AMBARI-7824. Slider View: Unable to create app when cluster is secured - keytab doesnt exist. Doc updates (srimanth)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0844d54e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0844d54e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0844d54e Branch: refs/heads/trunk Commit: 0844d54edf3d6b974d7402f8ae607c13bd4d1246 Parents: 007cb13 Author: Srimanth Gunturi <[email protected]> Authored: Thu Oct 16 23:36:09 2014 -0700 Committer: Srimanth Gunturi <[email protected]> Committed: Fri Oct 17 10:08:05 2014 -0700 ---------------------------------------------------------------------- contrib/views/slider/docs/index.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0844d54e/contrib/views/slider/docs/index.md ---------------------------------------------------------------------- diff --git a/contrib/views/slider/docs/index.md b/contrib/views/slider/docs/index.md index 0c9132c..bd23d14 100644 --- a/contrib/views/slider/docs/index.md +++ b/contrib/views/slider/docs/index.md @@ -80,4 +80,35 @@ From *Ambari-Admin* create a *Slider Apps View* with the below parameters popula * slider.security.enabled = true * view.kerberos.principal = `view-principal` -* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab` \ No newline at end of file +* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab` + +#### Step-5 Create *Kerberos* principal for *slider.user* +We need to provide a *Kerberos* identity for the user identified in *slider.user* view parameter. + +The *slider.user* view parameter has the following interpretations: + +* If the parameter is left blank, it means the user *yarn*. +* If it is `${username}`, it is the user logged into Ambari. +* Else, it is exact name of the user. + +We shall assume the user as `slider-user`. In a secured cluster this user has to actually exist on all the hosts. The user should also have an *uid* greater than 1000. + +On the machine where *KDC Server* is hosted, create user principal by running below command + +``` +kadmin.local -q "addprinc -randkey [email protected]" +``` +Next, extract keytab file + +``` +kadmin.local -q "xst -k /path/to/keytab/slider-user.headless.keytab [email protected]" +``` +The keytab file should then be copied over to the keytabs location on the host where the view is hosted. + +``` +cp /path/to/keytab/slider-user.headless.keytab /etc/security/keytabs/ +``` + +Change file permissions so that only necessary users can access it. + +**Make sure that `slider-user` keytab is at /etc/security/keytabs/`slider-user`.headless.keytab**
