Skip to content

Instantly share code, notes, and snippets.

@zeroflag

zeroflag/gist:c9d04235ead4d2594eff7bee4279f2f7

Created April 11, 2017 12:09
Show Gist options
  • Save zeroflag/c9d04235ead4d2594eff7bee4279f2f7 to your computer and use it in GitHub Desktop.
Save zeroflag/c9d04235ead4d2594eff7bee4279f2f7 to your computer and use it in GitHub Desktop.
Download ZIP
ambari-kerb-enable-requests
Raw
gistfile1.txt
GET http://c6401.ambari.apache.org:8080/api/v1/stacks/HDP/versions/2.6/services?StackServices/service_name.in(KERBEROS)&fields=configurations/*,configurations/dependencies/*,StackServices/config_types/*&_=1491911033172
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/configurations?type.in(cluster-env,core-site)&_=1491911033173
POST http://c6401.ambari.apache.org:8080/api/v1/stacks/HDP/versions/2.6/recommendations
{"recommend":"configurations","hosts":["c6401.ambari.apache.org","c6402.ambari.apache.org","c6403.ambari.apache.org"],"services":["HDFS","YARN","MAPREDUCE2","ZOOKEEPER"],"recommendations":{"blueprint":{"host_groups":[{"name":"host-group-1","components":[{"name":"HDFS_CLIENT"},{"name":"HISTORYSERVER"},{"name":"NAMENODE"},{"name":"RESOURCEMANAGER"},{"name":"SECONDARY_NAMENODE"},{"name":"ZOOKEEPER_SERVER"}]},{"name":"host-group-2","components":[{"name":"APP_TIMELINE_SERVER"},{"name":"ZOOKEEPER_SERVER"}]},{"name":"host-group-3","components":[{"name":"HDFS_CLIENT"},{"name":"MAPREDUCE2_CLIENT"},{"name":"YARN_CLIENT"},{"name":"ZOOKEEPER_CLIENT"},{"name":"DATANODE"},{"name":"NODEMANAGER"},{"name":"ZOOKEEPER_SERVER"}]}],"configurations":{"krb5-conf":{"properties":{"admin_principal":"","admin_password":"","conf_dir":"/etc","content":"\n[libdefaults]\n renew_lifetime :(unable to decode value)
kdc check
GET http://c6401.ambari.apache.org:8080/api/v1/kdc_check/c6401.ambari.apache.org?_=1491911033259
response: REACHABLE
DELETE http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services/KERBEROS
POST http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services
{"ServiceInfo": { "service_name": "KERBEROS"}}:
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1491911562447
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/components/?ServiceComponentInfo/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo/category=MASTER&fields=ServiceComponentInfo/service_name,host_components/HostRoles/display_name,host_components/HostRoles/host_name,host_components/HostRoles/public_host_name,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/stale_configs,host_components/HostRoles/ha_state,host_components/HostRoles/desired_admin_state,,host_components/metrics/jvm/memHeapUsedM,host_components/metrics/jvm/HeapMemoryMax,host_components/metrics/jvm/HeapMemoryUsed,host_components/metrics/jvm/memHeapCommittedM,host_components/metrics/mapred/jobtracker/trackers_decommissioned,host_components/metrics/cpu/cpu_wio,host_components/metrics/rpc/client/RpcQueueTime_avg_time,host_components/metrics/dfs/FSNamesystem/*,host_components/metrics/dfs/namenode/Version,host_components/metrics/dfs/namenode/LiveNodes,host_components/metrics/dfs/namenode/DeadNodes,host_components/metrics/dfs/namenode/DecomNodes,host_components/metrics/dfs/namenode/TotalFiles,host_components/metrics/dfs/namenode/UpgradeFinalized,host_components/metrics/dfs/namenode/Safemode,host_components/metrics/runtime/StartTime,host_components/metrics/yarn/Queue,host_components/metrics/yarn/ClusterMetrics/NumActiveNMs,host_components/metrics/yarn/ClusterMetrics/NumLostNMs,host_components/metrics/yarn/ClusterMetrics/NumUnhealthyNMs,host_components/metrics/yarn/ClusterMetrics/NumRebootedNMs,host_components/metrics/yarn/ClusterMetrics/NumDecommissionedNMs&minimal_response=true&_=1491911562557
install kerberos client
POST http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services?ServiceInfo/service_name=KERBEROS
{"components":[{"ServiceComponentInfo":{"component_name":"KERBEROS_CLIENT"}}]}
POST http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/hosts
{"RequestInfo":{"query":"Hosts/host_name:c6401.ambari.apache.org|Hosts/host_name=c6402.ambari.apache.org|Hosts/host_name=c6403.ambari.apache.org"},"Body":{"host_components":[{"HostRoles":{"component_name":"KERBEROS_CLIENT"}}]}}
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc
