-
Notifications
You must be signed in to change notification settings - Fork 9
Kerberos installation procedure explained
The Ansible scripts that DP2 uses to boostrap Kerberos on the CDH cluster we are using, are loosely based on two things:
- The official documentation on Cloudera Kerberos manual
- An open-source script for bootstraping the CDH cluster found here
There are three main steps:
The Ansible file can be found here.
It creates the the Kerberos server machine, installing the appropriate packages and creating configuration files from templates. After that, it creates the initial users.
The Ansible file can be found here.
It installs the client libraries on every machine and creates the krb5.conf file that is used by applications to get the Kerberos setting in a given environment.
The Ansible file can be found here.
Since there is no one API call to enable Kerberos support, we enable it for each service and then generate the appropriate credentials. The whole process is available as a one-click wizard in the Cloudera Manager web interface.