branch-1.2/ambari-agent/src/main/puppet/modules/hdp-kerberos/manifests/adminclient.pp - incubator-ambari - Git at Google

 #
 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #
 #

 class hdp-kerberos::adminclient(
   $service_state = $hdp::params::cluster_service_state
 ) inherits hdp-kerberos::params
 {
   import 'hdp'

   $kadmin_pw = "bla123"
   $kadmin_admin = "kadmin/admin"
   $realm = $kerberos_domain
   $krb_realm = $kerberos_domain
   $hdp::params::service_exists['hdp-kerberos::adminclient'] = true
   $krbContext = {}
   $krbContext['kadmin_pw'] = $kadmin_pw
   $krbContext['kadmin_admin'] = $kadmin_admin
   $krbContext['realm' ] = $kerberos_domain
   $krbContext['local_or_remote'] = 'remote'
   $krbContext['principals_to_create'] = $principals_to_create
   $krbContext['keytabs_to_create'] = $keytabs_to_create
   $krbContext['principals_in_keytabs'] = $principals_in_keytabs

   $kdc_server = $kdc_host

   package { $package_name_client:
     ensure => installed,
   }
   if ($hdp::params::service_exists['hdp-kerberos::server'] != true) {
     file { "/etc/krb5.conf":
       content => template('hdp-kerberos/krb5.conf'),
       owner => "root",
       group => "root",
       mode => "0644",
       require => Package[$package_name_client],
     }
   }

   if ($create_principals_keytabs == "yes") {
     notice("Creating principals and keytabs..")
     hdp-kerberos::principals_and_keytabs::services { 'alphabeta':
       krb_context => $krbContext
     }
   }
 }


 define hdp-kerberos::principals_and_keytabs::services(
   $krb_context
 )
 {
   include hdp-kerberos::params
   $principals_to_create = $krb_context[principals_to_create]
   $keytabs_to_create = $krb_context[keytabs_to_create]

   hdp-kerberos::principal {$principals_to_create:
     krb_context => $krb_context,
   }

   hdp-kerberos::keytab { $keytabs_to_create :
     krb_context => $krb_context,
     require => Hdp-kerberos::Principal[$principals_to_create]
   }
 }

 define hdp-kerberos::keytab(
   $krb_context,
   $keytable_file_owner = undef,
   $keytable_file_mode  = undef
 )
 {
   include hdp-kerberos::params
   $keytab = $name
   $realm = $krb_context['realm']
   $local_or_remote = $krb_context['local_or_remote']
   $kadmin_pw = $krb_context['kadmin_pw']
   $kadmin_admin = $krb_context['kadmin_admin']
   $kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
   if ($local_or_remote == 'local') {
     $kadmin_cmd = 'kadmin.local'
   }
   $principals_in_keytabs = $krb_context['principals_in_keytabs']

   $principals = $principals_in_keytabs[$keytab]
   $principals_list = inline_template("<%= principals.join(' ')%>")
   $keytab_filename = $keytab

   exec { "xst ${keytab}":
     command => "rm -rf ${keytab_filename}; ${kadmin_cmd} -q 'xst -k ${keytab_filename} ${principals_list}'; chown puppet:apache ${keytab_filename}",
     unless  => "klist -kt ${keytab_filename} 2>/dev/null | grep -q ' ${principals[0]}'", #TODO may make more robust test
     path   => $hdp-kerberos::params::exec_path,
   }

   if (($keytable_file_owner != undef) or ($keytable_file_mode != undef)) {
     file { $keytab_filename:
       owner => $keytable_file_owner,
       mode  => $keytable_file_mode,
       require => Exec["xst ${keytab}"]
     }
   }
 }

 define hdp-kerberos::principal(
   $krb_context
 )
 {
   include hdp-kerberos::params
   $realm = $krb_context['realm']
   $local_or_remote = $krb_context['local_or_remote']
   $kadmin_pw = $krb_context['kadmin_pw']
   $kadmin_admin = $krb_context['kadmin_admin']
   $kadmin_cmd =  "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
   if ($local_or_remote == 'local') {
     $kadmin_cmd = 'kadmin.local'
   }
   $principal = $name
   exec { "addprinc ${principal}":
     command => "${kadmin_cmd} -q 'addprinc -randkey ${principal}'",
     unless => "${kadmin_cmd} -q listprincs | grep -q '^${principal}$'",
     path => $hdp-kerberos::params::exec_path
   }
 }
	#
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	#

	class hdp-kerberos::adminclient(
	$service_state = $hdp::params::cluster_service_state
	) inherits hdp-kerberos::params
	{
	import 'hdp'