[{"Clusters":{"desired_config":[{"type":"kerberos-env","tag":"version1491911563073","properties":{"ad_create_attributes_template":"\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_name\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}","admin_server_host":"c6401.ambari.apache.org","case_insensitive_username_rules":"false","container_dn":"","create_ambari_principal":"true","encryption_types":"aes des3-cbc-sha1 rc4 des-cbc-md5","executable_search_paths":"/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin","group":"ambari-managed-principals","install_packages":"true","kdc_create_attributes":"","kdc_hosts":"c6401.ambari.apache.org","kdc_type":"mit-kdc","ldap_url":"","manage_auth_to_local":"true","manage_identities":"true","password_chat_timeout":"5","password_length":"20","password_min_digits":"1","password_min_lowercase_letters":"1","password_min_punctuation":"1","password_min_uppercase_letters":"1","password_min_whitespace":"0","realm":"EXAMPLE.COM","service_check_principal_name":"${cluster_name|toLower()}-${short_date}","set_password_expiry":"false"},"service_config_version_note":"This is the initial configuration created by Enable Kerberos wizard."},{"type":"krb5-conf","tag":"version1491911563073","properties":{"conf_dir":"/etc","content":"\n[libdefaults]\n renew_lifetime :(unable to decode value)
kdc admin credentials
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/credentials/kdc.admin.credential
{"Credential":{"principal":"admin/admin","key":"admin","type":"temporary"}}:
GET http://c6401.ambari.apache.org:8080/api/v1/persist/KerberosWizard__serviceConfigProperties?_=1491911033280
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services/KERBEROS/components/KERBEROS_CLIENT?fields=ServiceComponentInfo/state&_=1491911033281
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services?ServiceInfo/state=INSTALLED&ServiceInfo/service_name=KERBEROS
{"RequestInfo":{"context":"Install Kerberos Service","operation_level":{"level":"CLUSTER","cluster_name":"cc"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}:
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/requests/13?fields=*,tasks/Tasks/request_id,tasks/Tasks/command,tasks/Tasks/command_detail,tasks/Tasks/host_name,tasks/Tasks/id,tasks/Tasks/role,tasks/Tasks/status&minimal_response=true&_=1491911033282
POST http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/requests
{"RequestInfo":{"context":"Kerberos Service Check","command":"KERBEROS_SERVICE_CHECK","operation_level":{"level":"CLUSTER","cluster_name":"cc"}},"Requests/resource_filters":[{"service_name":"KERBEROS"}]}:
GET http://c6401.ambari.apache.org:8080/api/v1/persist/KerberosWizard__serviceConfigProperties?_=1491911033466
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/kerberos_descriptors/COMPOSITE?evaluate_when=true&_=1491911033467
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc?fields=Clusters/desired_configs&_=1491911033468
GET http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/configurations?(type=capacity-scheduler&tag=version1)|(type=cluster-env&tag=version1)|(type=core-site&tag=version1)|(type=hadoop-env&tag=version1)|(type=hadoop-metrics2.properties&tag=version1)|(type=hadoop-policy&tag=version1)|(type=hdfs-log4j&tag=version1)|(type=hdfs-logsearch-conf&tag=version1)|(type=hdfs-site&tag=version1)|(type=kerberos-env&tag=version1491911977501)|(type=krb5-conf&tag=version1491911977501)|(type=mapred-env&tag=version1)|(type=mapred-logsearch-conf&tag=version1)|(type=mapred-site&tag=version1)|(type=ranger-hdfs-audit&tag=version1)|(type=ranger-hdfs-plugin-properties&tag=version1)|(type=ranger-hdfs-policymgr-ssl&tag=version1)|(type=ranger-hdfs-security&tag=version1)|(type=ranger-yarn-audit&tag=version1)|(type=ranger-yarn-plugin-properties&tag=version1)|(type=ranger-yarn-policymgr-ssl&tag=version1)|(type=ranger-yarn-security&tag=version1)|(type=ssl-client&tag=version1)|(type=ssl-server&tag=version1)|(type=yarn-env&tag=version1)|(type=yarn-log4j&tag=version1)|(type=yarn-logsearch-conf&tag=version1)|(type=yarn-site&tag=version1491224979696)|(type=zoo.cfg&tag=version1)|(type=zookeeper-env&tag=version1)|(type=zookeeper-log4j&tag=version1)|(type=zookeeper-logsearch-conf&tag=version1)&_=1491911033469
POST http://c6401.ambari.apache.org:8080/api/v1/stacks/HDP/versions/2.6/recommendations
{"recommend":"configurations","hosts":["c6401.ambari.apache.org","c6402.ambari.apache.org","c6403.ambari.apache.org"],"services":["HDFS","YARN","MAPREDUCE2","ZOOKEEPER"],"recommendations":{"blueprint":{"host_groups":[{"name":"host-group-1","components":[{"name":"HDFS_CLIENT"},{"name":"HISTORYSERVER"},{"name":"NAMENODE"},{"name":"RESOURCEMANAGER"},{"name":"SECONDARY_NAMENODE"},{"name":"ZOOKEEPER_SERVER"}]},{"name":"host-group-2","components":[{"name":"APP_TIMELINE_SERVER"},{"name":"ZOOKEEPER_SERVER"}]},{"name":"host-group-3","components":[{"name":"HDFS_CLIENT"},{"name":"MAPREDUCE2_CLIENT"},{"name":"YARN_CLIENT"},{"name":"ZOOKEEPER_CLIENT"},{"name":"DATANODE"},{"name":"NODEMANAGER"},{"name":"ZOOKEEPER_SERVER"}]}],"configurations":{"capacity-scheduler":{"properties":{"capacity-scheduler":"null","yarn.scheduler.capacity.default.minimum-user-limit-percent":"100","yarn.scheduler.capacity.maximum-am-resource-percent":"0.2","yarn.scheduler.capacity.maximum-applications":"10000","yarn.