WHIRR-751. Improve Kerberos service
diff --git a/services/kerberos/src/main/java/org/apache/whirr/service/kerberos/KerberosBaseHandler.java b/services/kerberos/src/main/java/org/apache/whirr/service/kerberos/KerberosBaseHandler.java
index e86555c..b23f3da 100644
--- a/services/kerberos/src/main/java/org/apache/whirr/service/kerberos/KerberosBaseHandler.java
+++ b/services/kerberos/src/main/java/org/apache/whirr/service/kerberos/KerberosBaseHandler.java
@@ -39,7 +39,12 @@
protected void beforeBootstrap(ClusterActionEvent event) throws IOException {
addStatement(event, call("configure_hostnames"));
addStatement(event, call("retry_helpers"));
- addStatement(event, call(getInstallFunction(event.getClusterSpec().getConfiguration(), "java", "install_openjdk")));
+ if (!(event.getClusterSpec().getConfiguration().containsKey("whirr.env.jdk_installed")
+ && event.getClusterSpec()
+ .getConfiguration().getBoolean("whirr.env.jdk_installed"))) {
+ addStatement(event,
+ call(getInstallFunction(event.getClusterSpec().getConfiguration(), "java", "install_openjdk")));
+ }
addStatement(event, call("install_kerberos_client"));
}
diff --git a/services/kerberos/src/main/resources/functions/configure_kerberos_server.sh b/services/kerberos/src/main/resources/functions/configure_kerberos_server.sh
index 6b78a95..6f002b2 100644
--- a/services/kerberos/src/main/resources/functions/configure_kerberos_server.sh
+++ b/services/kerberos/src/main/resources/functions/configure_kerberos_server.sh
@@ -20,10 +20,22 @@
function configure_kerberos_server() {
KERBEROS_USER=${KERBEROS_USER:-$CLUSTER_USER}
KERBEROS_REALM_REGEX=$(echo $KERBEROS_REALM | sed s/\\\./\\\\\./g)
- service krb5kdc stop
- service kadmin stop
- sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kdc.conf
- yum install -y expect
+ if which dpkg &> /dev/null; then
+ KERBEROS_HOME=/etc/krb5kdc
+ KERBEROS_SERVICE_KDC=krb5-kdc
+ KERBEROS_SERVICE_ADMIN=krb5-admin-server
+ export DEBIAN_FRONTEND=noninteractive
+ retry_apt_get update
+ retry_apt_get -q -y install expect
+ elif which rpm &> /dev/null; then
+ KERBEROS_HOME=/var/kerberos/krb5kdc
+ KERBEROS_SERVICE_KDC=krb5kdc
+ KERBEROS_SERVICE_ADMIN=kadmin
+ retry_yum install -y expect
+ fi
+ service $KERBEROS_SERVICE_KDC stop
+ service $KERBEROS_SERVICE_ADMIN stop
+ sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kdc.conf
cat >> run_kdb5_util <<END
#!/usr/bin/expect -f
set timeout 5000
@@ -35,7 +47,11 @@
chmod +x run_kdb5_util
./run_kdb5_util
rm -rf run_kdb5_util
- sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kadm5.acl
+ if [ -f $KERBEROS_HOME/kadm5.acl ]; then
+ sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kadm5.acl
+ else
+ echo "*/admin@$KERBEROS_REALM *" > $KERBEROS_HOME/kadm5.acl
+ fi
cat >> run_addpinc <<END
#!/usr/bin/expect -f
set timeout 5000
@@ -52,9 +68,7 @@
./run_addpinc $KERBEROS_USER $KERBEROS_USER $KERBEROS_REALM
./run_addpinc hdfs hdfs $KERBEROS_REALM
rm -rf ./run_addpinc
- service krb5kdc start
- service kadmin start
- chkconfig krb5kdc on
- chkconfig kadmin on
+ service $KERBEROS_SERVICE_KDC start
+ service $KERBEROS_SERVICE_ADMIN start
CONFIGURE_KERBEROS_DONE=1
}
diff --git a/services/kerberos/src/main/resources/functions/install_kerberos_client.sh b/services/kerberos/src/main/resources/functions/install_kerberos_client.sh
index 74a4189..9a21ef1 100644
--- a/services/kerberos/src/main/resources/functions/install_kerberos_client.sh
+++ b/services/kerberos/src/main/resources/functions/install_kerberos_client.sh
@@ -19,18 +19,32 @@
function install_kerberos_client() {
if which dpkg &> /dev/null; then
- retry_apt_get -y install krb5-libs krb5-workstation unzip
+ export DEBIAN_FRONTEND=noninteractive
+ retry_apt_get update
+ retry_apt_get -q -y install krb5-user krb5-config unzip
elif which rpm &> /dev/null; then
retry_yum install -y krb5-libs krb5-workstation unzip
fi
- if [ ! -z "${JDK_INSTALL_URL+xxx}" ]; then
- JCE_POLICY_URL=$(dirname $JDK_INSTALL_URL)"/jce_policy-6.zip"
- wget $JCE_POLICY_URL
