def send_request(client, request): """send keytab2 request to endpoint """ res = {} client.write_json(request) res = client.read_json() if '_error' in res: _LOGGER.warning('keytab locker internal err: %s', res['_error']) raise keytabs2.KeytabClientError(res['_error']) if not res['success']: _LOGGER.warning('get keytab err: %s', res['message']) raise keytabs2.KeytabClientError(res['message']) return res
def request_keytabs(zkclient, app_name, spool_dir, pattern): """Request VIP keytabs from the keytab locker. :param zkclient: Existing zk connection. :param app_name: Appname of container :param spool_dir: Path to keep keytabs fetched from keytab locker. :param pattern: app pattern for discovery endpoint of locker """ hostports = _get_locker_hostports(zkclient, pattern) fs.mkdir_safe(spool_dir) for (host, port) in hostports: try: with connect_endpoint(host, port) as client: result = get_app_keytabs(client, app_name) _write_keytabs(result, spool_dir) return # pylint: disable=broad-except except Exception as err: _LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port, err) # if no host, port can provide keytab raise keytabs2.KeytabClientError( 'Failed to get keytabs from {}'.format(hostports))
def request_keytabs(zkclient, app_name, spool_dir, pattern): """Request VIP keytabs from the keytab locker. :param zkclient: Existing zk connection. :param app_name: Appname of container :param spool_dir: Path to keep keytabs fetched from keytab locker. :param pattern: app pattern for discovery endpoint of locker """ iterator = discovery.iterator(zkclient, pattern, 'keytabs', False) hostports = [] for (_app, hostport) in iterator: if not hostport: continue host, port = hostport.split(':') hostports.append((host, int(port))) random.shuffle(hostports) for (host, port) in hostports: fs.mkdir_safe(spool_dir) try: with connect_endpoint(host, port) as client: dump_keytabs(client, app_name, spool_dir) return # pylint: disable=broad-except except Exception as err: _LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port, err) # if no host, port can provide keytab raise keytabs2.KeytabClientError( 'Failed to get keytabs from {}'.format(hostports))
def connect_endpoint(host, port): """open keytab2 connection """ service = 'host@%s' % host _LOGGER.info('connecting: %s:%s, %s', host, port, service) client = jsonclient.GSSAPIJsonClient(host, int(port), service) if not client.connect(): error = 'Cannot connect to {}:{}'.format(host, port) _LOGGER.error(error) raise keytabs2.KeytabClientError(error) _LOGGER.debug('connected to: %s:%s, %s', host, port, service) try: yield client finally: client.disconnect()
def request_cell_keytabs(zkclient, addresses, spool_dir, pattern): """Request cell's associated keytabs from the keytab locker. """ hostports = _get_locker_hostports(zkclient, pattern) fs.mkdir_safe(spool_dir) for (host, port) in hostports: try: with connect_endpoint(host, port) as client: result = get_keytabs(client, addresses) _write_keytabs(result, spool_dir) return # pylint: disable=broad-except except Exception as err: _LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port, err) # if no host, port can provide keytab raise keytabs2.KeytabClientError( 'Failed to get keytabs from {}'.format(hostports))