[
https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15211138#comment-15211138
]
Ali Bajwa commented on AMBARI-6432:
-----------------------------------
[~rlevas] Usually what I find is that IPA wants port 8080 and 8443 to be open.
So usually when installing FreeIPA on single node I change Ambari/Knox ports
from the default.
Btw this is great stuff! As the next logical step it would nice to have FreeIPA
installed/managed by Ambari as well. Would be great to have a separate JIRA on
that for future. I have written a basic Ambari service as a potential starting
point for this:
https://github.com/hortonworks-gallery/ambari-freeipa-service
In case its useful I have a single node VM running HDP 2.3/Centos6 with FreeIPA
installed/running as Ambari service with security enabled:
https://github.com/abajwa-hw/security-workshops#current-release
Thanks
Ali
> FreeIPA Support in Ambari
> -------------------------
>
> Key: AMBARI-6432
> URL: https://issues.apache.org/jira/browse/AMBARI-6432
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: trunk
> Reporter: jay vyas
> Assignee: Bolke de Bruin
> Fix For: 2.4.0
>
> Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.patch,
> AMBARI-6432.patch, AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch,
> AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch,
> AMBARI-6432.trunk.v5.patch, AMBARI-6432.trunk.v5.patch,
> AMBARI-6432.trunk.v6.patch, AMBARI-6432.trunk.v7.patch,
> AMBARI-6432.trunk.v8.patch, ipa-patch-v0.5.patch
>
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials,
> across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to
> kerberize services. This would allow for
> 1) better HCFS interoperability, because first class GID/UID is critical for
> certain file systems (GlusterFS, Lustre, and any other file system which uses
> kernel / FUSE apis for determining identity)
> 2) better enterprise interoperability. Because of the fact that FreeIPA
> makes it easy to interop with different identity solutions (like active
> directory), it would make ambari easier to adopt for various enterprises.
> 3) broadens ambaris scope. Now ambari could also allow people to setup the
> users of their clusters, and at least some of the security features of their
> clusters, all from one interface (no more manual handling of TGTs and such -
> it could all be done quite easily via the ambari UI which could make calls to
> underlying FreeIPA clients).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
