ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yusaku Sako <>
Subject Re: Automating the security setup
Date Thu, 15 Jan 2015 18:16:47 GMT
Hi Becker,

We are targeting the upcoming Ambari 2.0 for adding support to Kerberize
the cluster in an automated fashion with only a few REST API calls and user

It would automate Kerberos client installation, principal/keytab generation
and distribution, etc., and is designed to work with an external MIT KDC as
well as Active Directory.  It would also make it much easier to handle
adding new services / hosts /components on an already Kerberized cluster.
You will not have to directly and explicitly set a bunch of Kerberos
related parameters in many configurations across different services.
The legacy implementation using the CSV file is going away.
A lot of the code to make this work is already on trunk but it is still
actively being worked on as we speak.


On Thu, Jan 15, 2015 at 8:29 AM, Hellmar Becker <>

> Hello,
> At ING, we are currently automating deployment of a HDP-based cluster
> using Ambari blueprints and the REST API. We would like to also enable
> Kerberos based security in this way. A couple of questions:
> - Is it possible to enable security with a single REST call which would be
> equivalent to the "Enable Security" button in the GUI?
> - Or, would we need to figure out the settings for each service and
> incorporate those in our blueprint?
> - As for the keytab generation, Ambari creates a CSV that lists all
> principals that need keytabs, along with the locations and permissions for
> the keytab files. Can this CSV file be generated through a REST call? Or
> any other suggestions how to automate this steps?
> Thanks for any ideas that you can share on these issues.
> ========================================
> Hellmar Becker
> Edmond Audranstraat 55
> NL-3543BG Utrecht
> mail:
> mobile: +31 6 29986670
> ========================================

NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

View raw message