Skip to content

Commit

Permalink
feat(kerberos): use the new kerberos_spnego_install playbook
Browse files Browse the repository at this point in the history
  • Loading branch information
@rpignolet
rpignolet committed Jul 7, 2024
1 parent 4f3fabd commit 8d7d068
Show file tree
Hide file tree
Showing 25 changed files with 300 additions and 660 deletions.
11 changes: 0 additions & 11 deletions playbooks/ranger_kerberos_install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,6 @@
name: tosit.tdp.ranger.admin
tasks_from: kerberos
- ansible.builtin.meta: clear_facts # noqa unnamed-task
- name: Kerberos Ranger Admin HA install
hosts: spnego_ha
strategy: linear
tasks:
- tosit.tdp.resolve: # noqa unnamed-task
node_name: ranger_kerberos
- name: Install Ranger Admin Kerberos
ansible.builtin.import_role:
name: tosit.tdp.ranger.admin
tasks_from: kerberos-spnego-ha
- ansible.builtin.meta: clear_facts # noqa unnamed-task
- name: Kerberos Ranger UserSync install
hosts: ranger_usersync
strategy: linear
Expand Down
67 changes: 21 additions & 46 deletions roles/hbase/phoenix/queryserver/daemon/tasks/kerberos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,51 +7,26 @@
name: tosit.tdp.utils.kerberos
tasks_from: install

- when: krb_create_principals_keytabs
block:
- name: Ensure phoenix queryserver principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: phoenixqueryserver/{{ ansible_fqdn }}
keytab: phoenixqueryserver.service.keytab
user: "{{ phoenix_queryserver_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"
- name: Ensure phoenix queryserver principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: phoenixqueryserver/{{ ansible_fqdn }}
keytab: phoenixqueryserver.service.keytab
user: "{{ phoenix_queryserver_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: krb_create_principals_keytabs

- name: Phoenix QueryServer keytabs check
- name: Ensure phoenix queryserver keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: "phoenixqueryserver/{{ ansible_fqdn }}"
keytab: "phoenixqueryserver.service.keytab"
user: "{{ phoenix_queryserver_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: not krb_create_principals_keytabs
block:
- name: Ensure phoenix queryserver keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: "phoenixqueryserver/{{ ansible_fqdn }}"
keytab: "phoenixqueryserver.service.keytab"
user: "{{ phoenix_queryserver_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"
66 changes: 20 additions & 46 deletions roles/hbase/rest/tasks/kerberos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,52 +23,26 @@
hbase_keytab_file: "{{ hbase_site['hbase.rest.keytab.file'] }}"
hbase_principal: "{{ hbase_rest_kerberos_principal }}"

- name: HBase Rest keytabs creation
- name: Ensure hbase principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: hbase/{{ ansible_fqdn }}
keytab: hbase.service.keytab
user: "{{ hbase_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: krb_create_principals_keytabs
block:
- name: Ensure hbase principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: hbase/{{ ansible_fqdn }}
keytab: hbase.service.keytab
user: "{{ hbase_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: "HTTP/{{ ansible_fqdn }}"
keytab: "spnego.service.keytab"
user: "root"
group: "{{ hadoop_group }}"
mode: "0640"

- name: HBase Rest keytabs check
- name: Ensure hbase keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: "hbase/{{ ansible_fqdn }}"
keytab: "hbase.service.keytab"
user: "{{ hbase_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: not krb_create_principals_keytabs
block:
- name: Ensure hbase keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: "hbase/{{ ansible_fqdn }}"
keytab: "hbase.service.keytab"
user: "{{ hbase_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego keytab works
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: "HTTP/{{ ansible_fqdn }}"
keytab: "spnego.service.keytab"
user: "root"
group: "{{ hadoop_group }}"
mode: "0640"
66 changes: 20 additions & 46 deletions roles/hdfs/datanode/tasks/kerberos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,52 +12,26 @@
name: tosit.tdp.hadoop.common
tasks_from: kerberos

- name: HDFS Datanode keytabs creation
- name: Ensure hdfs dn user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: dn/{{ ansible_fqdn }}
keytab: dn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: krb_create_principals_keytabs
block:
- name: Ensure hdfs dn user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: dn/{{ ansible_fqdn }}
keytab: dn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"

- name: HDFS Datanode keytabs check
- name: Ensure hdfs dn user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: dn/{{ ansible_fqdn }}
keytab: dn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: not krb_create_principals_keytabs
block:
- name: Ensure hdfs dn user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: dn/{{ ansible_fqdn }}
keytab: dn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"
68 changes: 22 additions & 46 deletions roles/hdfs/httpfs/tasks/kerberos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,50 +12,26 @@
name: tosit.tdp.hadoop.common
tasks_from: kerberos

- when: krb_create_principals_keytabs
block:
- name: Ensure httpfs user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: httpfs/{{ ansible_fqdn }}
keytab: httpfs.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: "HTTP/{{ ansible_fqdn }}"
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"

- when: not krb_create_principals_keytabs
block:
- name: Ensure httpfs user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: httpfs/{{ ansible_fqdn }}
keytab: httpfs.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
- name: Ensure httpfs user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: httpfs/{{ ansible_fqdn }}
keytab: httpfs.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: krb_create_principals_keytabs

- name: Ensure HTTP spnego's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"
- name: Ensure httpfs user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: httpfs/{{ ansible_fqdn }}
keytab: httpfs.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: not krb_create_principals_keytabs
66 changes: 20 additions & 46 deletions roles/hdfs/journalnode/tasks/kerberos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,52 +7,26 @@
name: tosit.tdp.utils.kerberos
tasks_from: install

- name: HDFS JournalNode keytabs creation
- name: Ensure hdfs jn user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: jn/{{ ansible_fqdn }}
keytab: jn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: krb_create_principals_keytabs
block:
- name: Ensure hdfs jn user's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: jn/{{ ansible_fqdn }}
keytab: jn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego's principal and keytab exist
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: create_principal_keytab
vars:
principal: "HTTP/{{ ansible_fqdn }}"
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"

- name: HDFS JournalNode keytabs check
- name: Ensure hdfs jn user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: jn/{{ ansible_fqdn }}
keytab: jn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"
when: not krb_create_principals_keytabs
block:
- name: Ensure hdfs jn user's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: jn/{{ ansible_fqdn }}
keytab: jn.service.keytab
user: "{{ hdfs_user }}"
group: "{{ hadoop_group }}"
mode: "0600"

- name: Ensure HTTP spnego's keytab is working
ansible.builtin.import_role:
name: tosit.tdp.utils.kerberos
tasks_from: check_secure_keytab
vars:
principal: HTTP/{{ ansible_fqdn }}
keytab: spnego.service.keytab
user: root
group: "{{ hadoop_group }}"
mode: "0640"
Loading

0 comments on commit 8d7d068

Please sign in to comment.