AMBARI-10053. The path(s) to the Kerberos utilities (kadmin, klist, etc...) should be configurable (rlevas)

ambari-common/src/main/python/resource_management/libraries/functions/__init__.py

@@ -25,6 +25,7 @@ import platform
 from resource_management.libraries.functions.default import *
 from resource_management.libraries.functions.format import *
 from resource_management.libraries.functions.find_path import *
+from resource_management.libraries.functions.find_executable import *
 from resource_management.libraries.functions.get_kinit_path import *
 from resource_management.libraries.functions.get_kdestroy_path import *
 from resource_management.libraries.functions.get_klist_path import *

ambari-common/src/main/python/resource_management/libraries/functions/find_executable.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+__all__ = ["find_executable"]
+from find_path import find_path
+
+
+def find_executable(search_directories, filename):
+  """
+  Searches for the specified executable using a list of specified search paths or, if None, a default
+  set of paths:
+    /usr/bin
+    /usr/kerberos/bin
+    /usr/sbin
+    /usr/lib/mit/bin
+    /usr/lib/mit/sbin
+
+  @param search_directories: comma separated list or a list of (absolute paths to) directories to search (in order of preference)
+  @param filename: the name of the file for which to search
+  """
+  if isinstance(search_directories, unicode):
+    search_directories = map(str.strip, search_directories.encode("ascii").split(","))
+  elif isinstance(search_directories, str):
+    search_directories = map(str.strip, search_directories.split(","))
+  elif not isinstance(search_directories, list):
+    search_directories = ["/usr/bin", "/usr/kerberos/bin", "/usr/sbin", '/usr/lib/mit/bin',
+                          '/usr/lib/mit/sbin']
+
+  return find_path(search_directories, filename)

ambari-common/src/main/python/resource_management/libraries/functions/find_path.py

@@ -26,7 +26,7 @@ import os
 
 def find_path(search_directories, filename):
   """
-  @param search_directories: comma separated list of (absolute paths to) directories to search (in order of preference)
+  @param search_directories: comma separated list or a list of (absolute paths to) directories to search (in order of preference)
   @param filename: the name of the file for which to search
   """
   path = ""

ambari-common/src/main/python/resource_management/libraries/functions/get_kdestroy_path.py

@@ -21,14 +21,14 @@ Ambari Agent
 """
 
 __all__ = ["get_kdestroy_path"]
-from find_path import find_path
+from find_executable import find_executable
 
 
-def get_kdestroy_path():
+def get_kdestroy_path(search_directories=None):
   """
-  Searches for the kdestroy executable using a default set of of paths to search:
-    /usr/bin
-    /usr/kerberos/bin
-    /usr/sbin
+  Searches for the kdestroy executable using the specified search paths or a default set of of paths to search
+
+  @param search_directories: comma separated list or a list of (absolute paths to) directories to search (in order of preference)
+  :return: the path to the found kdestroy executable
   """
-  return find_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"], "kdestroy")
+  return find_executable(search_directories, "kdestroy")

ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py

@@ -21,14 +21,14 @@ Ambari Agent
 """
 
 __all__ = ["get_kinit_path"]
-from find_path import find_path
+from find_executable import find_executable
 
 
-def get_kinit_path():
+def get_kinit_path(search_directories=None):
   """
-  Searches for the kinit executable using a default set of of paths to search:
-    /usr/bin
-    /usr/kerberos/bin
-    /usr/sbin
+  Searches for the kinit executable using the specified search paths or a default set of of paths to search
+
+  @param search_directories: comma separated list or a list of (absolute paths to) directories to search (in order of preference)
+  :return: the path to the found kinit executable
   """
-  return find_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"], "kinit")
+  return find_executable(search_directories, "kinit")

ambari-common/src/main/python/resource_management/libraries/functions/get_klist_path.py

@@ -21,14 +21,14 @@ Ambari Agent
 """
 
 __all__ = ["get_klist_path"]
-from find_path import find_path
+from find_executable import find_executable
 
 
-def get_klist_path():
+def get_klist_path(search_directories=None):
   """
-  Searches for the klist executable using a default set of of paths to search:
-    /usr/bin
-    /usr/kerberos/bin
-    /usr/sbin
+  Searches for the klist executable using the specified search paths or a default set of of paths to search
+
+  @param search_directories: comma separated list or a list of (absolute paths to) directories to search (in order of preference)
+  :return: the path to the found klist executable
   """
-  return find_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"], "klist")
+  return find_executable(search_directories, "klist")

