Install cluster via blueprints
Enable Kerberos security
Add host via blueprints
Adding hosts freeze forever
This is caused because the KDC administrative credentials are not available when needed during the add host process. If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.
Store the KDC credentials to a more secure global credential store that is accessible no matter what the context is. This storage facility is in-memory and has a retention period of 90 minutes. This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.