Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.6.1
-
None
-
None
-
HDP 2.1
Description
Ambari generates a CSV list of principals for generating keytabs only when initially kerberizing a cluster.
However, when adding nodes to the cluster Ambari provides no such CSV or list of principals - leaving the user to figure out the list of required principals and keytabs themselves.
A CSV of new principals and keytabs should be created whenever deploying new hosts or new services to an existing kerberized cluster to allow for similar automation of extending an existing cluster.
I use the original CSV as input to a perl program I've written to automate kerberos principal creation, keytab exports and distribution to nodes based for a FreeIPA realm (standalone MIT KDC as per stock kerberos_setup.sh is used more for small VM / PoC setups without LDAP integrated users and groups).
If anyone else wants to automate FreeIPA Kerberos keytabs for their clusters they can use this program on my github:
git clone https://github.com/harisekhon/toolbox
cd toolbox
make
./ambari_freeipa_kerberos_setup.pl --help
Regards,
Hari Sekhon
http://www.linkedin.com/in/harisekhon
Attachments
Issue Links
- is related to
-
AMBARI-12408 Add Host and Add Service Wizards do not contain a Download CSV button when Kerberos is enabled
-
- Resolved
-