9 năm trước cách đây · 8e7a1db1b0
--- a/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
@@ -99,7 +99,13 @@ def curl_krb_request(tmp_dir, keytab, principal, url, cache_file_prefix,
 
				   # to generate a (relatively) unique cache filename so that we can use it as needed. Scope
			
 
				   # this file by user in order to prevent sharing of cache files by multiple users.
			
 
				   ccache_file_name = _md5("{0}|{1}".format(principal, keytab)).hexdigest()
			
 
				-  ccache_file_path = "{0}{1}{2}_{3}_cc_{4}".format(tmp_dir, os.sep, cache_file_prefix, user, ccache_file_name)
			
 
				+
			
 
				+  curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
			
 
				+  if not os.path.exists(curl_krb_cache_path):
			
 
				+    os.makedirs(curl_krb_cache_path)
			
 
				+  os.chmod(curl_krb_cache_path, 0777)
			
 
				+
			
 
				+  ccache_file_path = "{0}{1}{2}_{3}_cc_{4}".format(curl_krb_cache_path, os.sep, cache_file_prefix, user, ccache_file_name)
			
 
				   kerberos_env = {'KRB5CCNAME': ccache_file_path}
			
 
				 
			
 
				   # concurrent kinit's can cause the following error:
			
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
@@ -36,6 +36,8 @@ class KerberosClient(KerberosScript):
 
				     env.set_params(params)
			
 
				     if params.manage_krb5_conf:
			
 
				       self.write_krb5_conf()
			
 
				+    #delete krb cache to prevent using old krb tickets on fresh kerberos setup
			
 
				+    self.clear_tmp_cache()
			
 
				 
			
 
				     self.setup_jce()
			
 
				 
			
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
@@ -23,10 +23,12 @@ import string
 
				 import subprocess
			
 
				 import sys
			
 
				 import tempfile
			
 
				+from tempfile import gettempdir
			
 
				 
			
 
				 from resource_management import *
			
 
				 from utils import get_property_value
			
 
				 from ambari_commons.os_utils import remove_file
			
 
				+from ambari_agent import Constants
			
 
				 
			
 
				 class KerberosScript(Script):
			
 
				   KRB5_REALM_PROPERTIES = [
			
@@ -283,6 +285,14 @@ class KerberosScript(Script):
 
				 
			
 
				     return success
			
 
				 
			
 
				+  @staticmethod
			
 
				+  def clear_tmp_cache():
			
 
				+    tmp_dir = Constants.AGENT_TMP_DIR
			
 
				+    if tmp_dir is None:
			
 
				+      tmp_dir = gettempdir()
			
 
				+    curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
			
 
				+    Directory(curl_krb_cache_path, action="delete")
			
 
				+
			
 
				   @staticmethod
			
 
				   def create_principals(identities, auth_identity=None):
			
 
				     if identities is not None:
			
--- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
+++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
@@ -94,7 +94,8 @@ class TestKerberosClient(RMFTestCase):
 
				                        stack_version = self.STACK_VERSION,
			
 
				                        target = RMFTestCase.TARGET_COMMON_SERVICES
			
 
				     )
			
 
				-
			
 
				+    self.assertResourceCalled('Directory', '/var/lib/ambari-agent/tmp/curl_krb_cache', action=["delete"],
			
 
				+                              )
			
 
				     self.assertResourceCalled('Directory', '/tmp/AMBARI-artifacts/',
			
 
				                               create_parents = True,
			
 
				                               )