forked from cloudera/cm_ext
-
Notifications
You must be signed in to change notification settings - Fork 0
Configuring Kerberos Principals
Paolo Milani edited this page Jun 24, 2016
·
3 revisions
It is possible to customize the kerberos principals to use in a CSD service. For an example see also the CSD descriptor for Accumulo.
- Define the value for
${principal}; this is done by adding the principal field in runAs (top-level) - Within the roles definitions: add in the role definition kerberosPrincipals ([http://github.mtv.cloudera.com/Starship/cm_ext/wiki/Service-Descriptor-Language-Reference#kerberosprincipals])
- In a role with kerberos principals, configure in its configWriter the generators by adding kerberosPrincipal as needed: this will generate the desired property containing the principal
This is an extract of the Accumulo CSD showing just the relevant parts mentioned above
{
"name" : "ACCUMULO"
...
"runAs" : {
"user" : "accumulo",
"group" : "accumulo",
"principal" : "accumulo"
}
...
"roles" : [
{
"name" : "ACCUMULO_MASTER",
...
"kerberosPrincipals" : [
{"name" : "accumulo_principal", "primary" : "${principal}", "instance" : "${host}"}
],
"configWriter" : {
"generators" : [
{
"filename" : "accumulo-site.xml",
"configFormat" : "hadoop_xml",
"kerberosPrincipals" : [
{ "principalName" : "accumulo_principal", "propertyName" : "general.kerberos.principal", "instanceWildcard" : "_HOST"}
],
"includedParams" : ["accumulo_instance_secret", "accumulo_hdfs_dir", "master_port_client", "monitor_port_client", "tserver_port_client", "table_file_replication"]
}
]
},
.... ]