ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hari Sekhon (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-8610) Kerberos add hosts/services CSV required for automating keytab distribution
Date Tue, 09 Dec 2014 17:03:13 GMT
Hari Sekhon created AMBARI-8610:
-----------------------------------

             Summary: Kerberos add hosts/services CSV required for automating keytab distribution
                 Key: AMBARI-8610
                 URL: https://issues.apache.org/jira/browse/AMBARI-8610
             Project: Ambari
          Issue Type: Improvement
    Affects Versions: 1.6.1
         Environment: HDP 2.1
            Reporter: Hari Sekhon


Ambari generates a CSV list of principals for generating keytabs only when initially kerberizing
a cluster. However, when adding nodes to the cluster Ambari provides no such CSV or list of
principals.

I am using that CSV input to a perl program I've written to automate kerberos principal creation,
keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT KDC as
per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated
users and groups).

A CSV of new principals and keytabs required should be created whenever deploying new hosts
or new services to an existing kerberized cluster.

If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can use
this program on my github:
{code}
git clone https://github.com/harisekhon/toolbox
cd toolbox
make

./ambari_freeipa_kerberos_setup.pl --help
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message