Repository: ambari Updated Branches: refs/heads/trunk 550563a1c -> e9bbe6564
AMBARI-8803. Kerberos Descriptor: Fix issues related to headless user identities. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e9bbe656 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e9bbe656 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e9bbe656 Branch: refs/heads/trunk Commit: e9bbe6564612e3e74b7fc3590f2ab3076817bc45 Parents: 550563a Author: Jaimin Jetly <[email protected]> Authored: Thu Dec 18 14:43:05 2014 -0800 Committer: Jaimin Jetly <[email protected]> Committed: Thu Dec 18 14:43:23 2014 -0800 ---------------------------------------------------------------------- .../src/main/resources/stacks/HDP/2.2/kerberos.json | 10 +++++----- .../resources/stacks/HDP/2.2/services/HBASE/kerberos.json | 2 +- .../resources/stacks/HDP/2.2/services/HDFS/kerberos.json | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/e9bbe656/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json index 92370a3..fcbd669 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json @@ -24,13 +24,13 @@ { "name": "hdfs", "principal": { - "value": "hdfs@${realm}", - "configuration": "cluster-env/hdfs_principal_name" + "value": "${hadoop-env/hdfs_user}@${realm}", + "configuration": "hadoop-env/hdfs_principal_name" }, "keytab": { "file": "${keytab_dir}/hdfs.headless.keytab", "owner": { - "name": "root", + "name": "${hadoop-env/hdfs_user}", "access": "r" }, "group": { @@ -43,13 +43,13 @@ { "name": "smokeuser", "principal": { - "value": "ambari-qa@${realm}", + "value": "${cluster-env/smokeuser}@${realm}", "configuration": "cluster-env/smokeuser_principal_name" }, "keytab": { "file": "${keytab_dir}/smokeuser.headless.keytab", "owner": { - "name": "root", + "name": "${cluster-env/smokeuser}", "access": "r" }, "group": { http://git-wip-us.apache.org/repos/asf/ambari/blob/e9bbe656/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json index 2807aaa..4b6213e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json @@ -12,7 +12,7 @@ { "name": "hbase", "principal": { - "value": "hbase@${realm}", + "value": "${hbase-env/hbase_user}@${realm}", "configuration": "hbase-env/hbase_principal_name" }, "keytab": { http://git-wip-us.apache.org/repos/asf/ambari/blob/e9bbe656/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json index 1bf3609..52c7d37 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json @@ -25,7 +25,7 @@ "hadoop.security.authentication": "kerberos", "hadoop.rpc.protection": "authentication", "hadoop.security.authorization": "true", - "hadoop.security.auth_to_local": "RULE:[2:$1@$0]([jt]t@.*${realm})s/.*/mapred/\nRULE:[2:$1@$0]([nd]n@.*${realm})s/.*/hdfs/\nRULE:[2:$1@$0](hm@.*${realm})s/.*/hbase/\nRULE:[2:$1@$0](rs@.*${realm})s/.*/hbase/\nDEFAULT" + "hadoop.security.auth_to_local": "RULE:[2:$1@$0]([nd]n@.*${realm})s/.*/hdfs/\nRULE:[2:$1@$0]([rn]m@.*${realm})s/.*/yarn/\nRULE:[2:$1@$0](hs@.*${realm})s/.*/mapred/\nRULE:[2:$1@$0](hm@.*${realm})s/.*/hbase/\nRULE:[2:$1@$0](rs@.*${realm})s/.*/hbase/\nDEFAULT" } } ],