	$kadmin_pw = "bla123"
	$kadmin_admin = "kadmin/admin"
	$realm = $kerberos_domain
	$krb_realm = $kerberos_domain
	$hdp::params::service_exists['hdp-kerberos::adminclient'] = true
	$krbContext = {}
	$krbContext['kadmin_pw'] = $kadmin_pw
	$krbContext['kadmin_admin'] = $kadmin_admin
	$krbContext['realm' ] = $kerberos_domain
	$krbContext['local_or_remote'] = 'remote'
	$krbContext['principals_to_create'] = $principals_to_create
	$krbContext['keytabs_to_create'] = $keytabs_to_create
	$krbContext['principals_in_keytabs'] = $principals_in_keytabs

	$kdc_server = $kdc_host

	package { $package_name_client:
	ensure => installed,
	}
	if ($hdp::params::service_exists['hdp-kerberos::server'] != true) {
	file { "/etc/krb5.conf":
	content => template('hdp-kerberos/krb5.conf'),
	owner => "root",
	group => "root",
	mode => "0644",
	require => Package[$package_name_client],
	}
	}

	if ($create_principals_keytabs == "yes") {
	notice("Creating principals and keytabs..")
	hdp-kerberos::principals_and_keytabs::services { 'alphabeta':
	krb_context => $krbContext
	}
	}
	}


	define hdp-kerberos::principals_and_keytabs::services(
	$krb_context
	)
	{
	include hdp-kerberos::params
	$principals_to_create = $krb_context[principals_to_create]
	$keytabs_to_create = $krb_context[keytabs_to_create]

	hdp-kerberos::principal {$principals_to_create:
	krb_context => $krb_context,
	}

	hdp-kerberos::keytab { $keytabs_to_create :
	krb_context => $krb_context,
	require => Hdp-kerberos::Principal[$principals_to_create]
	}
	}

	define hdp-kerberos::keytab(
	$krb_context,
	$keytable_file_owner = undef,
	$keytable_file_mode = undef
	)
	{
	include hdp-kerberos::params
	$keytab = $name
	$realm = $krb_context['realm']
	$local_or_remote = $krb_context['local_or_remote']
	$kadmin_pw = $krb_context['kadmin_pw']
	$kadmin_admin = $krb_context['kadmin_admin']
	$kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
	if ($local_or_remote == 'local') {
	$kadmin_cmd = 'kadmin.local'
	}
	$principals_in_keytabs = $krb_context['principals_in_keytabs']

	$principals = $principals_in_keytabs[$keytab]
	$principals_list = inline_template("<%= principals.join(' ')%>")
	$keytab_filename = $keytab

	exec { "xst ${keytab}":
	command => "rm -rf ${keytab_filename}; ${kadmin_cmd} -q 'xst -k ${keytab_filename} ${principals_list}'; chown puppet:apache ${keytab_filename}",
	unless => "klist -kt ${keytab_filename} 2>/dev/null \| grep -q ' ${principals[0]}'", #TODO may make more robust test
	path => $hdp-kerberos::params::exec_path,
	}

	if (($keytable_file_owner != undef) or ($keytable_file_mode != undef)) {
	file { $keytab_filename:
	owner => $keytable_file_owner,
	mode => $keytable_file_mode,
	require => Exec["xst ${keytab}"]
	}
	}
	}

	define hdp-kerberos::principal(
	$krb_context
	)
	{
	include hdp-kerberos::params
	$realm = $krb_context['realm']
	$local_or_remote = $krb_context['local_or_remote']
	$kadmin_pw = $krb_context['kadmin_pw']
	$kadmin_admin = $krb_context['kadmin_admin']
	$kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
	if ($local_or_remote == 'local') {
	$kadmin_cmd = 'kadmin.local'
	}
	$principal = $name
	exec { "addprinc ${principal}":
	command => "${kadmin_cmd} -q 'addprinc -randkey ${principal}'",
	unless => "${kadmin_cmd} -q listprincs \| grep -q '^${principal}$'",
	path => $hdp-kerberos::params::exec_path
	}
	}