10 年前 · 4d4fc0cbb5
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
@@ -43,7 +43,7 @@
 
				     {
			
 
				       "name": "hbase",
			
 
				       "principal": {
			
 
				-        "value": "hdfs@${realm}",
			
 
				+        "value": "hbase@${realm}",
			
 
				         "configuration": "hbase-env/hbase_principal_name"
			
 
				       },
			
 
				       "keytab": {
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
@@ -0,0 +1,63 @@
 
				+{
			
 
				+  "services": [
			
 
				+    {
			
 
				+      "name": "FALCON",
			
 
				+      "identities": [
			
 
				+        {
			
 
				+          "name": "/spnego"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "/smokeuser"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "/hdfs"
			
 
				+        }
			
 
				+      ],
			
 
				+      "configurations": [
			
 
				+        {
			
 
				+          "falcon-startup.properties": {
			
 
				+            "*.falcon.authentication.type": "kerberos",
			
 
				+            "*.falcon.http.authentication.type": "kerberos",
			
 
				+            "*.dfs.namenode.kerberos.principal": "nn/_HOST@${realm}"
			
 
				+          }
			
 
				+        }
			
 
				+      ],
			
 
				+      "components": [
			
 
				+        {
			
 
				+          "name": "FALCON_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "falcon_server",
			
 
				+              "principal": {
			
 
				+                "value": "falcon/${host}@${realm}",
			
 
				+                "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "file": "${keytab_dir}/falcon.service.keytab",
			
 
				+                "owner": {
			
 
				+                  "name": "${falcon-env/falcon_user}",
			
 
				+                  "access": "r"
			
 
				+                },
			
 
				+                "group": {
			
 
				+                  "name": "${cluster-env/user_group}",
			
 
				+                  "access": ""
			
 
				+                },
			
 
				+                "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab"
			
 
				+              }
			
 
				+            },
			
 
				+            {
			
 
				+              "name": "/spnego",
			
 
				+              "principal": {
			
 
				+                "value": "HTTP/${host}@${realm}",
			
 
				+                "configuration": "falcon-startup.properties/oozie.authentication.kerberos.principal"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "configuration": "falcon-startup.properties/oozie.authentication.kerberos.keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        }
			
 
				+      ]
			
 
				+    }
			
 
				+  ]
			
 
				+}
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
@@ -9,6 +9,9 @@
 
				         {
			
 
				           "name": "/hdfs"
			
 
				         },
			
 
				+        {
			
 
				+          "name": "/hbase"
			
 
				+        },
			
 
				         {
			
 
				           "name": "/smokeuser"
			
 
				         }
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
@@ -17,6 +17,12 @@
 
				             "hive.security.authorization.enabled": "true",
			
 
				             "hive.server2.authentication": "KERBEROS"
			
 
				           }
			
 
				+        },
			
 
				+        {
			
 
				+          "webhcat-site": {
			
 
				+            "templeton.kerberos.secret": "secret",
			
 
				+            "templeton.hive.properties": "hive.metastore.local=false,hive.metastore.uris=thrift://${host}:9083,hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,hive.metastore.warehouse.dir=/apps/hive/warehouse,hive.exec.mode.local.auto=false,hive.metastore.kerberos.principal=hive/_HOST@${realm}"
			
 
				+          }
			
 
				         }
			
 
				       ],
			
 
				       "components": [
			
@@ -76,6 +82,21 @@
 
				               }
			
 
				             }
			
 
				           ]
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "WEBHCAT_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "/spnego",
			
 
				+              "principal": {
			
 
				+                "value": "HTTP/${host}@${realm}",
			
 
				+                "configuration": "webhcat-site/templeton.kerberos.principal"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "configuration": "webhcat-site/templeton.kerberos.keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				         }
			
 
				       ]
			
 
				     }
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
@@ -0,0 +1,64 @@
 
				+{
			
 
				+  "services": [
			
 
				+    {
			
 
				+      "name": "OOZIE",
			
 
				+      "identities": [
			
 
				+        {
			
 
				+          "name": "/spnego"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "/smokeuser"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "/hdfs"
			
