From: František Dvořák <valtri@civ.zcu.cz>
Date: Wed, 7 Jan 2015 22:41:58 +0000 (+0100)
Subject: Debian support for KDC.
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=02ad4469a002f7d4df995f09db42ab5be9bf1ee9;p=meta-site_hadoop.git

Debian support for KDC.
---

diff --git a/manifests/kdc/config.pp b/manifests/kdc/config.pp
index 119754b..c55a187 100644
--- a/manifests/kdc/config.pp
+++ b/manifests/kdc/config.pp
@@ -8,7 +8,7 @@ class site_hadoop::kdc::config {
     content => template('site_hadoop/krb5.conf.erb'),
   }
 
-  file { '/var/kerberos/krb5kdc/kdc.conf':
+  file { "${site_hadoop::kdc::kdc_dir}/kdc.conf":
     mode    => '0600',
     content => template('site_hadoop/kdc.conf.erb'),
   }
@@ -16,8 +16,8 @@ class site_hadoop::kdc::config {
   exec { 'kdb5_util-create':
     command => "kdb5_util create -s -P ${site_hadoop::kdc::master_password}",
     path    => '/sbin:/usr/sbin:/bin:/usr/bin',
-    creates => '/var/kerberos/krb5kdc/principal',
+    creates => "${site_hadoop::kdc::kdc_dir}/principal",
   }
   File['/etc/krb5.conf'] -> Exec['kdb5_util-create']
-  File['/var/kerberos/krb5kdc/kdc.conf'] -> Exec['kdb5_util-create']
+  File["${site_hadoop::kdc::kdc_dir}/kdc.conf"] -> Exec['kdb5_util-create']
 }
diff --git a/manifests/kdc/params.pp b/manifests/kdc/params.pp
index b74a1f2..c4631ea 100644
--- a/manifests/kdc/params.pp
+++ b/manifests/kdc/params.pp
@@ -1,8 +1,32 @@
 class site_hadoop::kdc::params {
+  case $::osfamily {
+    'Debian': {
+      $daemons = {
+        'kadmin' => 'krb5-admin-server',
+        'kdc' => 'krb5-kdc',
+      }
+    }
+    'RedHat': {
+      $daemons = {
+        'kadmin' => 'kadmin',
+        'kdc' => 'krb5kdc',
+      }
+    }
+  }
+
+  $kdc_dir = $::osfamily ? {
+    debian => '/var/lib/krb5kdc',
+    redhat => '/var/kerberos/krb5kdc',
+  }
+
   $kdc_packages = $::osfamily ? {
+    debian => ['krb5-kdc', 'krb5-admin-server'],
     redhat => ['krb5-server', 'krb5-workstation'],
   }
+
   $realm = 'HADOOP'
+
   $kdcserver = $::fqdn
+
   $master_password = '12345'
 }
diff --git a/manifests/kdc/service.pp b/manifests/kdc/service.pp
index 393e6d0..1c700f7 100644
--- a/manifests/kdc/service.pp
+++ b/manifests/kdc/service.pp
@@ -1,8 +1,8 @@
 class site_hadoop::kdc::service {
-  service{'kadmin':
+  service{$site_hadoop::kdc::daemons['kadmin']:
     ensure => running,
   }
-  service{'krb5kdc':
+  service{$site_hadoop::kdc::daemons['kdc']:
     ensure => running,
   }
 }
diff --git a/templates/kdc.conf.erb b/templates/kdc.conf.erb
index 10bf1fe..19aa204 100644
--- a/templates/kdc.conf.erb
+++ b/templates/kdc.conf.erb
@@ -1,3 +1,21 @@
+<% if scope.lookupvar('::osfamily') == 'debian' -%>
+[kdcdefaults]
+    kdc_ports = 750,88
+
+[realms]
+    <%= @realm -%> = {
+        database_name = /var/lib/krb5kdc/principal
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/stash
+        kdc_ports = 750,88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
+        default_principal_flags = +preauth
+    }
+<% elsif scope.lookupvar('::osfamily') == 'redhat' -%>
 [kdcdefaults]
  kdc_ports = 88
  kdc_tcp_ports = 88
@@ -10,3 +28,4 @@
   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
   supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
  }
+<% end -%>