scheduler.capacity.node-locality-delay":"40","yarn.scheduler.capacity.resource-calculator":"org.apache.hadoop.yarn.util.resource.DefaultResourceCalculator","yarn.scheduler.capacity.root.accessible-node-labels":"*","yarn.scheduler.capacity.root.acl_administer_queue":"${yarn-env/yarn_user}","yarn.scheduler.capacity.root.capacity":"100","yarn.scheduler.capacity.root.default.acl_administer_jobs":"${yarn-env/yarn_user}","yarn.scheduler.capacity.root.default.acl_submit_applications":"${yarn-env/yarn_user}","yarn.scheduler.capacity.root.default.capacity":"100","yarn.scheduler.capacity.root.default.maximum-capacity":"100","yarn.scheduler.capacity.root.default.state":"RUNNING","yarn.scheduler.capacity.root.default.user-limit-factor":"1","yarn.scheduler.capacity.root.queues":"default","yarn.scheduler.capacity.root.acl_administer_jobs":"${yarn-env/yarn_user}","yarn.scheduler.capacity.root.default.acl_administer_queue":"${yarn-env/yarn_user}"}},"cluster-env":{"properties":{"agent_mounts_ignore_list":"","alerts_repeat_tolerance":"1","enable_external_ranger":"false","fetch_nonlocal_groups":"true","hide_yarn_memory_widget":"false","ignore_bad_mounts":"false","ignore_groupsusers_create":"false","kerberos_domain":"EXAMPLE.COM","manage_dirs_on_root":"true","managed_hdfs_resource_property_names":"","one_dir_per_partition":"false","override_uid":"true","recovery_enabled":"true","recovery_lifetime_max_count":"1024","recovery_max_count":"6","recovery_retry_interval":"5","recovery_type":"AUTO_START","recovery_window_in_minutes":"60","repo_suse_rhel_template":"[{{repo_id}}]\nname:(unable to decode value)
(empty)
[ \"$EUID\" -eq 0 ] :
(empty)
(unable to decode value)(unable to decode value)
GET http://c6401.ambari.apache.org:8080/api/v1/clusters?fields=Clusters/provisioning_state,Clusters/security_type&_=1491911033470
POST http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/artifacts/kerberos_descriptor
{"artifact_data":{"identities":[{"keytab":{"configuration":"cluster-env/smokeuser_keytab","file":"${keytab_dir}/smokeuser.headless.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${cluster-env/smokeuser}"}},"name":"smokeuser","principal":{"configuration":"cluster-env/smokeuser_principal_name","local_username":"${cluster-env/smokeuser}","type":"user","value":"${cluster-env/smokeuser}${principal_suffix}@${realm}"},"referencePath":"smokeuser"},{"keytab":{"file":"${keytab_dir}/spnego.service.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"root"}},"name":"spnego","principal":{"configuration":null,"local_username":null,"type":"service","value":"HTTP/_HOST@${realm}"},"referencePath":"spnego"}],"services":[{"components":[{"name":"ACCUMULO_CLIENT"},{"name":"ACCUMULO_GC"},{"identities":[{"name":"/HDFS/NAMENODE/hdfs","referencePath":"ACCUMULO/ACCUMULO_MASTER//HDFS/NAMENODE/hdfs"}],"name":"ACCUMULO_MASTER"},{"name":"ACCUMULO_MONITOR"},{"name":"ACCUMULO_TRACER"},{"name":"ACCUMULO_TSERVER"}],"configurations":[{"accumulo-site":{"general.delegation.token.lifetime":"7d","general.delegation.token.update.interval":"1d","instance.rpc.sasl.enabled":"true","instance.security.authenticator":"org.apache.accumulo.server.security.handler.KerberosAuthenticator","instance.security.authorizor":"org.apache.accumulo.server.security.handler.KerberosAuthorizor","instance.security.permissionHandler":"org.apache.accumulo.server.security.handler.KerberosPermissionHandler","trace.token.type":"org.apache.accumulo.core.client.security.tokens.KerberosToken"}},{"client":{"kerberos.server.primary":"{{bare_accumulo_principal}}"}}],"identities":[{"name":"/smokeuser","referencePath":"ACCUMULO//smokeuser"},{"keytab":{"configuration":"accumulo-env/accumulo_user_keytab","file":"${keytab_dir}/accumulo.headless.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${accumulo-env/accumulo_user}"}},"name":"accumulo","principal":{"configuration":"accumulo-env/accumulo_principal_name","local_username":"${accumulo-env/accumulo_user}","type":"user","value":"${accumulo-env/accumulo_user}${principal_suffix}@${realm}"},"referencePath":"ACCUMULO/accumulo"},{"keytab":{"configuration":"accumulo-site/general.kerberos.keytab","file":"${keytab_dir}/accumulo.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${accumulo-env/accumulo_user}"}},"name":"accumulo_service","principal":{"configuration":"accumulo-site/general.kerberos.principal","local_username":"${accumulo-env/accumulo_user}","type":"service","value":"${accumulo-env/accumulo_user}/_HOST@${realm}"},"referencePath":"ACCUMULO/accumulo_service"},{"keytab":{"configuration":"accumulo-site/trace.token.property.keytab","file":"${keytab_dir}/accumulo-tracer.headless.