Initial support for creating testing KDC server on Fedora.

diff --git a/manifests/kdc.pp b/manifests/kdc.pp
new file mode 100644 (file)
index 0000000..dce3cfe
--- /dev/null
+++ b/manifests/kdc.pp
@@ -0,0 +1,13 @@
+class site_hadoop::kdc (
+  $realm = $site_hadoop::kdc::params::realm,
+  $master_password = $site_hadoop::kdc::params::master_password,
+) inherits site_hadoop::kdc::params {
+
+  include site_hadoop::kdc::install
+  include site_hadoop::kdc::config
+  include site_hadoop::kdc::service
+
+  Class['site_hadoop::kdc::install'] ->
+  Class['site_hadoop::kdc::config'] ~>
+  Class['site_hadoop::kdc::service']
+}

diff --git a/manifests/kdc/config.pp b/manifests/kdc/config.pp
new file mode 100644 (file)
index 0000000..119754b
--- /dev/null
+++ b/manifests/kdc/config.pp
@@ -0,0 +1,23 @@
+class site_hadoop::kdc::config {
+  $realm = $site_hadoop::kdc::realm
+  $domain = $site_hadoop::kdc::domain
+  $kdcserver = $site_hadoop::kdc::kdcserver
+
+  file { '/etc/krb5.conf':
+    mode    => '0644',
+    content => template('site_hadoop/krb5.conf.erb'),
+  }
+
+  file { '/var/kerberos/krb5kdc/kdc.conf':
+    mode    => '0600',
+    content => template('site_hadoop/kdc.conf.erb'),
+  }
+
+  exec { 'kdb5_util-create':
+    command => "kdb5_util create -s -P ${site_hadoop::kdc::master_password}",
+    path    => '/sbin:/usr/sbin:/bin:/usr/bin',
+    creates => '/var/kerberos/krb5kdc/principal',
+  }
+  File['/etc/krb5.conf'] -> Exec['kdb5_util-create']
+  File['/var/kerberos/krb5kdc/kdc.conf'] -> Exec['kdb5_util-create']
+}

diff --git a/manifests/kdc/install.pp b/manifests/kdc/install.pp
new file mode 100644 (file)
index 0000000..aabbbbf
--- /dev/null
+++ b/manifests/kdc/install.pp
@@ -0,0 +1,5 @@
+class site_hadoop::kdc::install {
+  if $site_hadoop::kdc::kdc_packages {
+    ensure_packages($site_hadoop::kdc::kdc_packages)
+  }
+}

diff --git a/manifests/kdc/params.pp b/manifests/kdc/params.pp
new file mode 100644 (file)
index 0000000..b74a1f2
--- /dev/null
+++ b/manifests/kdc/params.pp
@@ -0,0 +1,8 @@
+class site_hadoop::kdc::params {
+  $kdc_packages = $::osfamily ? {
+    redhat => ['krb5-server', 'krb5-workstation'],
+  }
+  $realm = 'HADOOP'
+  $kdcserver = $::fqdn
+  $master_password = '12345'
+}

diff --git a/manifests/kdc/service.pp b/manifests/kdc/service.pp
new file mode 100644 (file)
index 0000000..393e6d0
--- /dev/null
+++ b/manifests/kdc/service.pp
@@ -0,0 +1,8 @@
+class site_hadoop::kdc::service {
+  service{'kadmin':
+    ensure => running,
+  }
+  service{'krb5kdc':
+    ensure => running,
+  }
+}

diff --git a/templates/kdc.conf.erb b/templates/kdc.conf.erb
new file mode 100644 (file)
index 0000000..10bf1fe
--- /dev/null
+++ b/templates/kdc.conf.erb
@@ -0,0 +1,12 @@
+[kdcdefaults]
+ kdc_ports = 88
+ kdc_tcp_ports = 88
+
+[realms]
+ <%= @realm -%> = {
+  #master_key_type = aes256-cts
+  acl_file = /var/kerberos/krb5kdc/kadm5.acl
+  dict_file = /usr/share/dict/words
+  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+ }

diff --git a/templates/krb5.conf.erb b/templates/krb5.conf.erb
new file mode 100644 (file)
index 0000000..e1e275c
--- /dev/null
+++ b/templates/krb5.conf.erb
@@ -0,0 +1,17 @@
+[libdefaults]
+  default_realm = <%= @realm %>
+
+  dns_lookup_kdc = no
+  dns_lookup_realm = no
+  dns_fallback = no
+
+[realms]
+  <%= @realm %> = {
+    kdc = <%= @kdcserver -%>:88
+    admin_server = <%= @kdcserver -%>:749
+    default_domain = <%= @domain %>
+  }
+
+[domain_realm]
+  .<%= @domain %> = <%= @realm %>
+  <%= @domain %> = <%= @realm %>