Google Git
Sign in
apache / incubator-ambari / 38d8eba1c337325bf4cdc3bf18c4f554af4026ef / . / branch-1.2 / ambari-agent / src / main / puppet / modules / hdp-kerberos / manifests / server.pp
blob: ae2f421eece1d0c8939de08d62911f86c4237435 [file] [log] [blame]
#
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
#
class hdp-kerberos::server(
$service_state = $hdp::params::cluster_service_state,
$opts = {}
) inherits hdp-kerberos::params
{
import 'hdp'
$hdp::params::service_exists['hdp-kerberos::server'] = true
$krb_realm = $kerberos_domain
$kadmin_pw = "bla123"
$kadmin_admin = "kadmin/admin"
if ($service_state == 'no_op') {
} elsif ($service_state in ['running','stopped','installed_and_configured']) {
# Install kdc server and client
package { $package_name_kdc:
ensure => installed
}
# set the realm
$realm = $krb_realm
# SUHAS: This should be set on all the nodes in addition to kdc server
file { "/etc/krb5.conf":
content => template('hdp-kerberos/krb5.conf'),
owner => "root",
group => "root",
mode => "0644",
require => Package[$package_name_kdc],
}
file { $kdc_etc_path:
ensure => directory,
owner => root,
group => root,
mode => "0700",
require => Package[$package_name_kdc],
}
file { "${kdc_etc_path}/kdc.conf":
content => template('hdp-kerberos/kdc.conf'),
require => Package["$package_name_kdc"],
owner => "root",
group => "root",
mode => "0644",
}
# SUHAS: kadm5.acl file template is missing in gsInsaller
# SUHAS: gsInstaller stops stopIptables at this point (sequence is not relevant here).
file { "${kdc_etc_path}/kadm5.acl":
content => template('hdp-kerberos/kadm5.acl'),
require => Package["$package_name_kdc"],
owner => "root",
group => "root",
mode => "0644",
}
exec { "kdb5_util":
path => $exec_path,
command => "rm -f ${kdc_etc_path}/kadm5.keytab; kdb5_util -P x86yzh12 -r ${realm} create -s && kadmin.local -q 'cpw -pw ${kadmin_pw} ${kadmin_admin}'",
creates => "${kdc_etc_path}/stash",
subscribe => File["${kdc_etc_path}/kdc.conf"],
require => [Package[$package_name_kdc], File["${kdc_etc_path}/kdc.conf"], File["/etc/krb5.conf"]]
}
# SUHAS: gsInstaller has checkconfig_on
exec { "chkconfig_krb5kdc_on":
path => $exec_path,
command => "chkconfig krb5kdc on",
require => [Package["$package_name_kdc"], File["${kdc_etc_path}/kdc.conf"], Exec["kdb5_util"]],
}
# Start KDC Server
if ($service_state in ['running','stopped']) {
service { $service_name_kdc:
ensure => $service_state,
require => [Exec["chkconfig_krb5kdc_on"]],
subscribe => File["${kdc_etc_path}/kdc.conf"],
hasrestart => true,
}
# SUHAS: This is to be done on HMC not KDC Server??
$se_hack = "setsebool -P kadmind_disable_trans 1 ; setsebool -P krb5kdc_disable_trans 1"
service { $service_name_admin:
ensure => $service_state,
require => Service[$service_name_kdc],
hasrestart => true,
restart => "${se_hack} ; service ${service_name_admin} restart",
start => "${se_hack} ; service ${service_name_admin} start",
}
}
} else {
hdp_fail("TODO not implemented yet: service_state = ${service_state}")
}
}