From 3fa290df302429cc8c448a22350cac19cc0f2900 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Tue, 16 Mar 2021 14:09:17 +0100
Subject: [PATCH] Activate SPNEGO even without SSL - http signature secret file
 needed

---
 deployments/hadoop-hdfs/site.pp.tmpl     | 7 +++++++
 deployments/hadoop-single/single.pp.tmpl | 7 +++++++
 deployments/hadoop/plugin.py             | 1 +
 deployments/hadoop/site.pp.tmpl          | 7 +++++++
 4 files changed, 22 insertions(+)

diff --git a/deployments/hadoop-hdfs/site.pp.tmpl b/deployments/hadoop-hdfs/site.pp.tmpl
index b96032c..47a42ee 100644
--- a/deployments/hadoop-hdfs/site.pp.tmpl
+++ b/deployments/hadoop-hdfs/site.pp.tmpl
@@ -118,6 +118,13 @@ class local_kerberos {
   }
 
   File['/etc/security/keytab'] -> Kerberos::Keytab <| |>
+
+  file{'/etc/security/http-auth-signature-secret':
+    content => '$http_signature_secret',
+    mode    => '0600',
+    owner   => 'root',
+    group   => 'root',
+  }
 }
 
 class local_kerberos_master {
diff --git a/deployments/hadoop-single/single.pp.tmpl b/deployments/hadoop-single/single.pp.tmpl
index b29aed1..8d23668 100644
--- a/deployments/hadoop-single/single.pp.tmpl
+++ b/deployments/hadoop-single/single.pp.tmpl
@@ -192,6 +192,13 @@ class local_kerberos {
   }
 
   File['/etc/security/keytab'] -> Kerberos::Keytab <| |>
+
+  file{'/etc/security/http-auth-signature-secret':
+    content => '$http_signature_secret',
+    mode    => '0600',
+    owner   => 'root',
+    group   => 'root',
+  }
 }
 
 class local_kerberos_master {
diff --git a/deployments/hadoop/plugin.py b/deployments/hadoop/plugin.py
index c4c7acd..c72ad5b 100644
--- a/deployments/hadoop/plugin.py
+++ b/deployments/hadoop/plugin.py
@@ -25,6 +25,7 @@ class ComponentHadoopCommon:
             'realm': 'HADOOP',
             'kerberos_admin_password': config['secrets']['kerberos_admin_password'],
             'kerberos_master_password': config['secrets']['kerberos_master_password'],
+            'http_signature_secret': config['secrets']['http_signature_secret'],
             'data_dirs': data_dirs,
         }
 
diff --git a/deployments/hadoop/site.pp.tmpl b/deployments/hadoop/site.pp.tmpl
index 7a4f884..ba7559b 100644
--- a/deployments/hadoop/site.pp.tmpl
+++ b/deployments/hadoop/site.pp.tmpl
@@ -190,6 +190,13 @@ class local_kerberos {
   }
 
   File['/etc/security/keytab'] -> Kerberos::Keytab <| |>
+
+  file{'/etc/security/http-auth-signature-secret':
+    content => '$http_signature_secret',
+    mode    => '0600',
+    owner   => 'root',
+    group   => 'root',
+  }
 }
 
 class local_kerberos_master {
-- 
GitLab