AMBARI-9580. Set kdc_type in kerberos-env rather than krb5-conf configuration (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java

@@ -705,18 +705,18 @@ public class KerberosHelper {
 
     KDCType kdcType = null;
     String kdcTypeProperty = kerberosEnvProperties.get("kdc_type");
-    if (kdcTypeProperty == null) {
-      // TODO: (rlevas) Only pull from kerberos-env, this is only for transitional purposes (AMBARI 9121)
-      kdcTypeProperty = krb5ConfProperties.get("kdc_type");
+    if(kdcTypeProperty == null) {
+      String message = "The 'kerberos-env/kdc_type' value must be set to a valid KDC type";
+      LOG.error(message);
+      throw new IllegalArgumentException(message);
     }
-    if (kdcTypeProperty != null) {
-      try {
-        kdcType = KDCType.translate(kdcTypeProperty);
-      } catch (IllegalArgumentException e) {
-        String message = String.format("Invalid 'kdc_type' value: %s", kdcTypeProperty);
-        LOG.error(message);
-        throw new AmbariException(message);
-      }
+
+    try {
+      kdcType = KDCType.translate(kdcTypeProperty);
+    } catch (IllegalArgumentException e) {
+      String message = String.format("Invalid 'kdc_type' value: %s", kdcTypeProperty);
+      LOG.error(message);
+      throw new AmbariException(message);
     }
 
     kerberosDetails.setSecurityType(cluster.getSecurityType());

ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml

@@ -21,6 +21,14 @@
 -->
 
 <configuration supports_final="false">
+  <property require-input="true">
+    <name>kdc_type</name>
+    <description>
+      The type of KDC being used. Either mit-kdc or active-directory
+    </description>
+    <value>mit-kdc</value>
+  </property>
+
   <property require-input="true">
     <name>ldap_url</name>
     <description>

ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml

@@ -113,13 +113,6 @@
     </description>
     <value/>
   </property>
-  <property require-input="true">
-    <name>kdc_type</name>
-    <description>
-      The type of KDC being used. Either mit-kdc or active-directory
-    </description>
-    <value>mit-kdc</value>
-  </property>
   <property require-input="true">
     <name>kdc_host</name>
     <description>

ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml

@@ -91,13 +91,6 @@
     </description>
     <value/>
   </property>
-  <property require-input="true">
-    <name>kdc_type</name>
-    <description>
-      The type of KDC being used. Either mit-kdc or active-directory
-    </description>
-    <value>mit-kdc</value>
-  </property>
   <property require-input="true">
     <name>kdc_host</name>
     <description>

ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java

@@ -385,18 +385,15 @@ public class KerberosHelperTest extends EasyMockSupport {
     expectLastCall().once();
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
-    // TODO: (rlevas) Add when AMBARI 9121 is complete
-    // expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
+    expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
 
     final Config kerberosEnvConfig = createNiceMock(Config.class);
     expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).once();
 
     final Map<String, String> krb5ConfProperties = createNiceMock(Map.class);
-    expect(krb5ConfProperties.get("kdc_type")).andReturn("mit-kdc").once();
     expect(krb5ConfProperties.get("realm")).andReturn("FOOBAR.COM").once();
 
     final Config krb5ConfConfig = createNiceMock(Config.class);
-    // TODO: (rlevas) Remove when AMBARI 9121 is complete
     expect(krb5ConfConfig.getProperties()).andReturn(krb5ConfProperties).once();
 
     final Cluster cluster = createNiceMock(Cluster.class);
@@ -636,18 +633,15 @@ public class KerberosHelperTest extends EasyMockSupport {
     expectLastCall().once();
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
-    // TODO: (rlevas) Add when AMBARI 9121 is complete
-    // expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
+    expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
 
     final Config kerberosEnvConfig = createNiceMock(Config.class);
     expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).once();
 
     final Map<String, String> krb5ConfProperties = createNiceMock(Map.class);
-    expect(krb5ConfProperties.get("kdc_type")).andReturn("mit-kdc").once();
     expect(krb5ConfProperties.get("realm")).andReturn("FOOBAR.COM").once();
 
