AMBARI-2767. keytab generation utility script doesn't support customized path for ambari managed user accounts. (Andrii Babiichuk via yusaku)

ambari-server/src/main/resources/scripts/keytabs.sh

@@ -75,10 +75,7 @@ processCSVFile () {
               echo "mkdir -p ./keytabs_$hostName" >> commands.mkdir;
               echo "chmod 755 ./keytabs_$hostName" >> commands.chmod;
               echo "chown -R root:$group `pwd`/keytabs_$hostName" >> commands.chown.1
-              echo "mkdir -p `pwd`/tmp_tar/etc/security/" >> commands.tar
-              echo "mv  `pwd`/keytabs_$hostName `pwd`/tmp_tar/etc/security/keytabs" >> commands.tar
-              echo "tar -C `pwd`/tmp_tar/ -cf `pwd`/keytabs_$hostName.tar etc" >> commands.tar
-              echo "rm -rf `pwd`/tmp_tar" >> commands.tar
+              echo "tar -cvf keytabs_$hostName.tar keytabs_$hostName" >> commands.tar
               seenHosts="$seenHosts$hostName";
         fi
         
@@ -86,12 +83,15 @@ processCSVFile () {
           echo -e "kadmin.local -q \"addprinc -randkey $principal\"" >> commands.addprinc;
           seenPrincipals="$seenPrincipals$principal"
         fi
-        
-        tmpKeytabFile=${keytabFilePath/\/etc\/security\/keytabs/`pwd`/tmp_keytabs}
-        newKeytabFile=${keytabFilePath/\/etc\/security\/keytabs/`pwd`/keytabs_$hostName}
+        tmpKeytabFile="`pwd`/tmp_keytabs/$keytabFile";
+	    newKeytabPath="`pwd`/keytabs_$hostName$keytabFilePath";
+	    newKeytabFile="$newKeytabPath/$keytabFile";
         if [ ! -f $tmpKeytabFile ]; then
           echo "kadmin.local -q \"xst -k $tmpKeytabFile $principal\"" >> commands.xst;          
         fi
+        if [ ! -d $newKeytabPath ]; then
+            echo "mkdir -p $newKeytabPath" >> commands.mkdir;
+        fi
         echo "cp $tmpKeytabFile $newKeytabFile" >> commands.xst.cp
         echo "chmod $acl $newKeytabFile" >> commands.chmod.2
         echo "chown $owner:$group $newKeytabFile" >> commands.chown.1
@@ -139,7 +139,7 @@ processCSVFile () {
     echo "###########################################################################"
     echo "# Cleanup"
     echo "###########################################################################"
-    echo "#rm -rf ./tmp_keytabs"
+    echo "rm -rf ./tmp_keytabs"
     echo ""
     echo "echo \"****************************************************************************\""
     echo "echo \"****************************************************************************\""

