How to enable kerbros on a BDA and how to add users

Enable kerberos on BDA along with installing MIT KDC servers on BDA
Instructions to Enable Kerberos on Oracle Big Data Appliance with Mammoth V3.1/V4.* Release ( Doc ID 1919445.1 )

Note: Because of some bugs make sure to disable Sentry first before running.
Run the below and follow the process

# bdacli enable kerberos
INFO: Logging all actions in /opt/oracle/BDAMammoth/bdaconfig/tmp/n01-20160118120613.log and traces in /opt/oracle/BDAMammoth/bdaconfig/tmp/n01-20160118120613.trc
INFO: This is the install of the primary rack
INFO: Checking if password-less ssh is set up
INFO: Executing checkRoot.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Executed checkRoot.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
INFO: Executing checkSSHAllNodes.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Executed checkSSHAllNodes.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
INFO: Reading component versions from /opt/oracle/BDAMammoth/bdaconfig/COMPONENTS
INFO: Creating nodelist files...
INFO: Checking if password-less ssh is set up
INFO: Executing checkRoot.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Executed checkRoot.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
INFO: Executing checkSSHAllNodes.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Executed checkSSHAllNodes.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Password-less root SSH is setup.

 Do you wish to enable network encryption (yes/no): no

 Do you wish to enable Sentry authorization on your cluster (yes/no): no 

 Do you want to setup KDC on a BDA node (yes/no): yes

 Please enter the realm name: DEVTECH101.COM

 Enter password for Kerberos database: 
 Enter password again: WARNING: The password for the oracle OS user is missing from the parameters file and is required for the installation.
Enter password: 
Enter password again: 
INFO: Checking password on node n01
INFO: Password verified on node n01
INFO: Checking password on node n02
INFO: Password verified on node n02
INFO: Checking password on node n03
INFO: Password verified on node n03
INFO: Checking password on node n04
INFO: Password verified on node n04
INFO: Checking password on node n05
INFO: Password verified on node n05
INFO: Checking password on node n06
INFO: Password verified on node n06
WARNING: The password for the Cloudera Manager admin user is missing from the parameters file and is required for the installation.
Enter password: 
Enter password again: 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     3    0     3    0     0    804      0 --:--:-- --:--:-- --:--:--  1500
WARNING: The password for the MySQL root user is missing from the parameters file and is required for the installation.
Enter password: 
Enter password again: 
INFO: Executing verifyMySQLPasswd.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
SUCCESS: Executed verifyMySQLPasswd.sh on nodes /opt/oracle/BDAMammoth/bdaconfig/tmp/all_nodes #Step -1#
[..]snip

Once install is completed, Re-enable Sentry support

cd /opt/oracle/BDAMammoth
./mammoth-reconfig add sentry

How to Create and Add a User to a Secure Cluster with Kerberos for Oracle Big Data Appliance v2.3.1 and Higher. (Doc ID 1600752.1)

0 0 votes

Article Rating

Like this:

Related

Share this:

Like this:

Related