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${accumulo-env/accumulo_user}"}},"name":"accumulo_tracer","principal":{"configuration":"accumulo-site/trace.user","local_username":"${accumulo-env/accumulo_user}","type":"user","value":"tracer${principal_suffix}@${realm}"},"referencePath":"ACCUMULO/accumulo_tracer"}],"name":"ACCUMULO"},{"components":[{"identities":[{"keytab":{"file":"${keytab_dir}/ambari.server.keytab","group":{},"owner":{"access":"r"}},"name":"ambari-server","principal":{"configuration":"cluster-env/ambari_principal_name","local_username":null,"type":"user","value":"ambari-server${principal_suffix}@${realm}"},"referencePath":"AMBARI/AMBARI_SERVER/ambari-server"},{"name":"ambari-server_spnego","reference":"/spnego","referencePath":"AMBARI/AMBARI_SERVER/ambari-server_spnego"}],"name":"AMBARI_SERVER"}],"name":"AMBARI"},{"components":[{"identities":[{"keytab":{"configuration":"infra-solr-env/infra_solr_kerberos_keytab","file":"${keytab_dir}/ambari-infra-solr.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${infra-solr-env/infra_solr_user}"}},"name":"infra-solr","principal":{"configuration":"infra-solr-env/infra_solr_kerberos_principal","local_username":null,"type":"service","value":"infra-solr/_HOST@${realm}"},"referencePath":"AMBARI_INFRA/INFRA_SOLR/infra-solr"}],"name":"INFRA_SOLR"},{"name":"INFRA_SOLR_CLIENT"}],"identities":[{"name":"/smokeuser","referencePath":"AMBARI_INFRA//smokeuser"},{"keytab":{"configuration":"infra-solr-env/infra_solr_web_kerberos_keytab","file":null},"name":"/spnego","principal":{"configuration":"infra-solr-env/infra_solr_web_kerberos_principal","local_username":null,"type":null,"value":null},"referencePath":"AMBARI_INFRA//spnego"}],"name":"AMBARI_INFRA"},{"components":[{"configurations":[{"ams-hbase-security-site":{"hadoop.security.authentication":"kerberos","hbase.coprocessor.master.classes":"org.apache.hadoop.hbase.security.access.AccessController","hbase.coprocessor.region.classes":"org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController","hbase.security.authentication":"kerberos","hbase.security.authorization":"true","hbase.zookeeper.property.authProvider.1":"org.apache.zookeeper.server.auth.SASLAuthenticationProvider","hbase.zookeeper.property.jaasLoginRenew":"3600000","hbase.zookeeper.property.kerberos.removeHostFromPrincipal":"true","hbase.zookeeper.property.kerberos.removeRealmFromPrincipal":"true"}},{"ams-hbase-site":{"zookeeper.znode.parent":"/ams-hbase-secure"}}],"identities":[{"name":"/HDFS/NAMENODE/hdfs","when":{"contains":["services","HDFS"]},"referencePath":"AMBARI_METRICS/METRICS_COLLECTOR//HDFS/NAMENODE/hdfs"},{"keytab":{"configuration":"ams-hbase-security-site/hbase.myclient.keytab","file":"${keytab_dir}/ams.collector.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${ams-env/ambari_metrics_user}"}},"name":"ams_collector","principal":{"configuration":"ams-hbase-security-site/hbase.myclient.principal","local_username":"${ams-env/ambari_metrics_user}","type":"service","value":"amshbase/_HOST@${realm}"},"referencePath":"AMBARI_METRICS/METRICS_COLLECTOR/ams_collector"},{"keytab":{"configuration":"ams-hbase-security-site/hbase.master.keytab.file","file":"${keytab_dir}/ams-hbase.master.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${ams-env/ambari_metrics_user}"}},"name":"ams_hbase_master_hbase","principal":{"configuration":"ams-hbase-security-site/hbase.master.kerberos.principal","local_username":"${ams-env/ambari_metrics_user}","type":"service","value":"amshbase/_HOST@${realm}"},"referencePath":"AMBARI_METRICS/METRICS_COLLECTOR/ams_hbase_master_hbase"},{"keytab":{"configuration":"ams-hbase-security-site/hbase.regionserver.keytab.file","file":"${keytab_dir}/ams-hbase.regionserver.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${ams-env/ambari_metrics_user}"}},"name":"ams_hbase_regionserver_hbase","principal":{"configuration":"ams-hbase-security-site/hbase.regionserver.kerberos.principal","local_username":"${ams-env/ambari_metrics_user}","type":"service","value":"amshbase/_HOST@${realm}"},"referencePath":"AMBARI_METRICS/METRICS_COLLECTOR/ams_hbase_regionserver_hbase"},{"keytab":{"configuration":"ams-hbase-security-site/ams.zookeeper.keytab","file":"${keytab_dir}/ams-zk.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${ams-env/ambari_metrics_user}"}},"name":"ams_zookeeper","principal":{"configuration":"ams-hbase-security-site/ams.zookeeper.principal","local_username":"${ams-env/ambari_metrics_user}","type":"service","value":"amszk/_HOST@${realm}"},"referencePath":"AMBARI_METRICS/METRICS_COLLECTOR/ams_zookeeper"}],"name":"METRICS_COLLECTOR"}],"identities":[{"name":"/spnego","referencePath":"AMBARI_METRICS//spnego"}],"name":"AMBARI_METRICS"},{"auth_to_local_properties":["application-properties/atlas.authentication.method.kerberos.name.rules|new_lines_escaped"],"components":[{"identities":[{"name":"/AMBARI_INFRA/INFRA_SOLR/infra-solr","referencePath":"ATLAS/ATLAS_SERVER//AMBARI_INFRA/INFRA_SOLR/infra-solr"},{"name":"/KAFKA/KAFKA_BROKER/kafka_broker","referencePath":"ATLAS/ATLAS_SERVER//KAFKA/KAFKA_BROKER/kafka_broker"},{"keytab":{"configuration":"application-properties/atlas.authentication.method.kerberos.keytab","file":null},"name":"/spnego","principal":{"configuration":"application-properties/atlas.authentication.method.kerberos.