You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2014/12/19 06:41:58 UTC

ambari git commit: AMBARI-8781. create Kerberos descriptor for knox service. (dilli via jaimin)

Repository: ambari
Updated Branches:
  refs/heads/trunk dc534389a -> c3e76b0e7


AMBARI-8781. create Kerberos descriptor for knox service. (dilli via jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c3e76b0e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c3e76b0e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c3e76b0e

Branch: refs/heads/trunk
Commit: c3e76b0e7c38447f8a5997be87848f9e5a652185
Parents: dc53438
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Thu Dec 18 21:41:07 2014 -0800
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Thu Dec 18 21:41:21 2014 -0800

----------------------------------------------------------------------
 .../stacks/HDP/2.2/services/KNOX/kerberos.json  | 54 ++++++++++++++++++++
 1 file changed, 54 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c3e76b0e/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json
new file mode 100644
index 0000000..ab70d39
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json
@@ -0,0 +1,54 @@
+{
+  "services": [
+    {
+      "name": "KNOX",
+      "components": [
+        {
+          "name": "KNOX_GATEWAY",
+          "identities": [
+            {
+              "name": "knox_principal",
+              "principal": {
+                "value": "${knox-env/knox_user}/_HOST@${realm}",
+                "configuration": "knox-env/knox_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/knox.service.keytab",
+                "owner": {
+                  "name": "${knox-env/knox_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "knox-env/knox_keytab_path"
+              }
+            }
+          ],
+          "configurations": [
+            {
+              "gateway-site": {
+                "gateway.hadoop.kerberos.secured": "true",
+                "java.security.krb5.conf": "/etc/krb5.conf" 
+              },
+              "core-site": {
+                "hadoop.proxyuser.knox.groups":  "${hadoop-env/proxyuser_group}",
+                "hadoop.proxyuser.knox.hosts": "${host}"
+              },
+              "webhcat-site": {
+                "webhcat.proxyuser.knox.groups":  "${hadoop-env/proxyuser_group}",
+                "webhcat.proxyuser.knox.hosts": "${host}"
+              },
+              "oozie-site": {
+                "oozie.service.ProxyUserService.proxyuser.knox.groups":   "${hadoop-env/proxyuser_group}",
+                "oozie.service.ProxyUserService.proxyuser.knox.hosts":  "${host}"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
+