     final Config krb5ConfConfig = createNiceMock(Config.class);
-    // TODO: (rlevas) Remove when AMBARI 9121 is complete
     expect(krb5ConfConfig.getProperties()).andReturn(krb5ConfProperties).once();
 
     final Cluster cluster = createNiceMock(Cluster.class);
@@ -862,18 +856,15 @@ public class KerberosHelperTest extends EasyMockSupport {
         .once();
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
-    // TODO: (rlevas) Add when AMBARI 9121 is complete
-    // expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
+    expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
 
     final Config kerberosEnvConfig = createNiceMock(Config.class);
     expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).once();
 
     final Map<String, String> krb5ConfProperties = createNiceMock(Map.class);
-    expect(krb5ConfProperties.get("kdc_type")).andReturn("mit-kdc").once();
     expect(krb5ConfProperties.get("realm")).andReturn("FOOBAR.COM").once();
 
     final Config krb5ConfConfig = createNiceMock(Config.class);
-    // TODO: (rlevas) Remove when AMBARI 9121 is complete
     expect(krb5ConfConfig.getProperties()).andReturn(krb5ConfProperties).once();
 
     final Cluster cluster = createNiceMock(Cluster.class);
@@ -1143,18 +1134,15 @@ public class KerberosHelperTest extends EasyMockSupport {
         .once();
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
-    // TODO: (rlevas) Add when AMBARI 9121 is complete
-    // expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
+    expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").once();
 
     final Config kerberosEnvConfig = createNiceMock(Config.class);
     expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).once();
 
     final Map<String, String> krb5ConfProperties = createNiceMock(Map.class);
-    expect(krb5ConfProperties.get("kdc_type")).andReturn("mit-kdc").once();
     expect(krb5ConfProperties.get("realm")).andReturn("FOOBAR.COM").once();
 
     final Config krb5ConfConfig = createNiceMock(Config.class);
-    // TODO: (rlevas) Remove when AMBARI 9121 is complete
     expect(krb5ConfConfig.getProperties()).andReturn(krb5ConfProperties).once();
 
     final Cluster cluster = createNiceMock(Cluster.class);

ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py

@@ -74,11 +74,13 @@ def get_manged_kdc_use_case():
     json_data = json.load(f)
 
   json_data['clusterHostInfo']['kdc_server_hosts'] = ['c6401.ambari.apache.org']
+  json_data['configurations']['kerberos-env'] = {
+    'kdc_type': 'mit-kdc'
+  }
   json_data['configurations']['krb5-conf'] = {
     'libdefaults_default_tgs_enctypes': 'aes256-cts-hmac-sha1-96',
     'libdefaults_default_tkt_enctypes': 'aes256-cts-hmac-sha1-96',
     'realm': 'MANAGED_REALM.COM',
-    'kdc_type': 'mit-kdc',
     'kdc_host': 'c6401.ambari.apache.org',
     'admin_principal': "admin/admin",
     'admin_password': "hadoop"
@@ -92,6 +94,9 @@ def get_unmanged_kdc_use_case():
   with open(config_file, "r") as f:
     json_data = json.load(f)
 
+  json_data['configurations']['kerberos-env'] = {
+    'kdc_type': 'mit-kdc'
+  }
   json_data['configurations']['krb5-conf'] = {
     'libdefaults_default_tgs_enctypes': 'aes256-cts-hmac-sha1-96',
     'libdefaults_default_tkt_enctypes': 'aes256-cts-hmac-sha1-96',
@@ -99,7 +104,6 @@ def get_unmanged_kdc_use_case():
     'conf_file': 'krb5_unmanaged.conf',
     'content': krb5_conf_template,
     'realm': 'OSCORPINDUSTRIES.COM',
-    'kdc_type': 'mit-kdc',
     'kdc_host': 'ad.oscorp_industries.com',
     'admin_principal': "admin/admin",
     'admin_password': "hadoop"
@@ -118,6 +122,9 @@ def get_unmanged_ad_use_case():
   with open(config_file, "r") as f:
     json_data = json.load(f)
 
