From 3fa290df302429cc8c448a22350cac19cc0f2900 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz> Date: Tue, 16 Mar 2021 14:09:17 +0100 Subject: [PATCH] Activate SPNEGO even without SSL - http signature secret file needed --- deployments/hadoop-hdfs/site.pp.tmpl | 7 +++++++ deployments/hadoop-single/single.pp.tmpl | 7 +++++++ deployments/hadoop/plugin.py | 1 + deployments/hadoop/site.pp.tmpl | 7 +++++++ 4 files changed, 22 insertions(+) diff --git a/deployments/hadoop-hdfs/site.pp.tmpl b/deployments/hadoop-hdfs/site.pp.tmpl index b96032c..47a42ee 100644 --- a/deployments/hadoop-hdfs/site.pp.tmpl +++ b/deployments/hadoop-hdfs/site.pp.tmpl @@ -118,6 +118,13 @@ class local_kerberos { } File['/etc/security/keytab'] -> Kerberos::Keytab <| |> + + file{'/etc/security/http-auth-signature-secret': + content => '$http_signature_secret', + mode => '0600', + owner => 'root', + group => 'root', + } } class local_kerberos_master { diff --git a/deployments/hadoop-single/single.pp.tmpl b/deployments/hadoop-single/single.pp.tmpl index b29aed1..8d23668 100644 --- a/deployments/hadoop-single/single.pp.tmpl +++ b/deployments/hadoop-single/single.pp.tmpl @@ -192,6 +192,13 @@ class local_kerberos { } File['/etc/security/keytab'] -> Kerberos::Keytab <| |> + + file{'/etc/security/http-auth-signature-secret': + content => '$http_signature_secret', + mode => '0600', + owner => 'root', + group => 'root', + } } class local_kerberos_master { diff --git a/deployments/hadoop/plugin.py b/deployments/hadoop/plugin.py index c4c7acd..c72ad5b 100644 --- a/deployments/hadoop/plugin.py +++ b/deployments/hadoop/plugin.py @@ -25,6 +25,7 @@ class ComponentHadoopCommon: 'realm': 'HADOOP', 'kerberos_admin_password': config['secrets']['kerberos_admin_password'], 'kerberos_master_password': config['secrets']['kerberos_master_password'], + 'http_signature_secret': config['secrets']['http_signature_secret'], 'data_dirs': data_dirs, } diff --git a/deployments/hadoop/site.pp.tmpl b/deployments/hadoop/site.pp.tmpl index 7a4f884..ba7559b 100644 --- a/deployments/hadoop/site.pp.tmpl +++ b/deployments/hadoop/site.pp.tmpl @@ -190,6 +190,13 @@ class local_kerberos { } File['/etc/security/keytab'] -> Kerberos::Keytab <| |> + + file{'/etc/security/http-auth-signature-secret': + content => '$http_signature_secret', + mode => '0600', + owner => 'root', + group => 'root', + } } class local_kerberos_master { -- GitLab