AMBARI-12146 Ambari JAAS configuration removed after 2.0.1 to 2.1 upgrade (dsen)

ambari-server/src/main/package/deb/control/preinst

@@ -23,6 +23,9 @@ COMMON_SERVICES_FOLDER_OLD=/var/lib/ambari-server/resources/common-services_$(da
 AMBARI_PROPERTIES="/etc/ambari-server/conf/ambari.properties"
 AMBARI_PROPERTIES_OLD="$AMBARI_PROPERTIES.rpmsave"
 
+AMBARI_KRB_JAAS_LOGIN_FILE="/etc/ambari-server/conf/krb5JAASLogin.conf"
+AMBARI_KRB_JAAS_LOGIN_FILE_OLD="$AMBARI_KRB_JAAS_LOGIN_FILE.rpmsave"
+
 AMBARI_VIEWS_FOLDER="/var/lib/ambari-server/resources/views"
 AMBARI_VIEWS_BACKUP_FOLDER="$AMBARI_VIEWS_FOLDER/backups"
 
@@ -36,6 +39,11 @@ then
     mv -f "$AMBARI_PROPERTIES" "$AMBARI_PROPERTIES_OLD"
 fi
 
+if [ -f "$AMBARI_KRB_JAAS_LOGIN_FILE" ]
+then
+    mv -f "$AMBARI_KRB_JAAS_LOGIN_FILE" "$AMBARI_KRB_JAAS_LOGIN_FILE_OLD"
+fi
+
 if [ -d "$STACKS_FOLDER" ]
 then
     mv -f "$STACKS_FOLDER" "$STACKS_FOLDER_OLD"

ambari-server/src/main/python/ambari_server/serverConfiguration.py

@@ -60,7 +60,7 @@ BOOTSTRAP_DIR_PROPERTY = "bootstrap.dir"
 
 AMBARI_CONF_VAR = "AMBARI_CONF_DIR"
 AMBARI_PROPERTIES_FILE = "ambari.properties"
-
+AMBARI_KRB_JAAS_LOGIN_FILE = "krb5JAASLogin.conf"
 GET_FQDN_SERVICE_URL = "server.fqdn.service.url"
 
 SERVER_OUT_FILE_KEY = "ambari.output.file.path"
@@ -183,7 +183,7 @@ class ServerConfigDefaults(object):
     self.DEFAULT_LIBS_DIR = ""
 
     self.AMBARI_PROPERTIES_BACKUP_FILE = ""
-
+    self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = ""
     # ownership/permissions mapping
     # path - permissions - user - group - recursive
     # Rules are executed in the same order as they are listed
@@ -225,7 +225,7 @@ class ServerConfigDefaultsWindows(ServerConfigDefaults):
     self.DEFAULT_LIBS_DIR = "lib"
 
     self.AMBARI_PROPERTIES_BACKUP_FILE = "ambari.properties.backup"
-
+    self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = ""  # ToDo: should be adjusted later
     # ownership/permissions mapping
     # path - permissions - user - group - recursive
     # Rules are executed in the same order as they are listed
@@ -281,7 +281,7 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
     self.DEFAULT_LIBS_DIR = "/usr/lib/ambari-server"
 
     self.AMBARI_PROPERTIES_BACKUP_FILE = "ambari.properties.rpmsave"
-
+    self.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE = "krb5JAASLogin.conf.rpmsave"
     # ownership/permissions mapping
     # path - permissions - user - group - recursive
     # Rules are executed in the same order as they are listed
@@ -778,6 +778,40 @@ def parse_properties_file(args):
       args.database_password = args.database_password_file
   return 0
 
+def is_jaas_keytab_exists(conf_file):
+  with open(conf_file, "r") as f:
+    lines = f.read()
+
+  match = re.search("keyTab=(.*)$", lines, re.MULTILINE)
+  return os.path.exists(match.group(1).strip("\"").strip())
+
+def update_krb_jaas_login_properties():
+  """
+  Update configuration files
+  :return: int -2 - skipped, -1 - error, 0 - successful
+  """
+  prev_conf_file = search_file(configDefaults.AMBARI_KRB_JAAS_LOGIN_BACKUP_FILE, get_conf_dir())
+  conf_file = search_file(AMBARI_KRB_JAAS_LOGIN_FILE, get_conf_dir())
+
+  # check if source and target files exists, if not - skip copy action
+  if prev_conf_file is None or conf_file is None:
+    return -2
+
+  # if rpmsave file contains invalid keytab, we can skip restoring
+  if not is_jaas_keytab_exists(prev_conf_file):
+    return -2
+
+  try:
+    # restore original file, destination arg for rename func shouldn't exists
+    os.remove(conf_file)
+    os.rename(prev_conf_file, conf_file)
+    print_warning_msg("Original file %s kept" % AMBARI_KRB_JAAS_LOGIN_FILE)
+  except OSError as e:
+    print "Couldn't move %s file: %s" % (prev_conf_file, e)
+    return -1
+
+  return 0
+
 
