Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-10037

Support creation of a secure cluster (w/ blueprints)

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: ambari-server

      Description

      While it is possible to enable Kerberos on an existing cluster, it should be possible to create a new cluster with Kerberos enabled in a single step. Ideally the blueprint API could be used in that case.

      Note that any service added to an already-secured cluster is immediately secured. Therefore, a possible workaround is to create a cluster with no services, secure it, then add services. But this workaround is incompatible with blueprints.

      Among the benefits:

      1. reduced time spent in an insecure configuration; close a potential vulnerability.
      2. more convenient; no additional step to perform.
      3. faster; fewer restarts.
      4. improved interoperability with HCFS.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eronwright Eron Wright
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: