From d69394689f0ea5f34a21db20fd045d71fbe7937c Mon Sep 17 00:00:00 2001 From: Vitaly Gridnev Date: Mon, 12 Sep 2016 13:17:46 +0300 Subject: [PATCH] write docs about enabling kerberos Change-Id: Ifc5a0edb4a2201708fecd085f4f9863c01d4cff5 --- doc/source/userdoc/ambari_plugin.rst | 30 ++++++++++++++++++++++++++++ doc/source/userdoc/cdh_plugin.rst | 30 ++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/doc/source/userdoc/ambari_plugin.rst b/doc/source/userdoc/ambari_plugin.rst index 4302015a..7f7a394b 100644 --- a/doc/source/userdoc/ambari_plugin.rst +++ b/doc/source/userdoc/ambari_plugin.rst @@ -65,3 +65,33 @@ validation checks to ensure a successful Hadoop deployment: * Ensure the existence of Ambari Server process in the cluster; * Ensure the existence of a NameNode, Zookeeper, ResourceManagers processes HistoryServer and App TimeLine Server in the cluster + +Enabling Kerberos security for cluster +-------------------------------------- + +If you want to protect your clusters using MIT Kerberos security you have to +complete a few steps below. + +* If you would like to create a cluster protected by Kerberos security you + just need to enable Kerberos by checkbox in the ``General Parameters`` + section of the cluster configuration. If you prefer to use the OpenStack CLI + for cluster creation, you have to put the data below in the + ``cluster_configs`` section: + + .. sourcecode:: console + + "cluster_configs": { + "Enable Kerberos Security": true, + } + + Sahara in this case will correctly prepare KDC server and will create + principals along with keytabs to enable authentication for Hadoop services. + +* Ensure that you have the latest hadoop-openstack jar file distributed + on your cluster nodes. You can download one at + ``http://tarballs.openstack.org/sahara/dist/`` + +* Sahara will create principals along with keytabs for system users + like ``oozie``, ``hdfs`` and ``spark`` so that you will not have to + perform additional auth operations to execute your jobs on top of the + cluster. diff --git a/doc/source/userdoc/cdh_plugin.rst b/doc/source/userdoc/cdh_plugin.rst index 6794b5e9..fa5e16e2 100644 --- a/doc/source/userdoc/cdh_plugin.rst +++ b/doc/source/userdoc/cdh_plugin.rst @@ -129,3 +129,33 @@ In case of version 5.5.0 or 5.7.x of Cloudera Plugin additional services in the cluster topology are available: + Cluster can have the kafka service and several kafka brokers. + +Enabling Kerberos security for cluster +-------------------------------------- + +If you want to protect your clusters using MIT Kerberos security you have to +complete a few steps below. + +* If you would like to create a cluster protected by Kerberos security you + just need to enable Kerberos by checkbox in the ``General Parameters`` + section of the cluster configuration. If you prefer to use the OpenStack CLI + for cluster creation, you have to put the data below in the + ``cluster_configs`` section: + + .. sourcecode:: console + + "cluster_configs": { + "Enable Kerberos Security": true, + } + + Sahara in this case will correctly prepare KDC server and will create + principals along with keytabs to enable authentication for Hadoop services. + +* Ensure that you have the latest hadoop-openstack jar file distributed + on your cluster nodes. You can download one at + ``http://tarballs.openstack.org/sahara/dist/`` + +* Sahara will create principals along with keytabs for system users + like ``hdfs`` and ``spark`` so that you will not have to + perform additional auth operations to execute your jobs on top of the + cluster.