 
				+        }
			
 
				+      ],
			
 
				+      "configurations": [
			
 
				+        {
			
 
				+          "oozie-site": {
			
 
				+            "oozie.authentication.type": "kerberos",
			
 
				+            "oozie.service.AuthorizationService.authorization.enabled": "true",
			
 
				+            "oozie.service.HadoopAccessorService.kerberos.enabled": "true",
			
 
				+            "local.realm": "${realm}",
			
 
				+            "oozie.authentication.kerberos.name.rules": "RULE:[2:$1@$0]([jt]t@.*${realm})s/.*/mapred/\nRULE:[2:$1@$0]([nd]n@.*${realm})s/.*/hdfs/\nRULE:[2:$1@$0](hm@.*${realm})s/.*/hbase/\nRULE:[2:$1@$0](rs@.*${realm})s/.*/hbase/\nDEFAULT"
			
 
				+          }
			
 
				+        }
			
 
				+      ],
			
 
				+      "components": [
			
 
				+        {
			
 
				+          "name": "OOZIE_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "oozie_server",
			
 
				+              "principal": {
			
 
				+                "value": "oozie/_HOST@${realm}",
			
 
				+                "configuration": "oozie-site/oozie.service.HadoopAccessorService.kerberos.principal"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "file": "${keytab_dir}/oozie.service.keytab",
			
 
				+                "owner": {
			
 
				+                  "name": "${oozie-env/oozie_user}",
			
 
				+                  "access": "r"
			
 
				+                },
			
 
				+                "group": {
			
 
				+                  "name": "${cluster-env/user_group}",
			
 
				+                  "access": ""
			
 
				+                },
			
 
				+                "configuration": "oozie-site/oozie.service.HadoopAccessorService.keytab.file"
			
 
				+              }
			
 
				+            },
			
 
				+            {
			
 
				+              "name": "/spnego",
			
 
				+              "principal": {
			
 
				+                "configuration": "oozie-site/oozie.authentication.kerberos.principal"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "configuration": "oozie-site/oozie.authentication.kerberos.keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        }
			
 
				+      ]
			
 
				+    }
			
 
				+  ]
			
 
				+}
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
@@ -0,0 +1,98 @@
 
				+{
			
 
				+  "services": [
			
 
				+    {
			
 
				+      "name": "STORM",
			
 
				+      "identities": [
			
 
				+        {
			
 
				+          "name": "/spnego"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "/smokeuser"
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "storm_components",
			
 
				+          "principal": {
			
 
				+            "value": "storm/_HOST@${realm}",
			
 
				+            "configuration": "storm-env/storm_principal_name"
			
 
				+          },
			
 
				+          "keytab": {
			
 
				+            "file": "${keytab_dir}/storm.service.keytab",
			
 
				+            "owner": {
			
 
				+              "name": "${storm-env/storm_user}",
			
 
				+              "access": "r"
			
 
				+            },
			
 
				+            "group": {
			
 
				+              "name": "${cluster-env/user_group}",
			
 
				+              "access": ""
			
 
				+            },
			
 
				+            "configuration": "storm-env/storm_keytab"
			
 
				+          }
			
 
				+        }
			
 
				+      ],
			
 
				+      "components": [
			
 
				+        {
			
 
				+          "name": "STORM_UI_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "/spnego",
			
 
				+              "principal": {
			
 
				+                "configuration": "storm-env/storm_ui_principal_name"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "configuration": "storm-env/storm_ui_keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "NIMBUS",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "nimbus_server",
			
 
				+              "principal": {
			
 
				+                "value": "nimbus/_HOST@${realm}",
			
 
				+                "configuration": "storm-env/nimbus_principal_name"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "file": "${keytab_dir}/nimbus.service.keytab",
			
 
				+                "owner": {
			
 
				+                  "name": "${storm-env/storm_user}",
			
 
				+                  "access": "r"
			