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java

@@ -90,12 +90,22 @@ public abstract class KerberosOperationHandler {
    */
   public final static String KERBEROS_ENV_ADMIN_SERVER_HOST = "admin_server_host";
 
+  /**
+   * Kerberos-env configuration property name: executable_search_paths
+   */
+  public final static String KERBEROS_ENV_EXECUTABLE_SEARCH_PATHS = "executable_search_paths";
+
   /**
    * The set of available characters to use when generating a secure password
    */
   private final static char[] SECURE_PASSWORD_CHARS =
       "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~".toCharArray();
 
+  /**
+   * An array of String values declaring the default (ordered) list of path to search for executables
+   */
+  private static final String[] DEFAULT_EXECUTABLE_SEARCH_PATHS = {"/usr/bin", "/usr/kerberos/bin", "/usr/sbin", "/usr/lib/mit/bin", "/usr/lib/mit/sbin"};
+
   /**
    * A Map of MIT KDC Encryption types to EncryptionType values.
    * <p/>
@@ -192,6 +202,13 @@ public abstract class KerberosOperationHandler {
   private Set<EncryptionType> keyEncryptionTypes = new HashSet<EncryptionType>(DEFAULT_CIPHERS);
   private boolean open = false;
 
+  /**
+   * An array of String indicating an ordered list of filesystem paths to use to search for executables
+   * needed to perform Kerberos-related operations. For example, kadmin
+   */
+  private String[] executableSearchPaths = null;
+
+
   /**
    * Create a secure (random) password using a secure random number generator and a set of (reasonable)
    * characters.
@@ -588,6 +605,62 @@ public abstract class KerberosOperationHandler {
     );
   }
 
+
+  /**
+   * Gets the ordered array of search paths used to find Kerberos-related executables.
+   *
+   * @return an array of String values indicating an order list of filesystem paths to search
+   */
+  public String[] getExecutableSearchPaths() {
+    return executableSearchPaths;
+  }
+
+  /**
+   * Sets the ordered array of search paths used to find Kerberos-related executables.
+   * <p/>
+   * If null, a default set of paths will be assumed when searching:
+   * <ul>
+   * <li>/usr/bin</li>
+   * <li>/usr/kerberos/bin</li>
+   * <li>/usr/sbin</li>
+   * <li>/usr/lib/mit/bin</li>
+   * <li>/usr/lib/mit/sbin</li>
+   * </ul>
+   *
+   * @param executableSearchPaths an array of String values indicating an ordered list of filesystem paths to search
+   */
+  public void setExecutableSearchPaths(String[] executableSearchPaths) {
+    this.executableSearchPaths = executableSearchPaths;
+  }
+
+  /**
+   * Sets the ordered array of search paths used to find Kerberos-related executables.
+   * <p/>
+   * If null, a default set of paths will be assumed when searching:
+   * <ul>
+   * <li>/usr/bin</li>
+   * <li>/usr/kerberos/bin</li>
+   * <li>/usr/sbin</li>
+   * </ul>
+   *
+   * @param delimitedExecutableSearchPaths a String containing a comma-delimited (ordered) list of filesystem paths to search
+   */
+  public void setExecutableSearchPaths(String delimitedExecutableSearchPaths) {
+    List<String> searchPaths = null;
+
+    if (delimitedExecutableSearchPaths != null) {
+      searchPaths = new ArrayList<String>();
+      for (String path : delimitedExecutableSearchPaths.split(",")) {
+        path = path.trim();
+        if (!path.isEmpty()) {
+          searchPaths.add(path);
+        }
+      }
+    }
+
+    setExecutableSearchPaths((searchPaths == null) ? null : searchPaths.toArray(new String[searchPaths.size()]));
+  }
+
   /**
    * Test this KerberosOperationHandler to see whether is was previously open or not
    *
@@ -777,4 +850,34 @@ public abstract class KerberosOperationHandler {
       return builder.toString();
     }
   }
+
+  /**
+   * Given the name of an executable, searches the configured executable search path for an executable
+   * file with that name.
+   *
+   * @param executable a String declaring the name of the executable to find within the search path
+   * @return the absolute path of the found execute or the name of the executable if not found
+   * within the search path
+   * @see #setExecutableSearchPaths(String)
+   * @see #setExecutableSearchPaths(String[])
+   */
+  protected String getExecutable(String executable) {
+    String[] searchPaths = getExecutableSearchPaths();
+    String executablePath = null;
+
+    if (searchPaths == null) {
+      searchPaths = DEFAULT_EXECUTABLE_SEARCH_PATHS;
+    }
+
+    for (String searchPath : searchPaths) {
+      File executableFile = new File(searchPath, executable);
+
+      if (executableFile.canExecute()) {
+        executablePath = executableFile.getAbsolutePath();
+        break;
+      }
+    }
+
+    return (executablePath == null) ? executable : executablePath;
+  }
 }

