Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EB166186A5 for ; Tue, 14 Jul 2015 16:13:11 +0000 (UTC) Received: (qmail 26116 invoked by uid 500); 14 Jul 2015 16:13:05 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 26062 invoked by uid 500); 14 Jul 2015 16:13:05 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 25767 invoked by uid 99); 14 Jul 2015 16:13:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Jul 2015 16:13:04 +0000 Date: Tue, 14 Jul 2015 16:13:04 +0000 (UTC) From: "Robert Levas (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMBARI-8610) Kerberos add hosts/services CSV required for automating keytab distribution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBARI-8610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Levas updated AMBARI-8610: --------------------------------- Fix Version/s: 2.1.0 > Kerberos add hosts/services CSV required for automating keytab distribution > --------------------------------------------------------------------------- > > Key: AMBARI-8610 > URL: https://issues.apache.org/jira/browse/AMBARI-8610 > Project: Ambari > Issue Type: Improvement > Affects Versions: 1.6.1 > Environment: HDP 2.1 > Reporter: Hari Sekhon > Assignee: Robert Levas > Fix For: 2.1.0 > > > Ambari generates a CSV list of principals for generating keytabs only when initially kerberizing a cluster. > However, when adding nodes to the cluster Ambari provides no such CSV or list of principals - leaving the user to figure out the list of required principals and keytabs themselves. > A CSV of new principals and keytabs should be created whenever deploying new hosts or new services to an existing kerberized cluster to allow for similar automation of extending an existing cluster. > I use the original CSV as input to a perl program I've written to automate kerberos principal creation, keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT KDC as per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated users and groups). > If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can use this program on my github: > {code} > git clone https://github.com/harisekhon/toolbox > cd toolbox > make > ./ambari_freeipa_kerberos_setup.pl --help > {code} > Regards, > Hari Sekhon > http://www.linkedin.com/in/harisekhon -- This message was sent by Atlassian JIRA (v6.3.4#6332)