnlyAccess(File file) throws org.apache.ambari.server.AmbariException
file - the file or directory for which to modify accessorg.apache.ambari.server.AmbariExceptionCopyright © 2022 Apache Software Foundation. All rights reserved.