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"ATLAS/ATLAS_SERVER//spnego"},{"keytab":{"configuration":"application-properties/atlas.jaas.KafkaClient.option.keyTab","file":"${keytab_dir}/atlas.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${atlas-env/metadata_user}"}},"name":"atlas","principal":{"configuration":"application-properties/atlas.jaas.KafkaClient.option.principal","local_username":"${atlas-env/metadata_user}","type":"service","value":"atlas/_HOST@${realm}"},"referencePath":"ATLAS/ATLAS_SERVER/atlas"},{"keytab":{"configuration":"application-properties/atlas.authentication.keytab","file":null},"name":"atlas_auth","principal":{"configuration":"application-properties/atlas.authentication.principal","local_username":null,"type":null,"value":null},"reference":"/ATLAS/ATLAS_SERVER/atlas","referencePath":"ATLAS/ATLAS_SERVER/atlas_auth"},{"keytab":{"configuration":"ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab","file":null},"name":"ranger_atlas_audit","principal":{"configuration":"ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal","local_username":null,"type":null,"value":null},"reference":"/ATLAS/ATLAS_SERVER/atlas","referencePath":"ATLAS/ATLAS_SERVER/ranger_atlas_audit"}],"name":"ATLAS_SERVER"}],"configurations":[{"application-properties":{"atlas.authentication.method.kerberos":"true","atlas.jaas.KafkaClient.loginModuleControlFlag":"required","atlas.jaas.KafkaClient.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule","atlas.jaas.KafkaClient.option.serviceName":"${kafka-env/kafka_user}","atlas.jaas.KafkaClient.option.storeKey":"true","atlas.jaas.KafkaClient.option.useKeyTab":"true","atlas.kafka.sasl.kerberos.service.name":"${kafka-env/kafka_user}","atlas.kafka.security.protocol":"PLAINTEXTSASL","atlas.server.ha.zookeeper.acl":"auth:","atlas.solr.kerberos.enable":"true"}},{"ranger-atlas-audit":{"xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true","xasecure.audit.jaas.Client.loginModuleControlFlag":"required","xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule","xasecure.audit.jaas.Client.option.serviceName":"solr","xasecure.audit.jaas.Client.option.storeKey":"false","xasecure.audit.jaas.Client.option.useKeyTab":"true"}}],"name":"ATLAS"},{"auth_to_local_properties":["druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped"],"components":[{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_BROKER//druid"}],"name":"DRUID_BROKER"},{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_COORDINATOR//druid"}],"name":"DRUID_COORDINATOR"},{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_HISTORICAL//druid"}],"name":"DRUID_HISTORICAL"},{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_MIDDLEMANAGER//druid"}],"name":"DRUID_MIDDLEMANAGER"},{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_OVERLORD//druid"}],"name":"DRUID_OVERLORD"},{"identities":[{"name":"/druid","referencePath":"DRUID/DRUID_SUPERSET//druid"}],"name":"DRUID_SUPERSET"}],"configurations":[{"druid-common":{"druid.hadoop.security.spnego.excludedPaths":"[\"/status\"]","druid.security.extensions.loadList":"[\"druid-kerberos\"]"}},{"druid-superset":{"ENABLE_KERBEROS_AUTHENTICATION":"True","KERBEROS_REINIT_TIME_SEC":"3600"}}],"identities":[{"name":"/smokeuser","referencePath":"DRUID//smokeuser"},{"keytab":{"configuration":"druid-common/druid.hadoop.security.spnego.keytab","file":null},"name":"/spnego","principal":{"configuration":"druid-common/druid.hadoop.security.spnego.principal","local_username":null,"type":null,"value":null},"referencePath":"DRUID//spnego"},{"keytab":{"configuration":"druid-common/druid.hadoop.security.kerberos.keytab","file":"${keytab_dir}/druid.headless.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${druid-env/druid_user}"}},"name":"druid","principal":{"configuration":"druid-common/druid.hadoop.security.kerberos.principal","local_username":"${druid-env/druid_user}","type":"user","value":"${druid-env/druid_user}@${realm}"},"referencePath":"DRUID/druid"},{"keytab":{"configuration":"druid-superset/KERBEROS_KEYTAB","file":"${keytab_dir}/superset.headless.