[
https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15187302#comment-15187302
]
Robert Levas commented on AMBARI-6432:
--------------------------------------
[~bolke]... I assume your patch expects IPA version 4.x. I didn't notice in
the checklist if a version was specified. On my Centos6.5 cluster, yum
installs version 3.0.0:
{noformat}
[root@c6501 ~]# yum info ipa-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.net.cen.ct.gov
* epel: mirror.us.leaseweb.net
* extras: mirror.us.leaseweb.net
* updates: centos.mirror.constant.com
Installed Packages
Name : ipa-server
Arch : x86_64
Version : 3.0.0
Release : 47.el6.centos.1
Size : 4.2 M
Repo : installed
>From repo : updates
Summary : The IPA authentication server
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication credentials),
Policy
: (configuration settings, access control information) and Audit
(events,
: logs, analysis thereof). If you are installing an IPA server you
need
: to install this package (in other words, most people should NOT
install
: this package).
{noformat}
When Ambari creates principals, I get the following error:
{noformat}
[root@c6501 ~]# ipa service-add --ok-as-delegate=TRUE
HTTP/[email protected]
Usage: ipa [global-options] service-add PRINCIPAL [options]
ipa: error: no such option: --ok-as-delegate
{noformat}
So we should make sure the user knows what version of IPA is supported.
> FreeIPA Support in Ambari
> -------------------------
>
> Key: AMBARI-6432
> URL: https://issues.apache.org/jira/browse/AMBARI-6432
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: trunk
> Reporter: jay vyas
> Assignee: Bolke de Bruin
> Fix For: 2.4.0
>
> Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.patch,
> AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch,
> AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch,
> AMBARI-6432.trunk.v5.patch, AMBARI-6432.trunk.v5.patch, ipa-patch-v0.5.patch
>
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials,
> across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to
> kerberize services. This would allow for
> 1) better HCFS interoperability, because first class GID/UID is critical for
> certain file systems (GlusterFS, Lustre, and any other file system which uses
> kernel / FUSE apis for determining identity)
> 2) better enterprise interoperability. Because of the fact that FreeIPA
> makes it easy to interop with different identity solutions (like active
> directory), it would make ambari easier to adopt for various enterprises.
> 3) broadens ambaris scope. Now ambari could also allow people to setup the
> users of their clusters, and at least some of the security features of their
> clusters, all from one interface (no more manual handling of TGTs and such -
> it could all be done quite easily via the ambari UI which could make calls to
> underlying FreeIPA clients).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
