[jira] [Updated] (AMBARI-13240) Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

[Robert Levas (JIRA)]

     [ 
https://issues.apache.org/jira/browse/AMBARI-13240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-13240:
----------------------------------
    Description: 
Because multiple KDCs may exist for an installation (failover, high 
availability, etc...), Ambari should allow a user to specify multiple KDC hosts 
to be set while enabling Kerberos and updating the Kerberos service's 
configuration.

This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
(comma-)delimited list of hosts and then parsing that list properly when 
building the krb5.conf file where each {{kdc_host}} item generates an entry in 
the relevant realm block.  For example:

{noformat:title=kerberos-env}
{
  ...
 "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
{noformat}

{noformat:title=krb5.conf}
[realms]
  EXAMPLE.COM = {
    ...
    kdc = kdc1.example.com
    kdc = kdc2.example.com
    ...
  }
{noformat}

  was:
Because multiple KDCs may exist for an installation (failover, high 
availability, etc...), Ambari should allow a user to specify multiple KDC hosts 
to be set while enabling Kerberos and updating the Kerberos service's 
configuration.

This should be done by adding a property to {{kerberos-env}}, named 
{{additional_kdc_hosts}}, to accept a comma-delimited list of hosts. If set, 
the list of hosts are to be split where each {{additional_kdc_hosts}} item 
generates an entry in the relevant realm block in the {{krb5.conf}} file.  For 
example:

{noformat:title=kerberos-env}
{
  ...
 "kdc_host" : "kdc.example.com",
 "additional_kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
{noformat}

{noformat:title=krb5.conf}
[realms]
  EXAMPLE.COM = {
    ...
    kdc = kdc.example.com
    kdc = kdc1.example.com
    kdc = kdc2.example.com
    ...
  }
{noformat}

Note: the reason that {{additional_kdc_hosts}} is added rather than changing 
{{kdc_host}} to {{kdc_hosts}} is to maintain backward compatibility.


> Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos
> --------------------------------------------------------------------
>
>                 Key: AMBARI-13240
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13240
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server, ambari-web
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Minor
>              Labels: kerberos
>             Fix For: 2.3.0
>
>
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> {noformat:title=kerberos-env}
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> {noformat}
> {noformat:title=krb5.conf}
> [realms]
>   EXAMPLE.COM = {
>     ...
>     kdc = kdc1.example.com
>     kdc = kdc2.example.com
>     ...
>   }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)