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java

@@ -18,8 +18,6 @@
 
 package org.apache.ambari.server.serveraction.kerberos;
 
-import com.google.inject.Inject;
-import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.utils.ShellCommandUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -51,11 +49,18 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
 
   private final static Logger LOG = LoggerFactory.getLogger(MITKerberosOperationHandler.class);
 
-  @Inject
-  private Configuration configuration;
-
   private String adminServerHost = null;
 
+  /**
+   * A String containing the resolved path to the kdamin executable
+   */
+  private String executableKadmin = null;
+
+  /**
+   * A String containing the resolved path to the kdamin.local executable
+   */
+  private String executableKadminLocal = null;
+
   /**
    * Prepares and creates resources to be used by this KerberosOperationHandler
    * <p/>
@@ -83,8 +88,13 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
     if (kerberosConfiguration != null) {
       setKeyEncryptionTypes(translateEncryptionTypes(kerberosConfiguration.get(KERBEROS_ENV_ENCRYPTION_TYPES), "\\s+"));
       setAdminServerHost(kerberosConfiguration.get(KERBEROS_ENV_ADMIN_SERVER_HOST));
+      setExecutableSearchPaths(kerberosConfiguration.get(KERBEROS_ENV_EXECUTABLE_SEARCH_PATHS));
     }
 
+    // Pre-determine the paths to relevant Kerberos executables
+    executableKadmin = getExecutable("kadmin");
+    executableKadminLocal = getExecutable("kadmin.local");
+
     setOpen(true);
   }
 
@@ -92,6 +102,9 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
   public void close() throws KerberosOperationException {
     // There is nothing to do here.
     setOpen(false);
+
+    executableKadmin = null;
+    executableKadminLocal = null;
   }
 
   /**
@@ -233,18 +246,6 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
     }
   }
 
-  /**
-   * Initialize this MITKerberosOperationHandler with instances of objects that should normally
-   * be injected.
-   * <p/>
-   * This should only be used for unit tests.
-   *
-   * @param configuration the Configuration to (manually) inject
-   */
-  public void init(Configuration configuration) {
-    this.configuration = configuration;
-  }
-
   /**
    * Retrieves the current key number assigned to the identity identified by the specified principal
    *
@@ -326,24 +327,25 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
           ? null
           : administratorCredentials.getPrincipal();
 
-      String pathToCommand = "";
-
-      if (configuration.getServerOsFamily().equals("redhat5")) {
-        pathToCommand = "/usr/kerberos/sbin/";
-      }
-
       if ((adminPrincipal == null) || adminPrincipal.isEmpty()) {
         // Set the kdamin interface to be kadmin.local
-        command.add(pathToCommand + "kadmin.local");
+        if((executableKadminLocal == null) || executableKadminLocal.isEmpty()) {
+          throw new KerberosOperationException("No path for kadmin.local is available - this KerberosOperationHandler may not have been opened.");
+        }
+
+        command.add(executableKadminLocal);
       } else {
+        if((executableKadmin == null) || executableKadmin.isEmpty()) {
+          throw new KerberosOperationException("No path for kadmin is available - this KerberosOperationHandler may not have been opened.");
+        }
         String adminPassword = administratorCredentials.getPassword();
         String adminKeyTab = administratorCredentials.getKeytab();
 
         // Set the kdamin interface to be kadmin
-        command.add(pathToCommand + "kadmin");
+        command.add(executableKadmin);
 
