Author: rvs
Date: Tue Mar 20 17:58:34 2012
New Revision: 1303058
URL: http://svn.apache.org/viewvc?rev=1303058&view=rev
Log:
BIGTOP-470. [puppet] Improve secure configuration for zk and hbase (Patrick
Taylor Ramsey via rvs)
Added:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
Modified:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
Modified:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
URL:
http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp?rev=1303058&r1=1303057&r2=1303058&view=diff
==============================================================================
---
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
(original)
+++
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
Tue Mar 20 17:58:34 2012
@@ -26,6 +26,11 @@ class hadoop-hbase {
require kerberos::client
kerberos::host_keytab { "hbase":
}
+
+ file { "/etc/hbase/conf/jaas.conf":
+ content => template("hadoop-hbase/jaas.conf"),
+ require => Package["hbase"],
+ }
}
file { "/etc/hbase/conf/hbase-site.xml":
Modified:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
URL:
http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh?rev=1303058&r1=1303057&r2=1303058&view=diff
==============================================================================
---
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
(original)
+++
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
Tue Mar 20 17:58:34 2012
@@ -36,6 +36,12 @@ export HBASE_HEAPSIZE=<%= heap_size %>
# see http://wiki.apache.org/hadoop/PerformanceTuning
export HBASE_OPTS="$HBASE_OPTS -ea -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode"
+<% if kerberos_realm != "" -%>
+# Secure Zookeeper settings
+export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS
-Djava.security.auth.login.config=/etc/hbase/conf/jaas.conf"
+export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS
-Djava.security.auth.login.config=/etc/hbase/conf/jaas.conf"
+<% end -%>
+
# Uncomment below to enable java garbage collection logging.
# export HBASE_OPTS="$HBASE_OPTS -verbose:gc -XX:+PrintGCDetails
-XX:+PrintGCDateStamps -Xloggc:$HBASE_HOME/logs/gc-hbase.log"
Added:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
URL:
http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf?rev=1303058&view=auto
==============================================================================
---
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
(added)
+++
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
Tue Mar 20 17:58:34 2012
@@ -0,0 +1,7 @@
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ useTicketCache=false
+ keyTab="/etc/hbase.keytab"
+ principal="hbase/<%= fqdn %>@<%= kerberos_realm %>";
+};
