You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ambari.apache.org by Loïc Chanel <lo...@telecomnancy.net> on 2015/06/04 13:51:16 UTC
Launching Kerberized cluster via Blueprint
Hi all,
As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke
beros, I had the feeling that it is not possible to instantiate a cluster
asking it to generate the principal and keytabs linked to each of its
services.
Is there a way to deploy both of the cluster services and the
corresponding principals
and keytabs via blueprint, just like if I deployed my cluster and I was
asking Ambari to enable Kerberos with MIT KDC ?
Thanks,
Loïc
Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne (France - 69)
Re: Launching Kerberized cluster via Blueprint
Posted by Loïc Chanel <lo...@telecomnancy.net>.
Thanks to both of you for the confirmation of the fact that it cannot be
done at the same time.
The Ambari REST API sounds very complicated for what I want to do, so I
will simply use the UI to Kerberize my cluster.
Thanks for your quick responses and your information,
Loïc
Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne
2015-06-04 15:43 GMT+02:00 Robert Levas <rl...@hortonworks.com>:
> Hi Loïc,
>
> Installing a cluster with Kerberos enabled via Blueprints is not
> available right now. I think it may be possible to enable this feature,
> but some work needs to done in Ambari to handle it. I think this is
> somewhere in the roadmap, but I am not sure where.
>
> As a workaround, it is possible to enable Kerberos via the Ambari ReST
> API, if you were trying to avoid using the UI. Most of the steps are
> straight forward, however there is one step that can be difficult to
> perform due to the size of the data that needs to be posted. This is the
> Kerberos Descriptor, which declares how each service in the cluster is to
> be handled when enabling Kerberos. If you are interested in this, I can
> provide the steps; however in Ambari 2.0.0 there is a bug in the UI where,
> if Kerberos was enabled via the API there is a chance that the UI will not
> “think” Kerberos is enabled. That issue will be fixed for Ambari 2.1.0.
>
> Rob
>
> From: Loïc Chanel <lo...@telecomnancy.net>
> Reply-To: "user@ambari.apache.org" <us...@ambari.apache.org>
> Date: Thursday, June 4, 2015 at 7:51 AM
> To: "user@ambari.apache.org" <us...@ambari.apache.org>
> Subject: Launching Kerberized cluster via Blueprint
>
> Hi all,
>
> As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke
> beros, I had the feeling that it is not possible to instantiate a cluster
> asking it to generate the principal and keytabs linked to each of its
> services.
>
> Is there a way to deploy both of the cluster services and the correspondingprincipals
> and keytabs via blueprint, just like if I deployed my cluster and I was
> asking Ambari to enable Kerberos with MIT KDC ?
>
> Thanks,
>
>
> Loïc
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne (France - 69)
>
Re: Launching Kerberized cluster via Blueprint
Posted by Robert Levas <rl...@hortonworks.com>.
Hi Loïc,
Installing a cluster with Kerberos enabled via Blueprints is not available right now. I think it may be possible to enable this feature, but some work needs to done in Ambari to handle it. I think this is somewhere in the roadmap, but I am not sure where.
As a workaround, it is possible to enable Kerberos via the Ambari ReST API, if you were trying to avoid using the UI. Most of the steps are straight forward, however there is one step that can be difficult to perform due to the size of the data that needs to be posted. This is the Kerberos Descriptor, which declares how each service in the cluster is to be handled when enabling Kerberos. If you are interested in this, I can provide the steps; however in Ambari 2.0.0 there is a bug in the UI where, if Kerberos was enabled via the API there is a chance that the UI will not "think" Kerberos is enabled. That issue will be fixed for Ambari 2.1.0.
Rob
From: Loïc Chanel <lo...@telecomnancy.net>>
Reply-To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Date: Thursday, June 4, 2015 at 7:51 AM
To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Subject: Launching Kerberized cluster via Blueprint
Hi all,
As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke beros, I had the feeling that it is not possible to instantiate a cluster asking it to generate the principal and keytabs linked to each of its services.
Is there a way to deploy both of the cluster services and the correspondingprincipals and keytabs via blueprint, just like if I deployed my cluster and I was asking Ambari to enable Kerberos with MIT KDC ?
Thanks,
Loïc
Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne (France - 69)
Re: Launching Kerberized cluster via Blueprint
Posted by Olivier Renault <or...@hortonworks.com>.
Unfortunately, it's a two step process atm. Install via blueprint and then API call for kerberos.
IIRC, it's on the roadmap.
Olivier Renault
On Thu, Jun 4, 2015 at 4:52 AM -0700, "Loïc Chanel" <lo...@telecomnancy.net>> wrote:
Hi all,
As I was trying to deploy a fully secured cluster with Knox, Ranger and Ke beros, I had the feeling that it is not possible to instantiate a cluster asking it to generate the principal and keytabs linked to each of its services.
Is there a way to deploy both of the cluster services and the corresponding principals and keytabs via blueprint, just like if I deployed my cluster and I was asking Ambari to enable Kerberos with MIT KDC ?
Thanks,
Loïc
Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne (France - 69)