Hari Sekhon created AMBARI-8610:
-----------------------------------
Summary: Kerberos add hosts/services CSV required for automating
keytab distribution
Key: AMBARI-8610
URL: https://issues.apache.org/jira/browse/AMBARI-8610
Project: Ambari
Issue Type: Improvement
Affects Versions: 1.6.1
Environment: HDP 2.1
Reporter: Hari Sekhon
Ambari generates a CSV list of principals for generating keytabs only when
initially kerberizing a cluster. However, when adding nodes to the cluster
Ambari provides no such CSV or list of principals.
I am using that CSV input to a perl program I've written to automate kerberos
principal creation, keytab exports and distribution to nodes based for a
FreeIPA realm (standalone MIT KDC as per stock kerberos_setup.sh is used more
for small VM / PoC setups without LDAP integrated users and groups).
A CSV of new principals and keytabs required should be created whenever
deploying new hosts or new services to an existing kerberized cluster.
If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters
they can use this program on my github:
{code}
git clone https://github.com/harisekhon/toolbox
cd toolbox
make
./ambari_freeipa_kerberos_setup.pl --help
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
