Kerberos installation procedure explained

The ansible scripts that DP2 is using to boostrap Kerberos on the CDH cluster we are using are loosely based on two things:

The official documentation on Cloudera Kerberos manual
An open source script for bootstraping the CDH cluster found here

They are divided into three main steps:

Setting up the server

The ansible file can be found here.

It creates the the kerberos server machine, installing the appropriate packages and creating configuration files from templates. After that, it creates the initial users.

Setting up the clients

The ansible file can be found here.

It installs the client libraries on every machine and creates the krb5.conf file that is used by applications to get the kerberos setting in a given environment.

Enabling Kerberos support on the CDH cluster

The ansible file can be found here.

Since there is no one API call to enable Kerberos support, we are enabling it for each service and then generating the appropriate credentials. The whole process is available as a one-click wizard in the Cloudera Manager web interface.

Home | FAQs

Kerberos installation procedure explained

Setting up the server

Setting up the clients

Enabling Kerberos support on the CDH cluster

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!