ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <rle...@hortonworks.com>
Subject Re: FreeIPA Support for Ambari 2.0
Date Thu, 23 Apr 2015 13:06:46 GMT
Shaik...

I find it interesting that special options need to be passed to kadmin to create principals.
 Was the response you received from a mailing list or a forum site?

I am not sure about the GA release date for 2.1.  According to https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=30755705,
the release data is TBD.

Rob



From: Shaik M <munna.hadoop@gmail.com<mailto:munna.hadoop@gmail.com>>
Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Date: Thursday, April 23, 2015 at 2:27 AM
To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Subject: Re: FreeIPA Support for Ambari 2.0

Hi Rob,

Thank you for your prompt response.

Here I got response from FreeIPA community
===================================

No, at this time it is not possible to use. I've looked at the Ambari
code and it shouldn't be hard to implement FreeIPA-specific
KerberosOperationHandler that does proper thing by calling out IPA
tools.

Part of problem with MITKerberosOperationHandler.java is that you have
no way to pass any arguments and options to kadmin/kadmin.local at all,
so even to make it working will go with patching that code. At this
point it is easier to rewrite it to use 'ipa' and ipa-getkeytab
utilities altogether because the code is trivial.

https://github.com/apache/ambari/blob/ed231beaddaf6347d4defb2fb26d75849c0cafc9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java


For now I'll go ahead with plain Kerberos setup for 2.0.
Please let us know, when 2.1 will be GA release ?

Regards,
Shaik
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]

On 22 April 2015 at 21:49, Robert Levas <rlevas@hortonworks.com<mailto:rlevas@hortonworks.com>>
wrote:
Hi Shaik...

I am not familiar with FreeIPA.  Looking at the docs, however, it appears that the underlying
KDC and supporting tools are from the MIT packages.  This leads me to think that it may work
as long as you know how to tell Ambari where the KDC and admin host and ports are.

If you try it and cannot get Ambari to work with FreeIPA, you should have better luck with
Ambari 2.1. In Ambari 2.1, we are adding a feature to allow Kerberos to be enabled more like
it was with Ambari 1.7.  So you will be able to install your own Kerberos packages and create
your own principals and keytabs.

If I get a chance, I will try to install FreeIPA and see how well it is supported.  I am not
sure when I will get to this, maybe towards the end of next week.

Rob


From: Shaik M <munna.hadoop@gmail.com<mailto:munna.hadoop@gmail.com>>
Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Date: Wednesday, April 22, 2015 at 7:11 AM
To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Subject: Re: FreeIPA Support for Ambari 2.0

Ambari Team - Kindly provide your suggestions....

On 22 April 2015 at 13:50, Shaik M <munna.hadoop@gmail.com<mailto:munna.hadoop@gmail.com>>
wrote:
Hi,

I am using FreeIPA for Secure cluster with Ambari 1.7.

Please let me know the FreeIPA support for Ambari 2.0.

Regards,
Shaik

On 21 April 2015 at 22:14, Shaik M <munna.hadoop@gmail.com<mailto:munna.hadoop@gmail.com>>
wrote:
Hi Team,

Amabri 2.0 will support FreeIPA?

we are planning to upgrade Amabri 1.7 to 2.0, please let know the 2.0 comparability for FreeIPA.

Thank You,
Shaik M




Mime
View raw message