Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudera Altus Cloud - Kerberized Cluster

Highlighted

Cloudera Altus Cloud - Kerberized Cluster

New Contributor

Dear All,

 

I have found documentation about Cloudera Altus Director and Kerberized clusters.

Is it possible to build a Kerberized Cluster using Cloudera Altus Cloud? If yes, can anyone share docs regarding this procedure?

 

Thanks

Roberto

2 REPLIES 2

Re: Cloudera Altus Cloud - Kerberized Cluster

Contributor

This probably belongs in Altus Cloud Services QA rather than the Altus Director board.

 

https://community.cloudera.com/t5/Cloudera-Altus-Cloud-Services-Q/qa-p/Altus

 

Yes it's possible to create a Kerberized cluster by using a 'secured' environment. You can see refer to the documentation here for more details:

 

https://www.cloudera.com/documentation/altus/topics/alt_environment_intro.html#secure_clusters

Re: Cloudera Altus Cloud - Kerberized Cluster

Explorer

Hi,

 

    It is possible. I use Coudera Altus Director REST API and templates. Example template for deployment below:

 

{
"configs": {
"CLOUDERA_MANAGER": {
"KDC_TYPE": "MIT KDC",
"KDC_HOST": "director.{{ env_name }}.{{ env_domain }}",
"KRB_MANAGE_KRB5_CONF": "true",
"KRB_ENC_TYPES": "rc4-hmac des3-hmac-sha1 arcfour-hmac des-hmac-sha1 des-cbc-md5 des-cbc-crc",
"SECURITY_REALM": "DIRECTOR.{{ env_name | upper }}.{{ env_domain | upper }}"
}
},
"csds": [],
"enableEnterpriseTrial": false,
"unlimitedJce": true,
"tlsEnabled": true,
"krbAdminUsername": "{{ cloudera_kerberos_user }}@DIRECTOR.{{ env_name | upper }}.{{ env_domain | upper }}",
"krbAdminPassword": "{{ cloudera_kerberos_password }}",
"externalAccounts": {},
"externalDatabaseTemplates": {
"ACTIVITYMONITOR": {
"name": "cmamtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "am"
},
"NAVIGATORMETASERVER": {
"name": "cmnavmetatemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "navmeta"
},
"REPORTSMANAGER": {
"name": "cmrmtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "rm"
},
"NAVIGATOR": {
"name": "cmnavtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "nav"
},
"CLOUDERA_MANAGER": {
"name": "cmtemplate",
"databaseServerName": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_database_server_name }}",
"databaseNamePrefix": "scm"
}
},
"externalDatabases": {},
"javaInstallationStrategy": "AUTO",
"managerVirtualInstance": {
"id": "{{ 99999999 | random | to_uuid }}",
"template": {
"bootstrapScripts": [],
"config": {
"ebsOptimized": "false",
"ebsVolumeCount": "0",
"ebsVolumeSizeGiB": "500",
"ebsVolumeType": "st1",
"enableEbsEncryption": "false",
"instanceNamePrefix": "cloudera-manager-{{ env_name }}",
"rootVolumeSizeGB": "50",
"rootVolumeType": "gp2",
"securityGroupsIds": "{{ aws_properties.global.cloudera_director_sg_id }}",
"subnetId": "{{ aws_properties.global.cloudera_director_subnet_id }}",
"useSpotInstances": "false"
},
"image": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_manager_ami_name }}",
"name": "cm-template",
"normalizeInstance": true,
"rackId": "/default",
"sshHostKeyRetrievalType": "NONE",
"tags": {},
"type": "{{ aws_properties.cluster_types[cluster_type].deployment.cloudera_manager_ec2_type }}"
}
},
"name": "{{ cloudera_director_deployment_name }}",
"password": "{{ cloudera_director_api_password }}",
"postCreateScripts": [],
"repository": "https://archive.cloudera.com/cm6/6.2.0/redhat7/yum",
"tlsConfigurationProperties": {},
"username": "{{ cloudera_director_api_user }}"
}

 

Then I use ansible to send POST to Cloudera Director.

 

Regards,

 

Bart