def create_remote_keytab(self, name: str, principals: list=[]) -> str:
"""
Create a remote keytab for the specified list of principals
"""
if not name:
name = "{}.keytab".format(str(uuid.uuid4()))
log.info("Creating keytab: %s", name)
if not principals:
log.info("Using predefined principals")
principals = self.principals
if not principals:
log.error("No principals specified not creating keytab")
return None
log.info("Deleting any previous keytab just in case (kadmin will append to it)")
sdk_cmd.task_exec(self.task_id, "rm {}".format(name))
kadmin_options = ["-l"]
kadmin_cmd = "ext"
kadmin_args = ["-k", name]
kadmin_args.extend(principals)
self.__run_kadmin(kadmin_options, kadmin_cmd, kadmin_args)
keytab_absolute_path = os.path.join("/var/lib/mesos/slave/slaves", self.kdc_host_id,
"frameworks", self.framework_id,
"executors", self.task_id,
"runs/latest", name)
return keytab_absolute_path
def resolve_hosts(task_id: str, hosts: list) -> bool:
"""
Use bootstrap to resolve the specified list of hosts
"""
bootstrap_cmd = [
'./bootstrap', '-print-env=false', '-template=false',
'-install-certs=false', '-self-resolve=false', '-resolve-hosts',
','.join(hosts)
]
LOG.info("Running bootstrap to wait for DNS resolution of %s\n\t%s", hosts,
bootstrap_cmd)
return_code, bootstrap_stdout, bootstrap_stderr = sdk_cmd.task_exec(
task_id, ' '.join(bootstrap_cmd))
LOG.info("bootstrap return code: %s", return_code)
LOG.info("bootstrap STDOUT: %s", bootstrap_stdout)
LOG.info("bootstrap STDERR: %s", bootstrap_stderr)
# Note that bootstrap returns its output in STDERR
resolved = 'SDK Bootstrap successful.' in bootstrap_stderr
if not resolved:
for host in hosts:
resolved_host_string = "Resolved '{host}' =>".format(host=host)
host_resolved = resolved_host_string in bootstrap_stdout
if not host_resolved:
LOG.error("Could not resolve: %s", host)
return resolved
def kdestroy(task_id: str):
"""
Performs a kdestroy command to erase an auth session for a principal.
:param task_id: The task in whose environment the kinit will run.
"""
log.info("Erasing auth session:")
rc, stdout, stderr = sdk_cmd.task_exec(task_id, "kdestroy")
if rc != 0:
raise RuntimeError("Failed ({}) to erase auth session\nstdout: {}\nstderr: {}".format(rc, stdout, stderr))
def kinit(task_id: str, keytab: str, principal: str):
"""
Performs a kinit command to authenticate the specified principal.
:param task_id: The task in whose environment the kinit will run.
:param keytab: The keytab used by kinit to authenticate.
:param principal: The name of the principal the user wants to authenticate as.
"""
kinit_cmd = "kinit -kt {keytab} {principal}".format(keytab=keytab, principal=principal)
log.info("Authenticating principal=%s with keytab=%s: %s", principal, keytab, kinit_cmd)
rc, stdout, stderr = sdk_cmd.task_exec(task_id, kinit_cmd)
if rc != 0:
raise RuntimeError("Failed ({}) to authenticate with keytab={} principal={}\nstdout: {}\nstderr: {}".format(rc, keytab, principal, stdout, stderr))
def __run_kadmin(self, options: list, cmd: str, args: list):
"""
Invokes Kerberos' kadmin binary inside the container to run some command.
:param options (list): A list of options given to kadmin.
:param cmd (str): The name of the sub command to run.
:param args (list): A list of arguments passed to the sub command. This should also include any flags
needed to be set for the sub command.
:raises a generic Exception if the invocation fails.
"""
kadmin_cmd = "/usr/sbin/kadmin {options} {cmd} {args}".format(
options=' '.join(options),
cmd=cmd,
args=' '.join(args)
)
log.info("Running kadmin: {}".format(kadmin_cmd))
rc, stdout, stderr = sdk_cmd.task_exec(self.task_id, kadmin_cmd)
if rc != 0:
raise RuntimeError("Failed ({}) to invoke kadmin: {}\nstdout: {}\nstderr: {}".format(rc, kadmin_cmd, stdout, stderr))
def cmd(pod_name, command):
return sdk_cmd.task_exec(
'{}-server'.format(pod_name),
"bash -c 'JAVA_HOME=$(ls -d jre*/) apache-cassandra-*/bin/nodetool {}'"
.format(command))