From ae4eae47ed8d894e49952f6efc49fc2b98794c3c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= Date: Wed, 7 Jan 2015 22:49:22 +0100 Subject: [PATCH] Initial support for creating testing KDC server on Fedora. --- manifests/kdc.pp | 13 +++++++++++++ manifests/kdc/config.pp | 23 +++++++++++++++++++++++ manifests/kdc/install.pp | 5 +++++ manifests/kdc/params.pp | 8 ++++++++ manifests/kdc/service.pp | 8 ++++++++ templates/kdc.conf.erb | 12 ++++++++++++ templates/krb5.conf.erb | 17 +++++++++++++++++ 7 files changed, 86 insertions(+) create mode 100644 manifests/kdc.pp create mode 100644 manifests/kdc/config.pp create mode 100644 manifests/kdc/install.pp create mode 100644 manifests/kdc/params.pp create mode 100644 manifests/kdc/service.pp create mode 100644 templates/kdc.conf.erb create mode 100644 templates/krb5.conf.erb diff --git a/manifests/kdc.pp b/manifests/kdc.pp new file mode 100644 index 0000000..dce3cfe --- /dev/null +++ b/manifests/kdc.pp @@ -0,0 +1,13 @@ +class site_hadoop::kdc ( + $realm = $site_hadoop::kdc::params::realm, + $master_password = $site_hadoop::kdc::params::master_password, +) inherits site_hadoop::kdc::params { + + include site_hadoop::kdc::install + include site_hadoop::kdc::config + include site_hadoop::kdc::service + + Class['site_hadoop::kdc::install'] -> + Class['site_hadoop::kdc::config'] ~> + Class['site_hadoop::kdc::service'] +} diff --git a/manifests/kdc/config.pp b/manifests/kdc/config.pp new file mode 100644 index 0000000..119754b --- /dev/null +++ b/manifests/kdc/config.pp @@ -0,0 +1,23 @@ +class site_hadoop::kdc::config { + $realm = $site_hadoop::kdc::realm + $domain = $site_hadoop::kdc::domain + $kdcserver = $site_hadoop::kdc::kdcserver + + file { '/etc/krb5.conf': + mode => '0644', + content => template('site_hadoop/krb5.conf.erb'), + } + + file { '/var/kerberos/krb5kdc/kdc.conf': + mode => '0600', + content => template('site_hadoop/kdc.conf.erb'), + } + + exec { 'kdb5_util-create': + command => "kdb5_util create -s -P ${site_hadoop::kdc::master_password}", + path => '/sbin:/usr/sbin:/bin:/usr/bin', + creates => '/var/kerberos/krb5kdc/principal', + } + File['/etc/krb5.conf'] -> Exec['kdb5_util-create'] + File['/var/kerberos/krb5kdc/kdc.conf'] -> Exec['kdb5_util-create'] +} diff --git a/manifests/kdc/install.pp b/manifests/kdc/install.pp new file mode 100644 index 0000000..aabbbbf --- /dev/null +++ b/manifests/kdc/install.pp @@ -0,0 +1,5 @@ +class site_hadoop::kdc::install { + if $site_hadoop::kdc::kdc_packages { + ensure_packages($site_hadoop::kdc::kdc_packages) + } +} diff --git a/manifests/kdc/params.pp b/manifests/kdc/params.pp new file mode 100644 index 0000000..b74a1f2 --- /dev/null +++ b/manifests/kdc/params.pp @@ -0,0 +1,8 @@ +class site_hadoop::kdc::params { + $kdc_packages = $::osfamily ? { + redhat => ['krb5-server', 'krb5-workstation'], + } + $realm = 'HADOOP' + $kdcserver = $::fqdn + $master_password = '12345' +} diff --git a/manifests/kdc/service.pp b/manifests/kdc/service.pp new file mode 100644 index 0000000..393e6d0 --- /dev/null +++ b/manifests/kdc/service.pp @@ -0,0 +1,8 @@ +class site_hadoop::kdc::service { + service{'kadmin': + ensure => running, + } + service{'krb5kdc': + ensure => running, + } +} diff --git a/templates/kdc.conf.erb b/templates/kdc.conf.erb new file mode 100644 index 0000000..10bf1fe --- /dev/null +++ b/templates/kdc.conf.erb @@ -0,0 +1,12 @@ +[kdcdefaults] + kdc_ports = 88 + kdc_tcp_ports = 88 + +[realms] + <%= @realm -%> = { + #master_key_type = aes256-cts + acl_file = /var/kerberos/krb5kdc/kadm5.acl + dict_file = /usr/share/dict/words + admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab + supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal + } diff --git a/templates/krb5.conf.erb b/templates/krb5.conf.erb new file mode 100644 index 0000000..e1e275c --- /dev/null +++ b/templates/krb5.conf.erb @@ -0,0 +1,17 @@ +[libdefaults] + default_realm = <%= @realm %> + + dns_lookup_kdc = no + dns_lookup_realm = no + dns_fallback = no + +[realms] + <%= @realm %> = { + kdc = <%= @kdcserver -%>:88 + admin_server = <%= @kdcserver -%>:749 + default_domain = <%= @domain %> + } + +[domain_realm] + .<%= @domain %> = <%= @realm %> + <%= @domain %> = <%= @realm %> -- 1.8.2.3