[
https://issues.apache.org/jira/browse/BIGTOP-1670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14323040#comment-14323040
]
Michael Weiser edited comment on BIGTOP-1670 at 2/16/15 5:40 PM:
-----------------------------------------------------------------
Hi [~evans_ye],
I totally agree on the documentation front but hadn't thought as far because I
wanted to get a feel for your acceptance of the idea first. So let's try if it
works for you and then decide. Good to known that at least it doesn't cause any
failures until enabled. :)
The error you're getting is because trocla isn't installed yet. Unfortunately,
trocla installation using the trocla puppet module seems to be a bit more
broken than I initially thought. I'm working with the author on this and I am
creating Debian packages for it. If you have Internet connectivity, you can run
the following:
{noformat}
# gem install trocla
# puppet module install duritong/trocla
# puppet apply -e "class { 'trocla::config': manage_dependencies => false }"
{noformat}
The trocla ruby gem pulls in highline, moneta and bcrypt. The bcrypt gem might
need ruby development packages (ruby.h) and a compiler. Alternatively you can
use your distributions' packages. However you install, the following should now
work as should the cookie generating in hadoop::common_hdfs:
{noformat}
# puppet apply -e "file { '/tmp/blub': content => trocla("test", "plain") }"
Notice: Compiled catalog for btnode1.proto.bsi.de in environment production in
0.43 seconds
Notice: /Stage[main]/Main/File[/tmp/blub]/ensure: defined content as
'{md5}505009853e199761c392f9fea8110648'
Notice: Finished catalog run in 0.05 seconds
# cat /tmp/blub
puGNOX-G%zYDKHet
{noformat}
With just puppet apply you won't get the full experience since password storage
will happen in /tmp/trocla.yaml locally on each node. So, passwords will differ
between nodes. In a master/agent setup, you'll get one trocla.yaml in
/var/lib/puppet/server_storage *on the master* and passwords will be identical
across hosts as needed for the cookie secret.
was (Author: michaelweiser):
Hi [~evans_ye],
I totally agree on the documentation front but hadn't thought as far because I
wanted to get a feel for your acceptance of the idea first. So let's try if it
works for you and then decide. Good to known that at least it doesn't cause any
failures until enabled. :)
The error you're getting it because trocla isn't installed yet. Unfortunately,
trocla installation using the trocla puppet module seems to be a bit more
broken than I initially thought. I'm working with the author on this and I am
creating Debian packages for it. If you have Internet connectivity, you can run
the following:
{noformat}
# gem install trocla
# puppet module install duritong/trocla
# puppet apply -e "class { 'trocla::config': manage_dependencies => false }"
{noformat}
The trocla ruby gem pulls in highline, moneta and bcrypt. The bcrypt gem might
need ruby development packages (ruby.h) and a compiler. Alternatively you can
use your distributions' packages. However you install, the following should now
work as should the cookie generating in hadoop::common_hdfs:
{noformat}
# puppet apply -e "file { '/tmp/blub': content => trocla("test", "plain") }"
Notice: Compiled catalog for btnode1.proto.bsi.de in environment production in
0.43 seconds
Notice: /Stage[main]/Main/File[/tmp/blub]/ensure: defined content as
'{md5}505009853e199761c392f9fea8110648'
Notice: Finished catalog run in 0.05 seconds
# cat /tmp/blub
puGNOX-G%zYDKHet
{noformat}
With just puppet apply you won't get the full experience since password storage
will happen in /tmp/trocla.yaml locally on each node. So, passwords will differ
between nodes. In a master/agent setup, you'll get one trocla.yaml in
/var/lib/puppet/server_storage and passwords will be identical across hosts as
needed for the cookie secret.
> puppet: Support Kerberos authentication on Hadoop component web GUIs
> --------------------------------------------------------------------
>
> Key: BIGTOP-1670
> URL: https://issues.apache.org/jira/browse/BIGTOP-1670
> Project: Bigtop
> Issue Type: Improvement
> Components: deployment
> Affects Versions: backlog
> Reporter: Michael Weiser
> Attachments:
> 0001-BIGTOP-1670-puppet-Support-Kerberos-authentication-o.patch
>
>
> Support configuration of Kerberos authentication on Hadoop component web
> GUIs. Also introduce support for trocla for randomly generating secrets that
> are stored on the master, don't change after creation and can be the same
> across hosts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
