services/kerberos/src/main/resources/functions/configure_kerberos_server.sh - whirr - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 set -x

 function configure_kerberos_server() {
   KERBEROS_USER=${KERBEROS_USER:-$CLUSTER_USER}
   KERBEROS_REALM_REGEX=$(echo $KERBEROS_REALM | sed s/\\\./\\\\\./g)
   if which dpkg &> /dev/null; then
     KERBEROS_HOME=/etc/krb5kdc
     KERBEROS_SERVICE_KDC=krb5-kdc
     KERBEROS_SERVICE_ADMIN=krb5-admin-server
     export DEBIAN_FRONTEND=noninteractive
     retry_apt_get update
     retry_apt_get -q -y install expect
   elif which rpm &> /dev/null; then
     KERBEROS_HOME=/var/kerberos/krb5kdc
     KERBEROS_SERVICE_KDC=krb5kdc
     KERBEROS_SERVICE_ADMIN=kadmin
     retry_yum install -y expect
   fi
   service $KERBEROS_SERVICE_KDC stop
   service $KERBEROS_SERVICE_ADMIN stop
   sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kdc.conf
   cat >> run_kdb5_util <<END
 #!/usr/bin/expect -f
 set timeout 5000
 spawn sudo kdb5_util create -s
 expect {Enter KDC database master key: } { send "admin\r" }
 expect {Re-enter KDC database master key to verify: } { send "admin\r" }
 expect EOF
 END
   chmod +x run_kdb5_util
   ./run_kdb5_util
   rm -rf run_kdb5_util
   if [ -f $KERBEROS_HOME/kadm5.acl ]; then
     sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kadm5.acl
   else
     echo "*/admin@$KERBEROS_REALM	*" > $KERBEROS_HOME/kadm5.acl
   fi
   cat >> run_addpinc <<END
 #!/usr/bin/expect -f
 set timeout 5000
 set principal_primary [lindex \$argv 0]
 set principal_instance [lindex \$argv 1]
 set realm [lindex \$argv 2]
 spawn sudo kadmin.local -q "addprinc \$principal_instance@\$realm"
 expect -re {Enter password for principal .*} { send "\$principal_primary\r" }
 expect -re {Re-enter password for principal .* } { send "\$principal_primary\r" }
 expect EOF
 END
   chmod +x run_addpinc
   ./run_addpinc $KERBEROS_USER $KERBEROS_USER/admin $KERBEROS_REALM
   ./run_addpinc $KERBEROS_USER $KERBEROS_USER $KERBEROS_REALM
   ./run_addpinc hdfs hdfs $KERBEROS_REALM
   rm -rf ./run_addpinc
   service $KERBEROS_SERVICE_KDC start
   service $KERBEROS_SERVICE_ADMIN start
   CONFIGURE_KERBEROS_DONE=1
 }
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	set -x

	function configure_kerberos_server() {
	KERBEROS_USER=${KERBEROS_USER:-$CLUSTER_USER}
	KERBEROS_REALM_REGEX=$(echo $KERBEROS_REALM \| sed s/\\\./\\\\\./g)
	if which dpkg &> /dev/null; then
	KERBEROS_HOME=/etc/krb5kdc
	KERBEROS_SERVICE_KDC=krb5-kdc
	KERBEROS_SERVICE_ADMIN=krb5-admin-server
	export DEBIAN_FRONTEND=noninteractive
	retry_apt_get update
	retry_apt_get -q -y install expect
	elif which rpm &> /dev/null; then
	KERBEROS_HOME=/var/kerberos/krb5kdc
	KERBEROS_SERVICE_KDC=krb5kdc
	KERBEROS_SERVICE_ADMIN=kadmin
	retry_yum install -y expect
	fi
	service $KERBEROS_SERVICE_KDC stop
	service $KERBEROS_SERVICE_ADMIN stop
	sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kdc.conf
	cat >> run_kdb5_util <<END
	#!/usr/bin/expect -f
	set timeout 5000
	spawn sudo kdb5_util create -s
	expect {Enter KDC database master key: } { send "admin\r" }
	expect {Re-enter KDC database master key to verify: } { send "admin\r" }
	expect EOF
	END
	chmod +x run_kdb5_util
	./run_kdb5_util
	rm -rf run_kdb5_util
	if [ -f $KERBEROS_HOME/kadm5.acl ]; then
	sed -i -e "s/EXAMPLE\.COM/$KERBEROS_REALM_REGEX/" $KERBEROS_HOME/kadm5.acl
	else
	echo "/admin@$KERBEROS_REALM " > $KERBEROS_HOME/kadm5.acl
	fi
	cat >> run_addpinc <<END
	#!/usr/bin/expect -f
	set timeout 5000
	set principal_primary [lindex \$argv 0]
	set principal_instance [lindex \$argv 1]
	set realm [lindex \$argv 2]
	spawn sudo kadmin.local -q "addprinc \$principal_instance@\$realm"
	expect -re {Enter password for principal .*} { send "\$principal_primary\r" }
	expect -re {Re-enter password for principal .* } { send "\$principal_primary\r" }
	expect EOF
	END
	chmod +x run_addpinc
	./run_addpinc $KERBEROS_USER $KERBEROS_USER/admin $KERBEROS_REALM
	./run_addpinc $KERBEROS_USER $KERBEROS_USER $KERBEROS_REALM
	./run_addpinc hdfs hdfs $KERBEROS_REALM
	rm -rf ./run_addpinc
	service $KERBEROS_SERVICE_KDC start
	service $KERBEROS_SERVICE_ADMIN start
	CONFIGURE_KERBEROS_DONE=1
	}