def request_keytabs(zkclient, app_name, spool_dir, pattern):
"""Request VIP keytabs from the keytab locker.
:param zkclient: Existing zk connection.
:param app_name: Appname of container
:param spool_dir: Path to keep keytabs fetched from keytab locker.
:param pattern: app pattern for discovery endpoint of locker
"""
iterator = discovery.iterator(zkclient, pattern, 'keytabs', False)
hostports = []
for (_app, hostport) in iterator:
if not hostport:
continue
host, port = hostport.split(':')
hostports.append((host, int(port)))
random.shuffle(hostports)
for (host, port) in hostports:
fs.mkdir_safe(spool_dir)
try:
with connect_endpoint(host, port) as client:
dump_keytabs(client, app_name, spool_dir)
return
# pylint: disable=broad-except
except Exception as err:
_LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port,
err)
# if no host, port can provide keytab
raise keytabs2.KeytabClientError(
'Failed to get keytabs from {}'.format(hostports))
def request_keytabs(zkclient, proid, vips, spool_dir):
"""Request VIP keytabs from the keytab locker.
:param zkclient: Existing zk connection.
:param proid: Proid in container appname.
:param vips: VIP host list defined in manifest.
:param spool_dir: Path to keep keytabs fetched from keytab locker.
"""
pattern = "{0}.keytabs-v2".format(os.environ['TREADMILL_ID'])
iterator = discovery.iterator(zkclient, pattern, 'keytabs', False)
hostports = []
for (_app, hostport) in iterator:
if not hostport:
continue
host, port = hostport.split(':')
hostports.append((host, int(port)))
random.shuffle(hostports)
for (host, port) in hostports:
fs.mkdir_safe(spool_dir)
if _get_keytabs_from(host, port, proid, vips, spool_dir):
return True
return False
def top(watch, check_state, separator, app, endpoint):
"""Discover container endpoints."""
if not endpoint:
endpoint = '*'
discovery_iter = discovery.iterator(context.GLOBAL.zk.conn, app,
endpoint, watch)
_iterate(discovery_iter, check_state, separator)
def forward(endpoint, spn, proid, cell):
"""Forward Kerberos tickets to the cell ticket locker."""
_LOGGER.setLevel(logging.INFO)
if not endpoint:
endpoint = '*'
pattern = "{0}.tickets-v2".format(proid)
discovery_iter = discovery.iterator(context.GLOBAL.zk.conn, pattern,
endpoint, False)
hostports = _iterate(discovery_iter)
failure = krb.forward(cell, hostports, tktfwd_spn=spn)
sys.exit(failure)
def _get_locker_hostports(zkclient, pattern):
"""get keytab locker hostport by endpoint pattern
"""
iterator = discovery.iterator(zkclient, pattern, 'keytabs', False)
hostports = []
for (_app, hostport) in iterator:
if not hostport:
continue
host, port = hostport.split(':')
hostports.append((host, int(port)))
random.shuffle(hostports)
return hostports
def _get(hostname):
"""Get hostname nodeinfo endpoint info."""
_LOGGER.info('Redirect: %s', hostname)
discovery_iter = discovery.iterator(context.GLOBAL.zk.conn,
'root.%s' % hostname,
'nodeinfo', False)
for (_app, hostport) in discovery_iter:
if not hostport:
continue
_LOGGER.info('Found: %s - %s', hostname, hostport)
return hostport
_LOGGER.info('nodeinfo not found: %s', hostname)
return None
def forward(endpoint, proid, receiver):
"""Forward Kerberos tickets to the cell ticket locker."""
_LOGGER.setLevel(logging.INFO)
if not endpoint:
endpoint = '*'
if not receiver:
pattern = "{0}.ticketsreceiver".format(proid)
discovery_iter = discovery.iterator(
context.GLOBAL.zk.conn, pattern, endpoint, False)
hostports = _iterate(discovery_iter)
else:
hostports = []
for hostport in receiver:
host, port = hostport.split(':')
hostports.append((host, int(port)))
for host, port in hostports:
tickets.forward(host, int(port))
def forward(endpoint, spn, proid, cell, acceptors):
"""Forward Kerberos tickets to the cell ticket locker."""
_LOGGER.setLevel(logging.INFO)
if not endpoint:
endpoint = '*'
if not acceptors:
pattern = "{0}.tickets-v2".format(proid)
discovery_iter = discovery.iterator(context.GLOBAL.zk.conn,
pattern, endpoint, False)
hostports = _iterate(discovery_iter)
else:
hostports = []
for hostport in acceptors:
host, port = hostport.split(':')
hostports.append((host, int(port)))
failure = krb.forward(cell, hostports, tktfwd_spn=spn)
sys.exit(failure)