Versions Compared

Old Version 11

changes.mady.by.user Robert Levas

Saved on

compared with

New Version Current

changes.mady.by.user Robert Levas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This document is a work in progress.for Ambari versions between 2.0 and 2.2. The latest version may be seen at https://github.com/apache/ambari/blob/trunk/ambari-server/docs/security/kerberos/index.md.

Table of Contents
maxLevel4

...

The default realm to use when creating service principals

Example: EXAMPLE.COM

kdc_host (<Ambari 2.4.0)

The IP address or FQDN for the KDC host. Optionally a port number may be included.

Example:  kdc.example.com

Example: kdc.example.com:88

kdc_hosts (>=Ambari 2.4.0)

A comma-delimited list of IP addresses or FQDNs for the list of relevant KDC hosts. Optionally a port number may be included for each entry.

Example:  kdc kdc.example.com, kdc1.example.com

Example: kdc.example.com:88, kdc1.example.com:88 

admin_server_host

The IP address or FQDN for the KDC Kerberos administrative host. Optionally a port number may be included.

...

renew_lifetime = 7d
forwardable = true
default_realm = {{realm}}
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
#default_tgs_enctypes = {{encryption_types}}
#default_tkt_enctypes = {{encryption_types}}

{% if domains %}
[domain_realm]
{% for domain in domains.split(',') %}
{{domain}} = {{realm}}
{% endfor %}
{% endif %}

[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log

[realms]
{{realm}} = {
  admin_server = {{admin_server_host|default(kdc_host, True)}}
  kdc = {{kdc_host}}
}

{# Append additional realm declarations below #}

...

curl -H "X-Requested-By:ambari" -u admin:admin -i -X PUT -d  '{"RequestInfo":{"context":"Stop Service"},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}'  http://AMBARI_SERVER:8080/api/v1/clusters/CLUSTER_NAME/services

Get the default Kerberos Descriptor

curl -H "X-Requested-By:ambari" -u admin:admin -i -X GET http://AMBARI_SERVER:8080/api/v1/stacks/STACK_NAME/versions/STACK_VERSION/artifacts/kerberos_descriptor

Get the

...

customized Kerberos Descriptor (if previously set)

curl -H "X-Requested-By:ambari" -u admin:admin -i -X GET http://AMBARI_SERVER:8080/api/v1/clusters/CLUSTER_NAME/artifacts/kerberos_descriptor

...

curl -H "X-Requested-By:ambari" -u admin:admin -i -X PUT POST -d @./payload http://AMBARI_SERVER:8080/api/v1/clusters/CLUSTER_NAME/artifacts/kerberos_descriptor

...