 def update_ambari_properties():
   prev_conf_file = search_file(configDefaults.AMBARI_PROPERTIES_BACKUP_FILE, get_conf_dir())

ambari-server/src/main/python/ambari_server/serverUpgrade.py

@@ -35,7 +35,7 @@ from ambari_server.serverConfiguration import configDefaults, \
   get_java_exe_path, get_stack_location, parse_properties_file, read_ambari_user, update_ambari_properties, \
   update_database_name_property, get_admin_views_dir, \
   AMBARI_PROPERTIES_FILE, IS_LDAP_CONFIGURED, LDAP_PRIMARY_URL_PROPERTY, RESOURCES_DIR_PROPERTY, \
-  SETUP_OR_UPGRADE_MSG
+  SETUP_OR_UPGRADE_MSG, update_krb_jaas_login_properties, AMBARI_KRB_JAAS_LOGIN_FILE
 from ambari_server.setupSecurity import adjust_directory_permissions, \
   generate_env, ensure_can_start_under_current_user
 from ambari_server.utils import compare_versions
@@ -283,6 +283,15 @@ def upgrade(args):
     err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
     raise FatalException(retcode, err)
 
+  retcode = update_krb_jaas_login_properties()
+  if retcode == -2:
+    pass  # no changes done, let's be silent
+  elif retcode == 0:
+    print 'File ' + AMBARI_KRB_JAAS_LOGIN_FILE + ' updated.'
+  elif not retcode == 0:
+    err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
+    raise FatalException(retcode, err)
+
   try:
     update_database_name_property(upgrade=True)
   except FatalException:
@@ -413,4 +422,4 @@ class SetCurrentVersionOptions:
       self.desired_repo_version = None
 
   def no_finalize_options_set(self):
-    return self.cluster_name is None or self.desired_repo_version is None
+    return self.cluster_name is None or self.desired_repo_version is None

ambari-server/src/test/python/TestAmbariServer.py

@@ -4031,7 +4031,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
   @patch("ambari_server.serverUpgrade.get_ambari_properties")
   @patch("ambari_server.serverUpgrade.upgrade_local_repo")
   @patch("ambari_server.serverUpgrade.move_user_custom_actions")
-  def test_upgrade_from_161(self, move_user_custom_actions_mock, upgrade_local_repo_mock, get_ambari_properties_mock,
+  @patch("ambari_server.serverUpgrade.update_krb_jaas_login_properties")
+  def test_upgrade_from_161(self, update_krb_jaas_login_properties_mock, move_user_custom_actions_mock, upgrade_local_repo_mock, get_ambari_properties_mock,
                             get_ambari_properties_2_mock, get_ambari_properties_3_mock, get_ambari_version_mock, write_property_mock,
                             is_root_mock, update_ambari_properties_mock, find_properties_file_mock, run_os_command_mock,
                             run_schema_upgrade_mock, read_ambari_user_mock, print_warning_msg_mock,
@@ -4073,6 +4074,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     update_ambari_properties_mock.return_value = 0
     get_ambari_version_mock.return_value = "1.7.0"
     move_user_custom_actions_mock.return_value = None
+    update_krb_jaas_login_properties_mock.return_value = -2
 
     # Local Postgres
     # In Ambari 1.6.1 for an embedded postgres database, the "server.jdbc.database" property stored the DB name,
@@ -4240,7 +4242,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
   @patch("ambari_server.serverUpgrade.get_ambari_properties")
   @patch("ambari_server.serverUpgrade.upgrade_local_repo")
   @patch("ambari_server.serverUpgrade.move_user_custom_actions")
-  def test_upgrade(self, move_user_custom_actions, upgrade_local_repo_mock,
+  @patch("ambari_server.serverUpgrade.update_krb_jaas_login_properties")
+  def test_upgrade(self, update_krb_jaas_login_properties_mock, move_user_custom_actions, upgrade_local_repo_mock,
                    get_ambari_properties_mock, get_ambari_properties_2_mock, get_ambari_properties_3_mock,
                    is_root_mock, get_ambari_version_mock, get_ambari_version_2_mock,
                    parse_properties_file_mock,
@@ -4279,6 +4282,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     isfile_mock.return_value = False
     get_ambari_version_2_mock.return_value = get_ambari_version_mock.return_value = CURR_AMBARI_VERSION
     move_user_custom_actions.return_value = None
+    update_krb_jaas_login_properties_mock.return_value = -2
 
     # Testing call under non-root
     is_root_mock.return_value = False