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${druid-env/druid_user}"}},"name":"superset","principal":{"configuration":"druid-superset/KERBEROS_PRINCIPAL","local_username":"${druid-env/druid_user}","type":"user","value":"${druid-env/druid_user}@${realm}"},"referencePath":"DRUID/superset"}],"name":"DRUID"},{"auth_to_local_properties":["falcon-startup.properties/*.falcon.http.authentication.kerberos.name.rules|new_lines_escaped"],"components":[{"identities":[{"keytab":{"configuration":"falcon-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab","file":null},"name":"/FALCON/FALCON_SERVER/falcon_server","principal":{"configuration":"falcon-atlas-application.properties/atlas.jaas.KafkaClient.option.principal","local_username":null,"type":null,"value":null},"referencePath":"FALCON/FALCON_SERVER//FALCON/FALCON_SERVER/falcon_server"},{"name":"/HDFS/NAMENODE/hdfs","referencePath":"FALCON/FALCON_SERVER//HDFS/NAMENODE/hdfs"},{"keytab":{"configuration":"falcon-startup.properties/*.falcon.http.authentication.kerberos.keytab","file":null},"name":"/spnego","principal":{"configuration":"falcon-startup.properties/*.falcon.http.authentication.kerberos.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"FALCON/FALCON_SERVER//spnego"},{"keytab":{"configuration":"falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab","file":"${keytab_dir}/falcon.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${falcon-env/falcon_user}"}},"name":"falcon_server","principal":{"configuration":"falcon-startup.properties/*.falcon.service.authentication.kerberos.principal","local_username":"${falcon-env/falcon_user}","type":"service","value":"falcon/_HOST@${realm}"},"referencePath":"FALCON/FALCON_SERVER/falcon_server"}],"name":"FALCON_SERVER"}],"configurations":[{"falcon-startup.properties":{"*.dfs.namenode.kerberos.principal":"nn/_HOST@${realm}","*.falcon.authentication.type":"kerberos","*.falcon.http.authentication.type":"kerberos"}}],"identities":[{"name":"/smokeuser","referencePath":"FALCON//smokeuser"},{"name":"/spnego","referencePath":"FALCON//spnego"}],"name":"FALCON"},{"components":[{"configurations":[{"core-site":{"hadoop.proxyuser.flume.groups":"${hadoop-env/proxyuser_group}","hadoop.proxyuser.flume.hosts":"*"}}],"identities":[{"keytab":{"configuration":"flume-env/flume_keytab_path","file":"${keytab_dir}/flume.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${flume-env/flume_user}"}},"name":"flume_principal","principal":{"configuration":"flume-env/flume_principal_name","local_username":"${flume-env/flume_user}","type":"service","value":"${flume-env/flume_user}/_HOST@${realm}"},"referencePath":"FLUME/FLUME_HANDLER/flume_principal"}],"name":"FLUME_HANDLER"}],"name":"FLUME"},{"components":[{"identities":[{"name":"/HDFS/NAMENODE/hdfs","referencePath":"HBASE/HBASE_MASTER//HDFS/NAMENODE/hdfs"},{"keytab":{"configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.keytab","file":null},"name":"/spnego","principal":{"configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.principal","local_username":null,"type":null,"value":null},"referencePath":"HBASE/HBASE_MASTER//spnego"},{"keytab":{"configuration":"hbase-site/hbase.master.keytab.file","file":"${keytab_dir}/hbase.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hbase-env/hbase_user}"}},"name":"hbase_master_hbase","principal":{"configuration":"hbase-site/hbase.master.kerberos.principal","local_username":"${hbase-env/hbase_user}","type":"service","value":"hbase/_HOST@${realm}"},"referencePath":"HBASE/HBASE_MASTER/hbase_master_hbase"},{"keytab":{"configuration":"ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab","file":null},"name":"ranger_hbase_audit","principal":{"configuration":"ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal","local_username":null,"type":null,"value":null},"reference":"/HBASE/HBASE_MASTER/hbase_master_hbase","referencePath":"HBASE/HBASE_MASTER/ranger_hbase_audit"}],"name":"HBASE_MASTER"},{"identities":[{"keytab":{"configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.keytab","file":null},"name":"/spnego","principal":{"configuration":"hbase-site/hbase.security.authentication.spnego.kerberos.principal","local_username":null,"type":null,"value":null},"referencePath":"HBASE/HBASE_REGIONSERVER//spnego"},{"keytab":{"configuration":"hbase-site/hbase.regionserver.keytab.file","file":"${keytab_dir}/hbase.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hbase-env/hbase_user}"}},"name":"hbase_regionserver_hbase","principal":{"configuration":"hbase-site/hbase.regionserver.kerberos.principal","local_username":"${hbase-env/hbase_user}","type":"service","value":"hbase/_HOST@${realm}"},"referencePath":"HBASE/HBASE_REGIONSERVER/hbase_regionserver_hbase"}],"name":"HBASE_REGIONSERVER"},{"identities":[{"keytab":{"configuration":"hbase-site/phoenix.queryserver.keytab.file","file":null},"name":"phoenix_spnego","principal":{"configuration":"hbase-site/phoenix.queryserver.kerberos.principal","local_username":null,"type":null,"value":null},"reference":"/spnego","referencePath":"HBASE/PHOENIX_QUERY_SERVER/phoenix_spnego"}],"name":"PHOENIX_QUERY_SERVER"}],"configurations":[{"hbase-site":{"hbase.bulkload.staging.dir":"/apps/hbase/staging","hbase.coprocessor.master.classes":"{{hbase_coprocessor_master_classes}}","hbase.coprocessor.region.classes":"{{hbase_coprocessor_region_classes}}","hbase.coprocessor.regionserver.classes":"{{hbase_coprocessor_regionserver_classes}}","hbase.master.ui.readonly":"true","hbase.security.authentication":"kerberos","hbase.security.authorization":"true","zookeeper.znode.parent":"/hbase-secure"}},{"ranger-hbase-audit":{"xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true","xasecure.audit.jaas.Client.loginModuleControlFlag":"required","xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule","xasecure.audit.jaas.Client.option.serviceName":"solr","xasecure.audit.jaas.Client.option.storeKey":"false","xasecure.audit.jaas.Client.option.useKeyTab":"true"}}],"identities":[{"name":"/smokeuser","referencePath":"HBASE//smokeuser"},{"name":"/spnego","referencePath":"HBASE//spnego"},{"keytab":{"configuration":"hbase-env/hbase_user_keytab","file":"${keytab_dir}/hbase.headless.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hbase-env/hbase_user}"}},"name":"hbase","principal":{"configuration":"hbase-env/hbase_principal_name","local_username":"${hbase-env/hbase_user}","type":"user","value":"${hbase-env/hbase_user}${principal_suffix}@${realm}"},"referencePath":"HBASE/hbase"}],"name":"HBASE"},{"auth_to_local_properties":["core-site/hadoop.security.auth_to_local"],"components":[{"configurations":[{"hdfs-site":{"dfs.datanode.address":"0.0.0.0:1019","dfs.datanode.http.address":"0.0.0.0:1022"}}],"identities":[{"keytab":{"configuration":"hdfs-site/dfs.datanode.keytab.file","file":"${keytab_dir}/dn.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"datanode_dn","principal":{"configuration":"hdfs-site/dfs.datanode.kerberos.principal","local_username":"${hadoop-env/hdfs_user}","type":"service","value":"dn/_HOST@${realm}"},"referencePath":"HDFS/DATANODE/datanode_dn"}],"name":"DATANODE"},{"identities":[{"name":"/HDFS/NAMENODE/hdfs","referencePath":"HDFS/HDFS_CLIENT//HDFS/NAMENODE/hdfs"}],"name":"HDFS_CLIENT"},{"identities":[{"name":"/spnego","principal":{"configuration":"hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"HDFS/JOURNALNODE//spnego"},{"keytab":{"configuration":"hdfs-site/dfs.journalnode.keytab.file","file":"${keytab_dir}/jn.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"journalnode_jn","principal":{"configuration":"hdfs-site/dfs.journalnode.kerberos.principal","local_username":"${hadoop-env/hdfs_user}","type":"service","value":"jn/_HOST@${realm}"},"referencePath":"HDFS/JOURNALNODE/journalnode_jn"}],"name":"JOURNALNODE"},{"configurations":[{"hdfs-site":{"dfs.block.access.token.enable":"true"}}],"identities":[{"keytab":{"configuration":"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab","file":"${keytab_dir}/nn.service.keytab"},"name":"/HDFS/NAMENODE/namenode_nn","principal":{"configuration":"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal","local_username":null,"type":null,"value":"nn/_HOST@${realm}"},"referencePath":"HDFS/NAMENODE//HDFS/NAMENODE/namenode_nn"},{"name":"/spnego","principal":{"configuration":"hdfs-site/dfs.namenode.kerberos.internal.spnego.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"HDFS/NAMENODE//spnego"},{"keytab":{"configuration":"hadoop-env/hdfs_user_keytab","file":"${keytab_dir}/hdfs.headless.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"hdfs","principal":{"configuration":"hadoop-env/hdfs_principal_name","local_username":"${hadoop-env/hdfs_user}","type":"user","value":"${hadoop-env/hdfs_user}${principal_suffix}@${realm}"},"referencePath":"HDFS/NAMENODE/hdfs"},{"keytab":{"configuration":"hdfs-site/dfs.namenode.keytab.file","file":"${keytab_dir}/nn.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"namenode_nn","principal":{"configuration":"hdfs-site/dfs.namenode.kerberos.principal","local_username":"${hadoop-env/hdfs_user}","type":"service","value":"nn/_HOST@${realm}"},"referencePath":"HDFS/NAMENODE/namenode_nn"}],"name":"NAMENODE"},{"identities":[{"keytab":{"configuration":"hdfs-site/nfs.keytab.file","file":"${keytab_dir}/nfs.