def make(kt_spool_dir, host_kt, refresh_interval):
"""Periodically refresh keytabs on the node."""
while True:
keytabs.make_keytab(
context.GLOBAL.zk.conn,
kt_spool_dir,
host_kt=host_kt)
time.sleep(refresh_interval)
def _prepare_krb(tm_env, container_dir, root_dir, app):
"""Manage kerberos environment inside container.
"""
etc_dir = os.path.join(container_dir, 'overlay', 'etc')
fs.mkdir_safe(etc_dir)
kt_dest = os.path.join(etc_dir, 'krb5.keytab')
kt_sources = glob.glob(os.path.join(tm_env.spool_dir, 'keytabs', 'host#*'))
keytabs.make_keytab(kt_dest, kt_sources)
for kt_spec in app.keytabs:
if ':' in kt_spec:
owner, princ = kt_spec.split(':', 1)
else:
owner = kt_spec
princ = kt_spec
kt_dest = os.path.join(root_dir, 'var', 'spool', 'keytabs', owner)
kt_sources = glob.glob(
os.path.join(tm_env.spool_dir, 'keytabs', '%s#*' % princ))
keytabs.make_keytab(kt_dest, kt_sources, owner)