services/kerberos/src/main/resources/functions/configure_kerberos_server.sh - whirr - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 set -x

 function configure_kerberos_server() {
   KERBEROS_USER=${KERBEROS_USER:-$CLUSTER_USER}
   KERBEROS_REALM_REGEX=$(echo $KERBEROS_REALM | sed s/\\\./\\\\\./g)
   service krb5kdc stop
   service kadmin stop
   sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kdc.conf
   yum install -y expect
   cat >> run_kdb5_util <<END
 #!/usr/bin/expect -f
 set timeout 5000
 spawn sudo kdb5_util create -s
 expect {Enter KDC database master key: } { send "admin\r" }
 expect {Re-enter KDC database master key to verify: } { send "admin\r" }
 expect EOF
 END
   chmod +x run_kdb5_util
   ./run_kdb5_util
   rm -rf run_kdb5_util
   sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kadm5.acl
   cat >> run_addpinc <<END
 #!/usr/bin/expect -f
 set timeout 5000
 set principal_primary [lindex \$argv 0]
 set principal_instance [lindex \$argv 1]
 set realm [lindex \$argv 2]
 spawn sudo kadmin.local -q "addprinc \$principal_instance@\$realm"
 expect -re {Enter password for principal .*} { send "\$principal_primary\r" }
 expect -re {Re-enter password for principal .* } { send "\$principal_primary\r" }
 expect EOF
 END
   chmod +x run_addpinc
   ./run_addpinc $KERBEROS_USER $KERBEROS_USER/admin $KERBEROS_REALM
   ./run_addpinc $KERBEROS_USER $KERBEROS_USER $KERBEROS_REALM
   ./run_addpinc hdfs hdfs $KERBEROS_REALM
   rm -rf ./run_addpinc
   service krb5kdc start
   service kadmin start
   chkconfig krb5kdc on
   chkconfig kadmin on
   CONFIGURE_KERBEROS_DONE=1
 }
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	set -x

	function configure_kerberos_server() {
	KERBEROS_USER=${KERBEROS_USER:-$CLUSTER_USER}
	KERBEROS_REALM_REGEX=$(echo $KERBEROS_REALM \| sed s/\\\./\\\\\./g)
	service krb5kdc stop
	service kadmin stop
	sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kdc.conf
	yum install -y expect
	cat >> run_kdb5_util <<END
	#!/usr/bin/expect -f
	set timeout 5000
	spawn sudo kdb5_util create -s
	expect {Enter KDC database master key: } { send "admin\r" }
	expect {Re-enter KDC database master key to verify: } { send "admin\r" }
	expect EOF
	END
	chmod +x run_kdb5_util
	./run_kdb5_util
	rm -rf run_kdb5_util
	sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" /var/kerberos/krb5kdc/kadm5.acl
	cat >> run_addpinc <<END
	#!/usr/bin/expect -f
	set timeout 5000
	set principal_primary [lindex \$argv 0]
	set principal_instance [lindex \$argv 1]
	set realm [lindex \$argv 2]
	spawn sudo kadmin.local -q "addprinc \$principal_instance@\$realm"
	expect -re {Enter password for principal .*} { send "\$principal_primary\r" }
	expect -re {Re-enter password for principal .* } { send "\$principal_primary\r" }
	expect EOF
	END
	chmod +x run_addpinc
	./run_addpinc $KERBEROS_USER $KERBEROS_USER/admin $KERBEROS_REALM
	./run_addpinc $KERBEROS_USER $KERBEROS_USER $KERBEROS_REALM
	./run_addpinc hdfs hdfs $KERBEROS_REALM
	rm -rf ./run_addpinc
	service krb5kdc start
	service kadmin start
	chkconfig krb5kdc on
	chkconfig kadmin on
	CONFIGURE_KERBEROS_DONE=1
	}