+  json_data['configurations']['kerberos-env'] = {
+    'kdc_type': 'active-directory',
+  }
   json_data['configurations']['krb5-conf'] = {
     'libdefaults_default_tgs_enctypes': 'aes256-cts-hmac-sha1-96',
     'libdefaults_default_tkt_enctypes': 'aes256-cts-hmac-sha1-96',
@@ -125,7 +132,6 @@ def get_unmanged_ad_use_case():
     'conf_file': 'krb5_ad.conf',
     'content': krb5_conf_template,
     'realm': 'OSCORPINDUSTRIES.COM',
-    'kdc_type': 'active-directory',
     'kdc_host': 'ad.oscorp_industries.com',
     'admin_principal': "admin/admin",
     'admin_password': "hadoop"
@@ -151,12 +157,14 @@ def get_cross_realm_use_case():
                         '}\n'
 
   json_data['clusterHostInfo']['kdc_server_hosts'] = ['c6401.ambari.apache.org']
+  json_data['configurations']['kerberos-env'] = {
+    'kdc_type': 'mit-kdc'
+  }
   json_data['configurations']['krb5-conf'] = {
     'libdefaults_default_tgs_enctypes': 'aes256-cts-hmac-sha1-96',
     'libdefaults_default_tkt_enctypes': 'aes256-cts-hmac-sha1-96',
     'content': _krb5_conf_template,
     'realm': 'MANAGED_REALM.COM',
-    'kdc_type': 'mit-kdc',
     'kdc_host': 'c6401.ambari.apache.org',
     'admin_principal': "admin/admin",
     'admin_password': "hadoop"

ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json

@@ -164,7 +164,8 @@
             "content": "\n# The file containing the running pid\nPID_FILE={{webhcat_pid_file}}\n\nTEMPLETON_LOG_DIR={{templeton_log_dir}}/\n\n\nWEBHCAT_LOG_DIR={{templeton_log_dir}}/\n\n# The console error log\nERROR_LOG={{templeton_log_dir}}/webhcat-console-error.log\n\n# The console log\nCONSOLE_LOG={{templeton_log_dir}}/webhcat-console.log\n\n#TEMPLETON_JAR=templeton_jar_name\n\n#HADOOP_PREFIX=hadoop_prefix\n\n#HCAT_PREFIX=hive_prefix\n\n# Set HADOOP_HOME to point to a specific hadoop install directory\nexport HADOOP_HOME={{hadoop_home}}"
         }, 
         "kerberos-env": {
-            "ldap_url": "", 
+            "kdc_type": "mit-kdc",
+            "ldap_url": "",
             "create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}\n    ", 
             "container_dn": ""
         }, 
@@ -1009,8 +1010,7 @@
             "logging_kdc": "FILE:/var/log/krb5kdc.log", 
             "domains": "", 
             "logging_default": "FILE:/var/log/krb5libs.log", 
-            "kdc_type": "mit-kdc", 
-            "libdefaults_dns_lookup_realm": "false", 
+            "libdefaults_dns_lookup_realm": "false",
             "libdefaults_renew_lifetime": "7d", 
             "libdefaults_default_tkt_enctypes": "\n      aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5\n      camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4\n    "
         }, 

ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json

@@ -139,7 +139,7 @@
         "service_name" : "KERBEROS",
         "stack_name" : "HDP",
         "stack_version" : "2.2",
-        "type" : "krb5-conf.xml"
+        "type" : "kerberos-env.xml"
       }
     },
     {

ambari-web/app/data/HDP2/site_properties.js

@@ -1964,7 +1964,7 @@ var hdp2properties = [
     "isRequiredByAgent": true,
     "displayType": "masterHost",
     "serviceName": "KERBEROS",
-    "filename": "krb5-conf.xml",
+    "filename": "kerberos-env.xml",
     "category": "KDC",
     "index": 0
   },