ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From srima...@apache.org
Subject [3/3] git commit: AMBARI-7824. Slider View: Unable to create app when cluster is secured - keytab doesnt exist. Doc updates (srimanth)
Date Fri, 17 Oct 2014 17:08:18 GMT
AMBARI-7824. Slider View: Unable to create app when cluster is secured - keytab doesnt exist.
Doc updates (srimanth)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0844d54e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0844d54e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0844d54e

Branch: refs/heads/trunk
Commit: 0844d54edf3d6b974d7402f8ae607c13bd4d1246
Parents: 007cb13
Author: Srimanth Gunturi <sgunturi@hortonworks.com>
Authored: Thu Oct 16 23:36:09 2014 -0700
Committer: Srimanth Gunturi <sgunturi@hortonworks.com>
Committed: Fri Oct 17 10:08:05 2014 -0700

----------------------------------------------------------------------
 contrib/views/slider/docs/index.md | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/0844d54e/contrib/views/slider/docs/index.md
----------------------------------------------------------------------
diff --git a/contrib/views/slider/docs/index.md b/contrib/views/slider/docs/index.md
index 0c9132c..bd23d14 100644
--- a/contrib/views/slider/docs/index.md
+++ b/contrib/views/slider/docs/index.md
@@ -80,4 +80,35 @@ From *Ambari-Admin* create a *Slider Apps View* with the below parameters
popula
 
 * slider.security.enabled = true
 * view.kerberos.principal = `view-principal`
-* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab`
\ No newline at end of file
+* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab`
+
+#### Step-5 Create *Kerberos* principal for *slider.user*
+We need to provide a *Kerberos* identity for the user identified in *slider.user* view parameter.

+
+The *slider.user* view parameter has the following interpretations:
+
+* If the parameter is left blank, it means the user *yarn*. 
+* If it is `${username}`, it is the user logged into Ambari. 
+* Else, it is exact name of the user. 
+
+We shall assume the user as `slider-user`. In a secured cluster this user has to actually
exist on all the hosts. The user should also have an *uid* greater than 1000.
+
+On the machine where *KDC Server* is hosted, create user principal by running below command
+
+```
+kadmin.local -q "addprinc -randkey slider-user@EXAMPLE.COM"
+```
+Next, extract keytab file 
+
+```
+kadmin.local -q "xst -k /path/to/keytab/slider-user.headless.keytab view-principal@EXAMPLE.COM"
+```
+The keytab file should then be copied over to the keytabs location on the host where the
view is hosted.
+
+```
+cp /path/to/keytab/slider-user.headless.keytab /etc/security/keytabs/
+```
+
+Change file permissions so that only necessary users can access it.
+
+**Make sure that `slider-user` keytab is at /etc/security/keytabs/`slider-user`.headless.keytab**


Mime
View raw message