ambari-web/app/controllers/main/admin/security/add/step3.js

@@ -26,8 +26,12 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
     if ($.browser.msie && $.browser.version < 10) {
       this.openInfoInNewTab();
     } else {
-      var blob = new Blob([stringUtils.arrayToCSV(this.get('hostComponents'))], {type: "text/csv;charset=utf-8;"});
-      saveAs(blob, "host-principal-keytab-list.csv");
+      try {
+        var blob = new Blob([stringUtils.arrayToCSV(this.get('hostComponents'))], {type: "text/csv;charset=utf-8;"});
+        saveAs(blob, "host-principal-keytab-list.csv");
+      } catch(e) {
+         this.openInfoInNewTab();
+      }
     }
   },
   openInfoInNewTab: function () {
@@ -90,7 +94,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
         component: Em.I18n.t('admin.addSecurity.user.smokeUser'),
         principal: smokeUser,
         keytabFile: stringUtils.getFileFromPath(smokeUserKeytabPath),
-        keytab: smokeUserKeytabPath,
+        keytab: stringUtils.getPath(smokeUserKeytabPath),
         owner: smokeUserId,
         group: hadoopGroupId,
         acl: '440'
@@ -100,7 +104,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
         component: Em.I18n.t('admin.addSecurity.user.hdfsUser'),
         principal: hdfsUser,
         keytabFile: stringUtils.getFileFromPath(hdfsUserKeytabPath),
-        keytab: hdfsUserKeytabPath,
+        keytab: stringUtils.getPath(hdfsUserKeytabPath),
         owner: hdfsUserId,
         group: hadoopGroupId,
         acl: '440'
@@ -111,7 +115,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
           component: Em.I18n.t('admin.addSecurity.user.hbaseUser'),
           principal: hbaseUser,
           keytabFile: stringUtils.getFileFromPath(hbaseUserKeytabPath),
-          keytab: hbaseUserKeytabPath,
+          keytab: stringUtils.getPath(hbaseUserKeytabPath),
           owner: hbaseUserId,
           group: hadoopGroupId,
           acl: '440'
@@ -124,7 +128,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
           component: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser'),
           principal: hadoopHttpPrincipal.value.replace('_HOST', host.get('hostName')) + hadoopHttpPrincipal.unit,
           keytabFile: stringUtils.getFileFromPath(hadoopHttpKeytabPath),
-          keytab: hadoopHttpKeytabPath,
+          keytab: stringUtils.getPath(hadoopHttpKeytabPath),
           owner: 'root',
           group: hadoopGroupId,
           acl: '440'
@@ -139,7 +143,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
           component: Em.I18n.t('admin.addSecurity.webhcat.user.httpUser'),
           principal: webHCatHttpPrincipal.value.replace('_HOST', host.get('hostName')) + webHCatHttpPrincipal.unit,
           keytabFile: stringUtils.getFileFromPath(webHCatHttpKeytabPath),
-          keytab: webHCatHttpKeytabPath,
+          keytab: stringUtils.getPath(webHCatHttpKeytabPath),
           owner: 'root',
           group: hadoopGroupId,
           acl: '440'
@@ -154,7 +158,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
           component: Em.I18n.t('admin.addSecurity.oozie.user.httpUser'),
           principal: oozieHttpPrincipal.value.replace('_HOST', host.get('hostName')) + oozieHttpPrincipal.unit,
           keytabFile: stringUtils.getFileFromPath(oozieHttpKeytabPath),
-          keytab: oozieHttpKeytabPath,
+          keytab: stringUtils.getPath(oozieHttpKeytabPath),
           owner: 'root',
           group: hadoopGroupId,
           acl: '440'
@@ -191,7 +195,7 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
               component: displayName,
               principal: principal,
               keytabFile: stringUtils.getFileFromPath(keytab),
-              keytab: keytab,
+              keytab: stringUtils.getPath(keytab),
               owner: owner,
               group: hadoopGroupId,
               acl: '400'

ambari-web/app/utils/string_utils.js

@@ -134,6 +134,14 @@ module.exports = {
     if (!path || typeof path !== 'string') {
       return '';
     }
-    return path.toString().replace(/^.*[\/]/, '');
+    return path.replace(/^.*[\/]/, '');
+  },
+
+  getPath: function(path) {
+    if (!path || typeof path !== 'string' || path[0] != '/') {
+      return '';
+    }
+    var last_slash = path.lastIndexOf('/');
+    return (last_slash!=0)?path.substr(0,last_slash):'/';
   }
 }

ambari-web/test/utils/string_utils_test.js

@@ -109,4 +109,25 @@ describe('string_utils', function () {
     });
   });
 
+    describe('#getPath', function() {
+        var tests = [
+          {t: undefined, e: ''},
+          {t: {}, e: ''},
+          {t: [], e: ''},
+          {t: '', e: ''},
+          {t: function(){}, e: ''},
+          {t: '/path/to/filename', e: '/path/to'},
+          {t: '/path/to/', e: '/path/to'},
+          {t: '/filename', e: '/'},
+          {t: 'filename', e: ''},
+          {t: '/path/', e: '/path'},
+          {t: 'filename/', e: ''}
+      ];
+      tests.forEach(function(test) {
+          it('Check ' + typeof test.t, function () {
+            expect(string_utils.getPath(test.t)).to.equal(test.e);
+          });
+      });
+  });
+
 });