Repository: ambari Updated Branches: refs/heads/trunk 5a9bb7158 -> 0ea255c59
AMBARI-15001: Hdfs keytab for hawq service check on secured cluster Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0ea255c5 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0ea255c5 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0ea255c5 Branch: refs/heads/trunk Commit: 0ea255c59005eda4d5684230460d8b1c647c78f7 Parents: 5a9bb71 Author: Jun Aoki <ja...@apache.org> Authored: Wed Feb 17 12:27:50 2016 -0800 Committer: Jun Aoki <ja...@apache.org> Committed: Wed Feb 17 12:27:50 2016 -0800 ---------------------------------------------------------------------- .../common-services/HAWQ/2.0.0/kerberos.json | 125 +++++++++---------- 1 file changed, 56 insertions(+), 69 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0ea255c5/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json index cc11c15..da11986 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json @@ -1,73 +1,60 @@ { - "services": [ + "services": [ + { + "name": "HAWQ", + "identities": [ { - "name": "HAWQ", - "identities": [ - { - "name": "/hdfs" - } - ], - "configurations": [ - { - "hawq-site": { - "enable_secure_filesystem": "ON", - "krb_server_keyfile": "${keytab_dir}/hawq.service.keytab" - } - }, - { - "hdfs-client": { - "hadoop.security.authentication": "kerberos" - } - } - ], - "components": [ - { - "identities": [ - { - "keytab": { - "file": "${keytab_dir}/hawq.service.keytab", - "group": { - "access": "", - "name": "${cluster-env/user_group}" - }, - "owner": { - "access": "r", - "name": "gpadmin" - } - }, - "name": "hawq_master_hawq", - "principal": { - "type": "service", - "value": "postgres@${realm}" - } - } - ], - "name": "HAWQMASTER" - }, - { - "identities": [ - { - "keytab": { - "file": "${keytab_dir}/hawq.service.keytab", - "group": { - "access": "", - "name": "${cluster-env/user_group}" - }, - "owner": { - "access": "r", - "name": "gpadmin" - } - }, - "name": "hawq_standby_hawq", - "principal": { - "type": "service", - "value": "postgres@${realm}" - } - } - ], - "name": "HAWQSTANDBY" - } - ] + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "hawq_identity", + "principal": { + "type": "user", + "value": "postgres@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/hawq.service.keytab", + "owner": { + "access": "r", + "name": "gpadmin" + }, + "group": { + "name": "${cluster-env/user_group}" + } + } + } + ], + "configurations": [ + { + "hawq-site": { + "enable_secure_filesystem": "ON", + "krb_server_keyfile": "${keytab_dir}/hawq.service.keytab" + } + }, + { + "hdfs-client": { + "hadoop.security.authentication": "kerberos" + } + } + ], + "components" : [ + { + "name": "HAWQMASTER", + "identities": [ + { + "name": "/HAWQ/hawq_identity" + } + ] + }, + { + "name": "HAWQSTANDBY", + "identities": [ + { + "name": "/HAWQ/hawq_identity" + } + ] } - ] + ] + } + ] }