Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

Cloudera Altus Cloud - Kerberized Cluster

Highlighted

Cloudera Altus Cloud - Kerberized Cluster

New Contributor

Dear All,

 

I have found documentation about Cloudera Altus Director and Kerberized clusters.

Is it possible to build a Kerberized Cluster using Cloudera Altus Cloud? If yes, can anyone share docs regarding this procedure?

 

Thanks

Roberto

2 REPLIES 2

Re: Cloudera Altus Cloud - Kerberized Cluster

Contributor

This probably belongs in Altus Cloud Services QA rather than the Altus Director board.

 

https://community.cloudera.com/t5/Cloudera-Altus-Cloud-Services-Q/qa-p/Altus

 

Yes it's possible to create a Kerberized cluster by using a 'secured' environment. You can see refer to the documentation here for more details:

 

https://www.cloudera.com/documentation/altus/topics/alt_environment_intro.html#secure_clusters

Re: Cloudera Altus Cloud - Kerberized Cluster

Explorer

Hi,

 

    It is possible. I use Coudera Altus Director REST API and templates. Example template for deployment below:

 

{
"configs": {
"CLOUDERA_MANAGER": {
"KDC_TYPE": "MIT KDC",
"KDC_HOST": "director.{{ env_name }}.{{ env_domain }}",
"KRB_MANAGE_KRB5_CONF": "true",
"KRB_ENC_TYPES": "rc4-hmac des3-hmac-sha1 arcfour-hmac des-hmac-sha1 des-cbc-md5 des-cbc-crc",
"SECURITY_REALM": "DIRECTOR.{{ env_name | upper }}.{{ env_domain | upper }}"
}
},
"csds": [],
"enableEnterpriseTrial": false,
"unlimitedJce": true,
"tlsEnabled": true,
"krbAdminUsername": "{{ cloudera_kerberos_user }}@DIRECTOR.{{ env_name | upper }}.{{ env_domain | upper }}",
"krbAdminPassword": "{{ cloudera_kerberos_password }}",
"externalAccounts": {},
"externalDatabaseTemplates": {
"ACTIVITYMONITOR": {
"name": "cmamtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "am"
},
"NAVIGATORMETASERVER": {
"name": "cmnavmetatemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "navmeta"
},
"REPORTSMANAGER": {
"name": "cmrmtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "rm"
},
"NAVIGATOR": {
"name": "cmnavtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "nav"
},
"CLOUDERA_MANAGER": {
"name": "cmtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "scm"
}
},
"externalDatabases": {},
"javaInstallationStrategy": "AUTO",
"managerVirtualInstance": {
"id": "{{ 99999999 | random | to_uuid }}",
"template": {
"bootstrapScripts": [],
"config": {
"ebsOptimized": "false",
"ebsVolumeCount": "0",
"ebsVolumeSizeGiB": "500",
"ebsVolumeType": "st1",
"enableEbsEncryption": "false",
"instanceNamePrefix": "cloudera-manager-{{ env_name }}",
"rootVolumeSizeGB": "50",
"rootVolumeType": "gp2",
"securityGroupsIds": "{{ aws_properties.global.cloudera_director_sg_id }}",
"subnetId": "{{ aws_properties.global.cloudera_director_subnet_id }}",
"useSpotInstances": "false"
},
"image": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_manager_ami_name }}",
"name": "cm-template",
"normalizeInstance": true,
"rackId": "/default",
"sshHostKeyRetrievalType": "NONE",
"tags": {},
"type": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_manager_ec2_type }}"
}
},
"name": "{{ cloudera_director_deployment_name }}",
"password": "{{ cloudera_director_api_password }}",
"postCreateScripts": [],
"repository": "https://archive.cloudera.com/cm6/6.2.0/redhat7/yum",
"tlsConfigurationProperties": {},
"username": "{{ cloudera_director_api_user }}"
}

 

Then I use ansible to send POST to Cloudera Director.

 

Regards,

 

Bart