[ https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15211138#comment-15211138 ]
Ali Bajwa commented on AMBARI-6432: ----------------------------------- [~rlevas] Usually what I find is that IPA wants port 8080 and 8443 to be open. So usually when installing FreeIPA on single node I change Ambari/Knox ports from the default. Btw this is great stuff! As the next logical step it would nice to have FreeIPA installed/managed by Ambari as well. Would be great to have a separate JIRA on that for future. I have written a basic Ambari service as a potential starting point for this: https://github.com/hortonworks-gallery/ambari-freeipa-service In case its useful I have a single node VM running HDP 2.3/Centos6 with FreeIPA installed/running as Ambari service with security enabled: https://github.com/abajwa-hw/security-workshops#current-release Thanks Ali > FreeIPA Support in Ambari > ------------------------- > > Key: AMBARI-6432 > URL: https://issues.apache.org/jira/browse/AMBARI-6432 > Project: Ambari > Issue Type: Improvement > Components: ambari-server > Affects Versions: trunk > Reporter: jay vyas > Assignee: Bolke de Bruin > Fix For: 2.4.0 > > Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.patch, > AMBARI-6432.patch, AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch, > AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch, > AMBARI-6432.trunk.v5.patch, AMBARI-6432.trunk.v5.patch, > AMBARI-6432.trunk.v6.patch, AMBARI-6432.trunk.v7.patch, > AMBARI-6432.trunk.v8.patch, ipa-patch-v0.5.patch > > > FreeIPA Is a powerful tool for unifying identity, kerberos credentials, > across a cluster. > A great value add for ambari would be to provide support for using FreeIPA to > kerberize services. This would allow for > 1) better HCFS interoperability, because first class GID/UID is critical for > certain file systems (GlusterFS, Lustre, and any other file system which uses > kernel / FUSE apis for determining identity) > 2) better enterprise interoperability. Because of the fact that FreeIPA > makes it easy to interop with different identity solutions (like active > directory), it would make ambari easier to adopt for various enterprises. > 3) broadens ambaris scope. Now ambari could also allow people to setup the > users of their clusters, and at least some of the security features of their > clusters, all from one interface (no more manual handling of TGTs and such - > it could all be done quite easily via the ambari UI which could make calls to > underlying FreeIPA clients). -- This message was sent by Atlassian JIRA (v6.3.4#6332)