Repository: ambari Updated Branches: refs/heads/branch-1.7.0 a5b37ab6d -> 25d0b121e
AMBARI-7824. Slider View: Unable to create app when cluster is secured - keytab doesnt exist. Doc updates (srimanth) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/25d0b121 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/25d0b121 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/25d0b121 Branch: refs/heads/branch-1.7.0 Commit: 25d0b121e9552ef86f4036e3272f02a375f6ff77 Parents: a5b37ab Author: Srimanth Gunturi <sgunt...@hortonworks.com> Authored: Thu Oct 16 23:36:09 2014 -0700 Committer: Srimanth Gunturi <sgunt...@hortonworks.com> Committed: Thu Oct 16 23:36:52 2014 -0700 ---------------------------------------------------------------------- contrib/views/slider/docs/index.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/25d0b121/contrib/views/slider/docs/index.md ---------------------------------------------------------------------- diff --git a/contrib/views/slider/docs/index.md b/contrib/views/slider/docs/index.md index 0c9132c..bd23d14 100644 --- a/contrib/views/slider/docs/index.md +++ b/contrib/views/slider/docs/index.md @@ -80,4 +80,35 @@ From *Ambari-Admin* create a *Slider Apps View* with the below parameters popula * slider.security.enabled = true * view.kerberos.principal = `view-principal` -* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab` \ No newline at end of file +* view.kerberos.principal.keytab = `/etc/security/keytabs/view-principal.headless.keytab` + +#### Step-5 Create *Kerberos* principal for *slider.user* +We need to provide a *Kerberos* identity for the user identified in *slider.user* view parameter. + +The *slider.user* view parameter has the following interpretations: + +* If the parameter is left blank, it means the user *yarn*. +* If it is `${username}`, it is the user logged into Ambari. +* Else, it is exact name of the user. + +We shall assume the user as `slider-user`. In a secured cluster this user has to actually exist on all the hosts. The user should also have an *uid* greater than 1000. + +On the machine where *KDC Server* is hosted, create user principal by running below command + +``` +kadmin.local -q "addprinc -randkey slider-u...@example.com" +``` +Next, extract keytab file + +``` +kadmin.local -q "xst -k /path/to/keytab/slider-user.headless.keytab view-princi...@example.com" +``` +The keytab file should then be copied over to the keytabs location on the host where the view is hosted. + +``` +cp /path/to/keytab/slider-user.headless.keytab /etc/security/keytabs/ +``` + +Change file permissions so that only necessary users can access it. + +**Make sure that `slider-user` keytab is at /etc/security/keytabs/`slider-user`.headless.keytab**