def send_request(client, request):
"""send keytab2 request to endpoint
"""
res = {}
client.write_json(request)
res = client.read_json()
if '_error' in res:
_LOGGER.warning('keytab locker internal err: %s', res['_error'])
raise keytabs2.KeytabClientError(res['_error'])
if not res['success']:
_LOGGER.warning('get keytab err: %s', res['message'])
raise keytabs2.KeytabClientError(res['message'])
return res
def request_keytabs(zkclient, app_name, spool_dir, pattern):
"""Request VIP keytabs from the keytab locker.
:param zkclient: Existing zk connection.
:param app_name: Appname of container
:param spool_dir: Path to keep keytabs fetched from keytab locker.
:param pattern: app pattern for discovery endpoint of locker
"""
hostports = _get_locker_hostports(zkclient, pattern)
fs.mkdir_safe(spool_dir)
for (host, port) in hostports:
try:
with connect_endpoint(host, port) as client:
result = get_app_keytabs(client, app_name)
_write_keytabs(result, spool_dir)
return
# pylint: disable=broad-except
except Exception as err:
_LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port,
err)
# if no host, port can provide keytab
raise keytabs2.KeytabClientError(
'Failed to get keytabs from {}'.format(hostports))
def request_keytabs(zkclient, app_name, spool_dir, pattern):
"""Request VIP keytabs from the keytab locker.
:param zkclient: Existing zk connection.
:param app_name: Appname of container
:param spool_dir: Path to keep keytabs fetched from keytab locker.
:param pattern: app pattern for discovery endpoint of locker
"""
iterator = discovery.iterator(zkclient, pattern, 'keytabs', False)
hostports = []
for (_app, hostport) in iterator:
if not hostport:
continue
host, port = hostport.split(':')
hostports.append((host, int(port)))
random.shuffle(hostports)
for (host, port) in hostports:
fs.mkdir_safe(spool_dir)
try:
with connect_endpoint(host, port) as client:
dump_keytabs(client, app_name, spool_dir)
return
# pylint: disable=broad-except
except Exception as err:
_LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port,
err)
# if no host, port can provide keytab
raise keytabs2.KeytabClientError(
'Failed to get keytabs from {}'.format(hostports))
def connect_endpoint(host, port):
"""open keytab2 connection
"""
service = 'host@%s' % host
_LOGGER.info('connecting: %s:%s, %s', host, port, service)
client = jsonclient.GSSAPIJsonClient(host, int(port), service)
if not client.connect():
error = 'Cannot connect to {}:{}'.format(host, port)
_LOGGER.error(error)
raise keytabs2.KeytabClientError(error)
_LOGGER.debug('connected to: %s:%s, %s', host, port, service)
try:
yield client
finally:
client.disconnect()
def request_cell_keytabs(zkclient, addresses, spool_dir, pattern):
"""Request cell's associated keytabs from the keytab locker.
"""
hostports = _get_locker_hostports(zkclient, pattern)
fs.mkdir_safe(spool_dir)
for (host, port) in hostports:
try:
with connect_endpoint(host, port) as client:
result = get_keytabs(client, addresses)
_write_keytabs(result, spool_dir)
return
# pylint: disable=broad-except
except Exception as err:
_LOGGER.warning('Failed to get keytab from %s:%d: %r', host, port,
err)
# if no host, port can provide keytab
raise keytabs2.KeytabClientError(
'Failed to get keytabs from {}'.format(hostports))
