You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bigtop.apache.org by rv...@apache.org on 2012/03/20 18:58:35 UTC
svn commit: r1303058 - in
/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase:
manifests/init.pp templates/hbase-env.sh templates/jaas.conf
Author: rvs
Date: Tue Mar 20 17:58:34 2012
New Revision: 1303058
URL: http://svn.apache.org/viewvc?rev=1303058&view=rev
Log:
BIGTOP-470. [puppet] Improve secure configuration for zk and hbase (Patrick Taylor Ramsey via rvs)
Added:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
Modified:
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
Modified: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp?rev=1303058&r1=1303057&r2=1303058&view=diff
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp (original)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/manifests/init.pp Tue Mar 20 17:58:34 2012
@@ -26,6 +26,11 @@ class hadoop-hbase {
require kerberos::client
kerberos::host_keytab { "hbase":
}
+
+ file { "/etc/hbase/conf/jaas.conf":
+ content => template("hadoop-hbase/jaas.conf"),
+ require => Package["hbase"],
+ }
}
file { "/etc/hbase/conf/hbase-site.xml":
Modified: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh?rev=1303058&r1=1303057&r2=1303058&view=diff
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh (original)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/hbase-env.sh Tue Mar 20 17:58:34 2012
@@ -36,6 +36,12 @@ export HBASE_HEAPSIZE=<%= heap_size %>
# see http://wiki.apache.org/hadoop/PerformanceTuning
export HBASE_OPTS="$HBASE_OPTS -ea -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode"
+<% if kerberos_realm != "" -%>
+# Secure Zookeeper settings
+export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config=/etc/hbase/conf/jaas.conf"
+export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config=/etc/hbase/conf/jaas.conf"
+<% end -%>
+
# Uncomment below to enable java garbage collection logging.
# export HBASE_OPTS="$HBASE_OPTS -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:$HBASE_HOME/logs/gc-hbase.log"
Added: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf?rev=1303058&view=auto
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf (added)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-hbase/templates/jaas.conf Tue Mar 20 17:58:34 2012
@@ -0,0 +1,7 @@
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ useTicketCache=false
+ keyTab="/etc/hbase.keytab"
+ principal="hbase/<%= fqdn %>@<%= kerberos_realm %>";
+};