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"nfsgateway","principal":{"configuration":"hdfs-site/nfs.kerberos.principal","local_username":"${hadoop-env/hdfs_user}","type":"service","value":"nfs/_HOST@${realm}"},"referencePath":"HDFS/NFS_GATEWAY/nfsgateway"}],"name":"NFS_GATEWAY"},{"identities":[{"name":"/spnego","principal":{"configuration":"hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"HDFS/SECONDARY_NAMENODE//spnego"},{"keytab":{"configuration":"hdfs-site/dfs.secondary.namenode.keytab.file","file":"${keytab_dir}/nn.service.keytab","group":{"access":"","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hadoop-env/hdfs_user}"}},"name":"secondary_namenode_nn","principal":{"configuration":"hdfs-site/dfs.secondary.namenode.kerberos.principal","local_username":"${hadoop-env/hdfs_user}","type":"service","value":"nn/_HOST@${realm}"},"referencePath":"HDFS/SECONDARY_NAMENODE/secondary_namenode_nn"}],"name":"SECONDARY_NAMENODE"}],"configurations":[{"core-site":{"ha.zookeeper.acl":"sasl:nn:rwcda","hadoop.proxyuser.HTTP.groups":"${hadoop-env/proxyuser_group}","hadoop.security.authentication":"kerberos","hadoop.security.authorization":"true"}},{"ranger-hdfs-audit":{"xasecure.audit.destination.solr.force.use.inmemory.jaas.config":"true","xasecure.audit.jaas.Client.loginModuleControlFlag":"required","xasecure.audit.jaas.Client.loginModuleName":"com.sun.security.auth.module.Krb5LoginModule","xasecure.audit.jaas.Client.option.serviceName":"solr","xasecure.audit.jaas.Client.option.storeKey":"false","xasecure.audit.jaas.Client.option.useKeyTab":"true"}}],"identities":[{"name":"/smokeuser","referencePath":"HDFS//smokeuser"},{"keytab":{"configuration":"hdfs-site/dfs.web.authentication.kerberos.keytab","file":"${keytab_dir}/spnego.service.keytab"},"name":"/spnego","principal":{"configuration":"hdfs-site/dfs.web.authentication.kerberos.principal","local_username":null,"type":null,"value":"HTTP/_HOST@${realm}"},"referencePath":"HDFS//spnego"}],"name":"HDFS"},{"components":[{"identities":[{"keytab":{"configuration":"hive-site/hive.metastore.kerberos.keytab.file","file":null},"name":"/HIVE/HIVE_SERVER/hive_server_hive","principal":{"configuration":"hive-site/hive.metastore.kerberos.principal","local_username":null,"type":null,"value":null},"referencePath":"HIVE/HIVE_METASTORE//HIVE/HIVE_SERVER/hive_server_hive"}],"name":"HIVE_METASTORE"},{"identities":[{"name":"/HDFS/NAMENODE/hdfs","referencePath":"HIVE/HIVE_SERVER//HDFS/NAMENODE/hdfs"},{"keytab":{"configuration":"hive-site/hive.server2.authentication.spnego.keytab","file":null},"name":"/spnego","principal":{"configuration":"hive-site/hive.server2.authentication.spnego.principal","local_username":null,"type":null,"value":null},"referencePath":"HIVE/HIVE_SERVER//spnego"},{"keytab":{"configuration":"hive-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab","file":null},"name":"atlas_kafka","principal":{"configuration":"hive-atlas-application.properties/atlas.jaas.KafkaClient.option.principal","local_username":null,"type":null,"value":null},"reference":"/HIVE/HIVE_SERVER/hive_server_hive","referencePath":"HIVE/HIVE_SERVER/atlas_kafka"},{"keytab":{"configuration":"hive-site/hive.server2.authentication.kerberos.keytab","file":"${keytab_dir}/hive.service.keytab","group":{"access":"r","name":"${cluster-env/user_group}"},"owner":{"access":"r","name":"${hive-env/hive_user}"}},"name":"hive_server_hive","principal":{"configuration":"hive-site/hive.server2.authentication.kerberos.principal","local_username":"${hive-env/hive_user}","type":"service","value":"hive/_HOST@${realm}"},"referencePath":"HIVE/HIVE_SERVER/hive_server_hive"},{"keytab":{"configuration":"ranger-hive-audit/xasecure.audit.jaas.Client.option.keyTab","file":null},"name":"ranger_audit","principal":{"configuration":"ranger-hive-audit/xasecure.audit.jaas.Client.option.principal","local_username":null,"type":null,"value":null},"reference":"/HIVE/HIVE_SERVER/hive_server_hive","referencePath":"HIVE/HIVE_SERVER/ranger_audit"}],"name":"HIVE_SERVER"},{"identities":[{"name":"/HDFS/NAMENODE/hdfs","referencePath":"HIVE/HIVE_SERVER_INTERACTIVE//HDFS/NAMENODE/hdfs"},{"name":"/HIVE/HIVE_SERVER/hive_server_hive","referencePath":"HIVE/HIVE_SERVER_INTERACTIVE//HIVE/HIVE_SERVER/hive_server_hive"},{"name":"/HIVE/HIVE_SERVER/spnego","referencePath":"HIVE/HIVE_SERVER_INTERACTIVE//HIVE/HIVE_SERVER/spnego"}],"name":"HIVE_SERVER_INTERACTIVE"},{"configurations":[{"core-site":{"hadoop.proxyuser.HTTP.hosts":"${clusterHostInfo/webhcat_server_host|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}"}},{"webhcat-site":{"templeton.hive.properties":"hive.metastore.local:(unable to decode value)
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc
{"Clusters":{"security_type":"NONE"}}:
GET http://c6401.ambari.apache.org:8080/api/v1/persist/KerberosWizard__serviceConfigProperties?_=1491911033501
stop services
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services?
{"RequestInfo":{"context":"Stop services","operation_level":{"level":"CLUSTER","cluster_name":"cc"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}:
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc
{"Clusters":{"security_type":"KERBEROS"}}:
PUT http://c6401.ambari.apache.org:8080/api/v1/clusters/cc/services?params/run_smoke_test=true
{"RequestInfo":{"context":"Start services","operation_level":{"level":"CLUSTER","cluster_name":"cc"}},"Body":{"ServiceInfo":{"state":"STARTED"}}}:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment