|||
安装ipa-server,增加ambari用户,并制定pwpolicy(永不过期,0 ,0)
ipa-server-install--domain=stockmarket.corp.com
--realm=STOCKMARKET.CORP.COM
--hostname=ipa.stockmarket.corp.com
--ip-address=10.20.69.198
--setup-dns
--forwarder=10.20.95.21
--forwarder=10.20.95.22
--ds-password=stockmarket1-4--admin-password=stockmarket1-4
--reverse-zone=69.20.10.in-addr.arpa.
default_ccache_name = FILE:/tmp/krb5cc_%{uid}(/etc/krb5.conf)
kinit admin@EXAMPLE.DOMAIN.COM
ipa user-add hdpadmin --first=hdp--last=Admin
ipa group-add-member admins --users=hdpadmin
ipa passwd hdp
Pwpolicy (--minlife=0, --maxlife=0)
在ambari服务器安装ipa-client以及ipa-admintools,其他hdp服务器安装ipa-client
ipa-client-install--domain=stockmarket.corp.com
--server=ipa.stockmarket.corp.com
--realm=STOCKMARKET.CORP.COM
--principal=ambari@STOCKMARKET.CORP.COM
--enable-dns-updates
增加ambari的credential
ambari-serverstop
ambari-server setup-security, 选2
ambari-server start
curl -H "X-Requested-By:ambari" -u admin:admin -X POST -d '{ "Credential" : { "principal" : "ambari@STOCKMARKET.CORP.COM", "key" : "stockmarket1-4", "type" : "persisted" } }' http://hdp.stockmarket.corp.com:8080/api/v1/clusters/stockmarket/credentials/kdc.admin.credential(2.5之后自动添加)
curl -H "X-Requested-By:ambari" -u admin:admin -X GET http://hdp.stockmarket.corp.com:8080/api/v1/clusters/stockmarket/credentials/kdc.admin.credential
通过ipa管理服务
ambari服务器需要设置JCE以支持AES256加密,否则会导致访问kdc出错,提示Invalid arguments
ambari服务器可以通过reset指令清空数据库,这样子可以起到还原点的作用
Archiver|手机版|科学网 ( 京ICP备07017567号-12 )
GMT+8, 2024-6-3 04:43
Powered by ScienceNet.cn
Copyright © 2007- 中国科学报社