         // Add explicit KDC admin host, if available
-        if(getAdminServerHost() != null) {
+        if (getAdminServerHost() != null) {
           command.add("-s");
           command.add(getAdminServerHost());
         }

ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml

@@ -77,6 +77,13 @@
     <value/>
   </property>
 
+  <property>
+    <name>executable_search_paths</name>
+    <description>
+      A comma-delimited list of search paths to use to find Kerberos utilities like kadmin and kinit.
+    </description>
+    <value>/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin</value>
+  </property>
 
   <property require-input="true">
     <name>create_attributes_template</name>

ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java

@@ -340,6 +340,50 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport {
     handler.setAdministratorCredentials(credentials);
   }
 
+  @Test
+  public void testSetExecutableSearchPaths() throws KerberosOperationException {
+    KerberosOperationHandler handler = createHandler();
+
+    handler.setExecutableSearchPaths((String)null);
+    Assert.assertNull(handler.getExecutableSearchPaths());
+
+    handler.setExecutableSearchPaths((String[])null);
+    Assert.assertNull(handler.getExecutableSearchPaths());
+
+    handler.setExecutableSearchPaths("");
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(0, handler.getExecutableSearchPaths().length);
+
+    handler.setExecutableSearchPaths(new String[0]);
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(0, handler.getExecutableSearchPaths().length);
+
+    handler.setExecutableSearchPaths(new String[]{""});
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(1, handler.getExecutableSearchPaths().length);
+
+    handler.setExecutableSearchPaths("/path1, path2, path3/");
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(3, handler.getExecutableSearchPaths().length);
+    Assert.assertEquals("/path1", handler.getExecutableSearchPaths()[0]);
+    Assert.assertEquals("path2", handler.getExecutableSearchPaths()[1]);
+    Assert.assertEquals("path3/", handler.getExecutableSearchPaths()[2]);
+
+    handler.setExecutableSearchPaths("/path1, path2, ,path3/");
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(3, handler.getExecutableSearchPaths().length);
+    Assert.assertEquals("/path1", handler.getExecutableSearchPaths()[0]);
+    Assert.assertEquals("path2", handler.getExecutableSearchPaths()[1]);
+    Assert.assertEquals("path3/", handler.getExecutableSearchPaths()[2]);
+
+    handler.setExecutableSearchPaths(new String[]{"/path1", "path2", "path3/"});
+    Assert.assertNotNull(handler.getExecutableSearchPaths());
+    Assert.assertEquals(3, handler.getExecutableSearchPaths().length);
+    Assert.assertEquals("/path1", handler.getExecutableSearchPaths()[0]);
+    Assert.assertEquals("path2", handler.getExecutableSearchPaths()[1]);
+    Assert.assertEquals("path3/", handler.getExecutableSearchPaths()[2]);
+  }
+
   private KerberosOperationHandler createHandler() throws KerberosOperationException {
     KerberosOperationHandler handler = new KerberosOperationHandler() {
 
@@ -347,6 +391,7 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport {
       public void open(KerberosCredential administratorCredentials, String defaultRealm, Map<String, String> kerberosConfiguration) throws KerberosOperationException {
         setAdministratorCredentials(administratorCredentials);
         setDefaultRealm(defaultRealm);
+        setExecutableSearchPaths("/usr/bin, /usr/kerberos/bin, /usr/sbin");
       }
 
       @Override

ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java

@@ -146,8 +146,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -181,8 +179,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -216,8 +212,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -251,8 +245,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -286,8 +278,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -321,8 +311,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -356,8 +344,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -391,8 +377,6 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
         .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
         .createNiceMock();
 
-    setConfiguration(handler, "redhat6");
-
     expect(handler.executeCommand(anyObject(String[].class)))
         .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
           @Override
@@ -466,12 +450,4 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
     handler.testAdministratorCredentials();
     handler.close();
   }
-
-  private static void setConfiguration(MITKerberosOperationHandler handler, String osType) throws Exception {
-    Configuration configuration = EasyMock.createNiceMock(Configuration.class);
-    expect(configuration.getServerOsFamily()).andReturn("redhat6").anyTimes();
-    replay(configuration);
-
-    handler.init(configuration);
-  }
 }