ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hari Sekhon (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-8610) Kerberos add hosts/services CSV required for automating keytab distribution
Date Wed, 17 Dec 2014 10:35:13 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-8610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Hari Sekhon updated AMBARI-8610:
--------------------------------
    Description: 
Ambari generates a CSV list of principals for generating keytabs only when initially kerberizing
a cluster.

However, when adding nodes to the cluster Ambari provides no such CSV or list of principals
- leaving the user to figure out the list of required principals and keytabs themselves.

A CSV of new principals and keytabs should be created whenever deploying new hosts or new
services to an existing kerberized cluster to allow for similar automation of extending an
existing cluster.

I use the original CSV as input to a perl program I've written to automate kerberos principal
creation, keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT
KDC as per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated
users and groups).

If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can use
this program on my github:
{code}
git clone https://github.com/harisekhon/toolbox
cd toolbox
make

./ambari_freeipa_kerberos_setup.pl --help
{code}

Regards,

Hari Sekhon
http://www.linkedin.com/in/harisekhon

  was:
Ambari generates a CSV list of principals for generating keytabs only when initially kerberizing
a cluster.

However, when adding nodes to the cluster Ambari provides no such CSV or list of principals
- leaving the user to figure out the list of required principals and keytabs themselves.

A CSV of new principals and keytabs should be created whenever deploying new hosts or new
services to an existing kerberized cluster to allow for similar automation of extending an
existing cluster.

I use the original CSV as input to a perl program I've written to automate kerberos principal
creation, keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT
KDC as per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated
users and groups).

If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can use
this program on my github:
{code}
git clone https://github.com/harisekhon/toolbox
cd toolbox
make

./ambari_freeipa_kerberos_setup.pl --help
{code}


> Kerberos add hosts/services CSV required for automating keytab distribution
> ---------------------------------------------------------------------------
>
>                 Key: AMBARI-8610
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8610
>             Project: Ambari
>          Issue Type: Improvement
>    Affects Versions: 1.6.1
>         Environment: HDP 2.1
>            Reporter: Hari Sekhon
>
> Ambari generates a CSV list of principals for generating keytabs only when initially
kerberizing a cluster.
> However, when adding nodes to the cluster Ambari provides no such CSV or list of principals
- leaving the user to figure out the list of required principals and keytabs themselves.
> A CSV of new principals and keytabs should be created whenever deploying new hosts or
new services to an existing kerberized cluster to allow for similar automation of extending
an existing cluster.
> I use the original CSV as input to a perl program I've written to automate kerberos principal
creation, keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT
KDC as per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated
users and groups).
> If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can
use this program on my github:
> {code}
> git clone https://github.com/harisekhon/toolbox
> cd toolbox
> make
> ./ambari_freeipa_kerberos_setup.pl --help
> {code}
> Regards,
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message