| # |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| |
| class hdp-kerberos::adminclient( |
| $service_state = $hdp::params::cluster_service_state |
| ) inherits hdp-kerberos::params |
| { |
| import 'hdp' |
| |
| $kadmin_pw = "bla123" |
| $kadmin_admin = "kadmin/admin" |
| $realm = $kerberos_domain |
| $krb_realm = $kerberos_domain |
| $hdp::params::service_exists['hdp-kerberos::adminclient'] = true |
| $krbContext = {} |
| $krbContext['kadmin_pw'] = $kadmin_pw |
| $krbContext['kadmin_admin'] = $kadmin_admin |
| $krbContext['realm' ] = $kerberos_domain |
| $krbContext['local_or_remote'] = 'remote' |
| $krbContext['principals_to_create'] = $principals_to_create |
| $krbContext['keytabs_to_create'] = $keytabs_to_create |
| $krbContext['principals_in_keytabs'] = $principals_in_keytabs |
| |
| $kdc_server = $kdc_host |
| |
| package { $package_name_client: |
| ensure => installed, |
| } |
| if ($hdp::params::service_exists['hdp-kerberos::server'] != true) { |
| file { "/etc/krb5.conf": |
| content => template('hdp-kerberos/krb5.conf'), |
| owner => "root", |
| group => "root", |
| mode => "0644", |
| require => Package[$package_name_client], |
| } |
| } |
| |
| if ($create_principals_keytabs == "yes") { |
| notice("Creating principals and keytabs..") |
| hdp-kerberos::principals_and_keytabs::services { 'alphabeta': |
| krb_context => $krbContext |
| } |
| } |
| } |
| |
| |
| define hdp-kerberos::principals_and_keytabs::services( |
| $krb_context |
| ) |
| { |
| include hdp-kerberos::params |
| $principals_to_create = $krb_context[principals_to_create] |
| $keytabs_to_create = $krb_context[keytabs_to_create] |
| |
| hdp-kerberos::principal {$principals_to_create: |
| krb_context => $krb_context, |
| } |
| |
| hdp-kerberos::keytab { $keytabs_to_create : |
| krb_context => $krb_context, |
| require => Hdp-kerberos::Principal[$principals_to_create] |
| } |
| } |
| |
| define hdp-kerberos::keytab( |
| $krb_context, |
| $keytable_file_owner = undef, |
| $keytable_file_mode = undef |
| ) |
| { |
| include hdp-kerberos::params |
| $keytab = $name |
| $realm = $krb_context['realm'] |
| $local_or_remote = $krb_context['local_or_remote'] |
| $kadmin_pw = $krb_context['kadmin_pw'] |
| $kadmin_admin = $krb_context['kadmin_admin'] |
| $kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}" |
| if ($local_or_remote == 'local') { |
| $kadmin_cmd = 'kadmin.local' |
| } |
| $principals_in_keytabs = $krb_context['principals_in_keytabs'] |
| |
| $principals = $principals_in_keytabs[$keytab] |
| $principals_list = inline_template("<%= principals.join(' ')%>") |
| $keytab_filename = $keytab |
| |
| exec { "xst ${keytab}": |
| command => "rm -rf ${keytab_filename}; ${kadmin_cmd} -q 'xst -k ${keytab_filename} ${principals_list}'; chown puppet:apache ${keytab_filename}", |
| unless => "klist -kt ${keytab_filename} 2>/dev/null | grep -q ' ${principals[0]}'", #TODO may make more robust test |
| path => $hdp-kerberos::params::exec_path, |
| } |
| |
| if (($keytable_file_owner != undef) or ($keytable_file_mode != undef)) { |
| file { $keytab_filename: |
| owner => $keytable_file_owner, |
| mode => $keytable_file_mode, |
| require => Exec["xst ${keytab}"] |
| } |
| } |
| } |
| |
| define hdp-kerberos::principal( |
| $krb_context |
| ) |
| { |
| include hdp-kerberos::params |
| $realm = $krb_context['realm'] |
| $local_or_remote = $krb_context['local_or_remote'] |
| $kadmin_pw = $krb_context['kadmin_pw'] |
| $kadmin_admin = $krb_context['kadmin_admin'] |
| $kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}" |
| if ($local_or_remote == 'local') { |
| $kadmin_cmd = 'kadmin.local' |
| } |
| $principal = $name |
| exec { "addprinc ${principal}": |
| command => "${kadmin_cmd} -q 'addprinc -randkey ${principal}'", |
| unless => "${kadmin_cmd} -q listprincs | grep -q '^${principal}$'", |
| path => $hdp-kerberos::params::exec_path |
| } |
| } |