安装ipa-server,增加ambari用户,并制定pwpolicy(永不过期,0 ,0)
ipa-server-install--domain=stockmarket.corp.com
--realm=STOCKMARKET.CORP.COM
--hostname=ipa.stockmarket.corp.com
--ip-address=10.20.69.198
--setup-dns
--forwarder=10.20.95.21
--forwarder=10.20.95.22
--ds-password=stockmarket1-4--admin-password=stockmarket1-4
--reverse-zone=69.20.10.in-addr.arpa.
default_ccache_name = FILE:/tmp/krb5cc_%{uid}(/etc/krb5.conf)
kinit admin@EXAMPLE.DOMAIN.COM
ipa user-add hdpadmin --first=hdp--last=Admin
ipa group-add-member admins --users=hdpadmin
ipa passwd hdp
Pwpolicy (--minlife=0, --maxlife=0)
在ambari服务器安装ipa-client以及ipa-admintools,其他hdp服务器安装ipa-client
ipa-client-install--domain=stockmarket.corp.com
--server=ipa.stockmarket.corp.com
--realm=STOCKMARKET.CORP.COM
--principal=ambari@STOCKMARKET.CORP.COM
--enable-dns-updates
增加ambari的credential
ambari-serverstop
ambari-server setup-security, 选2
ambari-server start
curl -H X-Requested-By:ambari -u admin:admin -X POST -d { Credential : { principal : ambari@STOCKMARKET.CORP.COM , key : stockmarket1-4 , type : persisted } } http://hdp.stockmarket.corp.com:8080/api/v1/clusters/stockmarket/credentials/kdc.admin.credential(2.5之后自动添加)
curl -H X-Requested-By:ambari -u admin:admin -X GET http://hdp.stockmarket.corp.com:8080/api/v1/clusters/stockmarket/credentials/kdc.admin.credential
通过ipa管理服务
ambari服务器需要设置JCE以支持AES256加密,否则会导致访问kdc出错,提示Invalid arguments
ambari服务器可以通过reset指令清空数据库,这样子可以起到还原点的作用
转载本文请联系原作者获取授权,同时请注明本文来自过西荣科学网博客。
链接地址:http://blog.sciencenet.cn/blog-427394-1058390.html
上一篇:IOS的Websocket探究
下一篇:微服务平台Fabric8集成到Openshift
本文链接: http://freeincorp.immuno-online.com/view-740004.html