Hi Loïc, Installing a cluster with Kerberos enabled via Blueprints is not available right now. I think it may be possible to enable this feature, but some work needs to done in Ambari to handle it. I think this is somewhere in the roadmap, but I am not sure where.
As a workaround, it is possible to enable Kerberos via the Ambari ReST API, if you were trying to avoid using the UI. Most of the steps are straight forward, however there is one step that can be difficult to perform due to the size of the data that needs to be posted. This is the Kerberos Descriptor, which declares how each service in the cluster is to be handled when enabling Kerberos. If you are interested in this, I can provide the steps; however in Ambari 2.0.0 there is a bug in the UI where, if Kerberos was enabled via the API there is a chance that the UI will not "think" Kerberos is enabled. That issue will be fixed for Ambari 2.1.0. Rob From: Loïc Chanel <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, June 4, 2015 at 7:51 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Launching Kerberized cluster via Blueprint Hi all, As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke beros, I had the feeling that it is not possible to instantiate a cluster asking it to generate the principal and keytabs linked to each of its services. Is there a way to deploy both of the cluster services and the correspondingprincipals and keytabs via blueprint, just like if I deployed my cluster and I was asking Ambari to enable Kerberos with MIT KDC ? Thanks, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne (France - 69)
