You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2015/01/06 00:00:35 UTC

[jira] [Commented] (AMBARI-6432) FreeIPA Support in Ambari

    [ https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14265277#comment-14265277 ] 

Hari Sekhon commented on AMBARI-6432:
-------------------------------------

Jay,

I wrote a Perl program that does FreeIPA for Ambari that solves this today - it's got full option parsing and error handling at every step. It parses the same CSV that Ambari exports, it just needs an existing FreeIPA system and even distributes the keytabs over ssh, and comes with a sizeable --help description and listing of all the command line switches. You can find it on my github:

{code}git clone https://github.com/harisekhon/toolbox
cd toolbox
make

./ambari_freeipa_kerberos_setup.pl --help{code}

Best Regards,

Hari Sekhon
(ex-Cloudera)
http://www.linkedin.com/in/harisekhon

> FreeIPA Support in Ambari
> -------------------------
>
>                 Key: AMBARI-6432
>                 URL: https://issues.apache.org/jira/browse/AMBARI-6432
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>            Reporter: jay vyas
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials, across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to kerberize services.  This would allow for 
> 1) better HCFS interoperability, because first class GID/UID is critical for certain file systems (GlusterFS, Lustre, and any other file system which uses kernel / FUSE apis for determining identity)
> 2) better enterprise interoperability.  Because of the fact that FreeIPA makes it easy to interop with different identity solutions (like active directory), it would make ambari easier to adopt for various enterprises.
> 3) broadens ambaris scope.  Now ambari could also allow people to setup the users of their clusters, and at least some of the security features of their clusters, all from one interface (no more manual handling of TGTs and such - it could all be done quite easily via the ambari UI which could make calls to underlying FreeIPA clients).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)