Thanks to both of you for the confirmation of the fact that it cannot be done at the same time.
The Ambari REST API sounds very complicated for what I want to do, so I will simply use the UI to Kerberize my cluster. Thanks for your quick responses and your information, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne 2015-06-04 15:43 GMT+02:00 Robert Levas <[email protected]>: > Hi Loïc, > > Installing a cluster with Kerberos enabled via Blueprints is not > available right now. I think it may be possible to enable this feature, > but some work needs to done in Ambari to handle it. I think this is > somewhere in the roadmap, but I am not sure where. > > As a workaround, it is possible to enable Kerberos via the Ambari ReST > API, if you were trying to avoid using the UI. Most of the steps are > straight forward, however there is one step that can be difficult to > perform due to the size of the data that needs to be posted. This is the > Kerberos Descriptor, which declares how each service in the cluster is to > be handled when enabling Kerberos. If you are interested in this, I can > provide the steps; however in Ambari 2.0.0 there is a bug in the UI where, > if Kerberos was enabled via the API there is a chance that the UI will not > “think” Kerberos is enabled. That issue will be fixed for Ambari 2.1.0. > > Rob > > From: Loïc Chanel <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Thursday, June 4, 2015 at 7:51 AM > To: "[email protected]" <[email protected]> > Subject: Launching Kerberized cluster via Blueprint > > Hi all, > > As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke > beros, I had the feeling that it is not possible to instantiate a cluster > asking it to generate the principal and keytabs linked to each of its > services. > > Is there a way to deploy both of the cluster services and the > correspondingprincipals > and keytabs via blueprint, just like if I deployed my cluster and I was > asking Ambari to enable Kerberos with MIT KDC ? > > Thanks, > > > Loïc > Loïc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne (France - 69) >