 
				+                },
			
 
				+                "group": {
			
 
				+                  "name": "${cluster-env/user_group}",
			
 
				+                  "access": ""
			
 
				+                },
			
 
				+                "configuration": "storm-env/nimbus_keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        },
			
 
				+        {
			
 
				+          "name": "DRPC_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "nimbus_server",
			
 
				+              "principal": {
			
 
				+                "value": "nimbus/_HOST@${realm}",
			
 
				+                "configuration": "storm-env/nimbus_principal_name"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "file": "${keytab_dir}/nimbus.service.keytab",
			
 
				+                "owner": {
			
 
				+                  "name": "${storm-env/storm_user}",
			
 
				+                  "access": "r"
			
 
				+                },
			
 
				+                "group": {
			
 
				+                  "name": "${cluster-env/user_group}",
			
 
				+                  "access": ""
			
 
				+                },
			
 
				+                "configuration": "storm-env/nimbus_keytab"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        }
			
 
				+      ]
			
 
				+    }
			
 
				+  ]
			
 
				+}
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
@@ -65,10 +65,10 @@
 
				             {
			
 
				               "name": "/spnego",
			
 
				               "principal": {
			
 
				-                "configuration": "yarn.nodemanager.webapp.spnego-principal"
			
 
				+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal"
			
 
				               },
			
 
				               "keytab": {
			
 
				-                "configuration": "yarn.nodemanager.webapp.spnego-keytab-file"
			
 
				+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file"
			
 
				               }
			
 
				             }
			
 
				           ],
			
@@ -120,10 +120,10 @@
 
				             {
			
 
				               "name": "/spnego",
			
 
				               "principal": {
			
 
				-                "configuration": "yarn.resourcemanager.webapp.spnego-principal"
			
 
				+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal"
			
 
				               },
			
 
				               "keytab": {
			
 
				-                "configuration": "yarn.resourcemanager.webapp.spnego-keytab-file"
			
 
				+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file"
			
 
				               }
			
 
				             }
			
 
				           ]
			
@@ -170,10 +170,10 @@
 
				             {
			
 
				               "name": "/spnego",
			
 
				               "principal": {
			
 
				-                "configuration": "yarn.timeline-service.http-authentication.kerberos.principal"
			
 
				+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal"
			
 
				               },
			
 
				               "keytab": {
			
 
				-                "configuration": "yarn.timeline-service.http-authentication.kerberos.keytab"
			
 
				+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab"
			
 
				               }
			
 
				             }
			
 
				           ]
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
@@ -0,0 +1,38 @@
 
				+{
			
 
				+  "services": [
			
 
				+    {
			
 
				+      "name": "ZOOKEEPER",
			
 
				+      "identities": [
			
 
				+        {
			
 
				+          "name": "/smokeuser"
			
 
				+        }
			
 
				+      ],
			
 
				+      "components": [
			
 
				+        {
			
 
				+          "name": "ZOOKEEPER_SERVER",
			
 
				+          "identities": [
			
 
				+            {
			
 
				+              "name": "zookeeper_zk",
			
 
				+              "principal": {
			
 
				+                "value": "zk/_HOST@${realm}",
			
 
				+                "configuration": "zookeeper-env/zookeeper_principal_name"
			
 
				+              },
			
 
				+              "keytab": {
			
 
				+                "file": "${keytab_dir}/zk.service.keytab",
			
 
				+                "owner": {
			
 
				+                  "name": "${zookeeper-env/zk_user}",
			
 
				+                  "access": "r"
			
 
				+                },
			
 
				+                "group": {
			
 
				+                  "name": "${cluster-env/user_group}",
			
 
				+                  "access": ""
			
 
				+                },
			
 
				+                "configuration": "zookeeper-env/zookeeper_keytab_path"
			
 
				+              }
			
 
				+            }
			
 
				+          ]
			
 
				+        }
			
 
				+      ]
			
 
				+    }
			
 
				+  ]
			
 
				+}