[
https://issues.apache.org/jira/browse/AMBARI-8610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yusaku Sako updated AMBARI-8610:
--------------------------------
Fix Version/s: (was: 2.1.2)
2.1.3
> Kerberos add hosts/services CSV required for automating keytab distribution
> ---------------------------------------------------------------------------
>
> Key: AMBARI-8610
> URL: https://issues.apache.org/jira/browse/AMBARI-8610
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: 1.6.1
> Environment: HDP 2.1
> Reporter: Hari Sekhon
> Assignee: Robert Levas
> Fix For: 2.1.3
>
>
> Ambari generates a CSV list of principals for generating keytabs only when
> initially kerberizing a cluster.
> However, when adding nodes to the cluster Ambari provides no such CSV or list
> of principals - leaving the user to figure out the list of required
> principals and keytabs themselves.
> A CSV of new principals and keytabs should be created whenever deploying new
> hosts or new services to an existing kerberized cluster to allow for similar
> automation of extending an existing cluster.
> I use the original CSV as input to a perl program I've written to automate
> kerberos principal creation, keytab exports and distribution to nodes based
> for a FreeIPA realm (standalone MIT KDC as per stock kerberos_setup.sh is
> used more for small VM / PoC setups without LDAP integrated users and groups).
> If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters
> they can use this program on my github:
> {code}
> git clone https://github.com/harisekhon/toolbox
> cd toolbox
> make
> ./ambari_freeipa_kerberos_setup.pl --help
> {code}
> Regards,
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