- if [ -f jce_policy-6.zip ]; then
- unzip jce_policy-6.zip
- mkdir -p /tmp/java_security_old
- mv /usr/java/default/jre/lib/security/US_export_policy.jar /usr/java/default/jre/lib/security/local_policy.jar /tmp/java_security_old
- mv jce/*.jar /usr/java/default/jre/lib/security
+ if [ -z "${JAVA_HOME+xxx}" ]; then
+ if which java &> /dev/null; then
+ JAVA_HOME=$(readlink -f $(which java) | sed "s:/bin/java::")
+ fi
+ fi
+ if [ ! -z "${JAVA_HOME+xxx}" ]; then
+ JAVA_VERSION_MAJOR=$($JAVA_HOME/bin/java -version 2>&1 | grep "java version" | sed 's/java version \"1\.\([0-9]*\)\..*/\1/')
+ if [ "$JAVA_VERSION_MAJOR" == "6" ]; then
+ JAVA_JCE=jce_policy-6.zip
+ elif [ "$JAVA_VERSION_MAJOR" == "7" ]; then
+ JAVA_JCE=UnlimitedJCEPolicyJDK7.zip
+ fi
+ if [ ! -z "${JAVA_JCE+xxx}" ]; then
+ if [ ! -z "${JDK_INSTALL_URL+xxx}" ]; then
+ wget -nv $(dirname $JDK_INSTALL_URL)"/"$JAVA_JCE
+ if [ -f $JAVA_JCE ]; then
+ unzip -q -o -j $JAVA_JCE -d $JAVA_HOME/jre/lib/security
+ rm $JAVA_JCE
+ fi
+ fi
fi
fi
}
diff --git a/services/kerberos/src/main/resources/functions/install_kerberos_server.sh b/services/kerberos/src/main/resources/functions/install_kerberos_server.sh
index 7a9b86c..0cf22ab 100644
--- a/services/kerberos/src/main/resources/functions/install_kerberos_server.sh
+++ b/services/kerberos/src/main/resources/functions/install_kerberos_server.sh
@@ -19,7 +19,9 @@
function install_kerberos_server() {
if which dpkg &> /dev/null; then
- retry_apt_get -y install krb5-server
+ export DEBIAN_FRONTEND=noninteractive
+ retry_apt_get update
+ retry_apt_get -q -y install krb5-kdc krb5-admin-server
elif which rpm &> /dev/null; then
retry_yum install -y krb5-server
fi
diff --git a/services/kerberos/src/test/java/org/apache/whirr/service/kerberos/KerberosServerDryRunTest.java b/services/kerberos/src/test/java/org/apache/whirr/service/kerberos/KerberosServerDryRunTest.java
index 5a80478..21b8531 100644
--- a/services/kerberos/src/test/java/org/apache/whirr/service/kerberos/KerberosServerDryRunTest.java
+++ b/services/kerberos/src/test/java/org/apache/whirr/service/kerberos/KerberosServerDryRunTest.java
@@ -23,8 +23,11 @@
import java.util.Set;
+import junit.framework.AssertionFailedError;
+
import org.apache.whirr.service.BaseServiceDryRunTest;
import org.apache.whirr.service.DryRunModule.DryRun;
+import org.junit.Assert;
import org.junit.Test;
import com.google.common.base.Predicate;
@@ -57,4 +60,34 @@
assertScriptPredicateOnPhase(dryRun, "configure", configurePredicate());
}
+ @Test
+ public void testJavaInstalled() throws Exception {
+ DryRun dryRun = launchWithClusterSpec(newClusterSpecForProperties(ImmutableMap.of("whirr.instance-templates", "1 "
+ + KerberosServerHandler.ROLE + "+" + KerberosClientHandler.ROLE)));
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", bootstrapPredicate());
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", containsPattern("install_openjdk"));
+ }
+
+ @Test
+ public void testJavaInstalledFalse() throws Exception {
+ DryRun dryRun = launchWithClusterSpec(newClusterSpecForProperties(ImmutableMap.of("whirr.instance-templates", "1 "
+ + KerberosServerHandler.ROLE + "+" + KerberosClientHandler.ROLE, "whirr.env.jdk_installed", "false")));
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", bootstrapPredicate());
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", containsPattern("install_openjdk"));
+ }
+
+ @Test
+ public void testJavaInstalledTrue() throws Exception {
+ DryRun dryRun = launchWithClusterSpec(newClusterSpecForProperties(ImmutableMap.of("whirr.instance-templates", "1 "
+ + KerberosServerHandler.ROLE + "+" + KerberosClientHandler.ROLE, "whirr.env.jdk_installed", "true")));
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", bootstrapPredicate());
+ boolean assertFailed = false;
+ try {
+ assertScriptPredicateOnPhase(dryRun, "bootstrap", containsPattern("install_openjdk"));
+ } catch (AssertionFailedError assertionFailedError) {
+ assertFailed = true;
+ }
+ Assert.assertTrue(assertFailed);
+ }
+
}
