Return-Path: X-Original-To: apmail-ambari-user-archive@www.apache.org Delivered-To: apmail-ambari-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 28B4E1760F for ; Thu, 4 Jun 2015 13:28:51 +0000 (UTC) Received: (qmail 68159 invoked by uid 500); 4 Jun 2015 13:28:51 -0000 Delivered-To: apmail-ambari-user-archive@ambari.apache.org Received: (qmail 68143 invoked by uid 500); 4 Jun 2015 13:28:51 -0000 Mailing-List: contact user-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ambari.apache.org Delivered-To: mailing list user@ambari.apache.org Received: (qmail 68133 invoked by uid 99); 4 Jun 2015 13:28:50 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jun 2015 13:28:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 7FAFA181A44 for ; Thu, 4 Jun 2015 13:28:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3 X-Spam-Level: *** X-Spam-Status: No, score=3 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id unnAD68ZCd3I for ; Thu, 4 Jun 2015 13:28:44 +0000 (UTC) Received: from relayvx11a.securemail.intermedia.net (relayvx11a.securemail.intermedia.net [64.78.56.46]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id AB50542AD6 for ; Thu, 4 Jun 2015 13:28:43 +0000 (UTC) Received: from securemail.intermedia.net (localhost [127.0.0.1]) by emg-ca-1-1.localdomain (Postfix) with ESMTP id F1B1653E61 for ; Thu, 4 Jun 2015 06:28:42 -0700 (PDT) Subject: Re: Launching Kerberized cluster via Blueprint MIME-Version: 1.0 x-echoworx-emg-received: Thu, 4 Jun 2015 06:28:42.969 -0700 x-echoworx-msg-id: fdd1b002-9335-4bf1-ac83-4b77d580aa56 x-echoworx-action: delivered Received: from emg-ca-1-1.securemail.intermedia.net ([10.254.155.11]) by emg-ca-1-1 (JAMES SMTP Server 2.3.2) with SMTP ID 457 for ; Thu, 4 Jun 2015 06:28:42 -0700 (PDT) Received: from MBX080-W4-CO-1.exch080.serverpod.net (unknown [10.224.117.101]) by emg-ca-1-1.localdomain (Postfix) with ESMTP id C0D8153E99 for ; Thu, 4 Jun 2015 06:28:42 -0700 (PDT) Received: from MBX080-W4-CO-1.exch080.serverpod.net (10.224.117.101) by MBX080-W4-CO-1.exch080.serverpod.net (10.224.117.101) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 4 Jun 2015 06:28:42 -0700 Received: from MBX080-W4-CO-1.exch080.serverpod.net ([10.224.117.101]) by mbx080-w4-co-1.exch080.serverpod.net ([10.224.117.101]) with mapi id 15.00.1044.021; Thu, 4 Jun 2015 06:28:42 -0700 From: Olivier Renault To: "user@ambari.apache.org" , "user@ambari.apache.org" Thread-Topic: Launching Kerberized cluster via Blueprint Thread-Index: AQHQnrzhA+ckk0mbyEeiiqXujw0T+52cV0X8 Date: Thu, 4 Jun 2015 13:28:41 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-source-routing-agent: Processed Content-Type: multipart/alternative; boundary="_000_DFB6CA29F208216D190ac03d592234ec0a22e0b5d5503caa1mailou_" --_000_DFB6CA29F208216D190ac03d592234ec0a22e0b5d5503caa1mailou_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Unfortunately, it's a two step process atm. Install via blueprint and then = API call for kerberos. IIRC, it's on the roadmap. Olivier Renault On Thu, Jun 4, 2015 at 4:52 AM -0700, "Lo=EFc Chanel" > wrote: Hi all, As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke = beros, I had the feeling that it is not possible to instantiate a cluster a= sking it to generate the principal and keytabs linked to each of its servic= es. Is there a way to deploy both of the cluster services and the corresponding= principals and keytabs via blueprint, just like if I deployed my cluster a= nd I was asking Ambari to enable Kerberos with MIT KDC ? Thanks, Lo=EFc Lo=EFc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne (France - 69) --_000_DFB6CA29F208216D190ac03d592234ec0a22e0b5d5503caa1mailou_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Unfortunately, it's a two step process atm. Install via blue= print and then API call for kerberos.

IIRC, it's on the roadmap.

Olivier Renault




On Thu, Jun 4, 2015 at 4:52 AM -0700, "Lo= =EFc Chanel" <loic.= chanel@telecomnancy.net> wrote:

Hi all,

As I was trying to deploy a fully secured cluster with Knox, = Ranger and Ke beros, I had the feeling that it is not possible to instantia= te a cluster asking it to generate the principal and keytabs linked to each= of its services.

Is there a way to deploy both of the cluster services and the= corresponding principals and keytabs via blueprint, just like if I deployed my clu= ster and I was asking Ambari to enable Kerberos with MIT KDC ?

Thanks,


Lo=EFc

Lo=EFc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne (France - 69)
--_000_DFB6CA29F208216D190ac03d592234ec0a22e0b5d5503caa1mailou_--