Support Questions
Find answers, ask questions, and share your expertise

Customized service accounts with Ambari BluePrint

Solved Go to solution

Customized service accounts with Ambari BluePrint

Contributor

How can I Provide customized service accounts in Ambari Blueprint.Any references can help us.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Customized service accounts with Ambari BluePrint

New Contributor

@avoma @Artem Ervits

The Blueprint API Doesn't cover how to set custom service accounts like :

hdptest-ambari-qa instead of ambari-qa as smokeuser.

We can do this using Service accounts in Ambari UI. But Through blueprint it should be with <app>-env properties like :

"core-site" : {
  "properties" : {
  "hadoop.proxyuser.{{ cluster_name }}-hcat.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hcat.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.hosts" : "*"
}}
"hadoop-env": {
  "properties": {
     "hdfs_user" : "{{ cluster_name }}-hdfs"
 }}
"hive-env" : {
  "properties" : {
     "webhcat_user" : "{{ cluster_name }}-hcat",
     "hive_user" : "{{ cluster_name }}-hive",
     "hcat_user" : "{{ cluster_name }}-hcat"
}}

View solution in original post

4 REPLIES 4
Highlighted

Re: Customized service accounts with Ambari BluePrint

Mentor

here's blueprint reference api. @avoma

Highlighted

Re: Customized service accounts with Ambari BluePrint

New Contributor

@avoma @Artem Ervits

The Blueprint API Doesn't cover how to set custom service accounts like :

hdptest-ambari-qa instead of ambari-qa as smokeuser.

We can do this using Service accounts in Ambari UI. But Through blueprint it should be with <app>-env properties like :

"core-site" : {
  "properties" : {
  "hadoop.proxyuser.{{ cluster_name }}-hcat.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hcat.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.hosts" : "*"
}}
"hadoop-env": {
  "properties": {
     "hdfs_user" : "{{ cluster_name }}-hdfs"
 }}
"hive-env" : {
  "properties" : {
     "webhcat_user" : "{{ cluster_name }}-hcat",
     "hive_user" : "{{ cluster_name }}-hive",
     "hcat_user" : "{{ cluster_name }}-hcat"
}}

View solution in original post

Highlighted

Re: Customized service accounts with Ambari BluePrint

Thanks All !!

Let me try...Appreciate your help.

Highlighted

Re: Customized service accounts with Ambari BluePrint

I set below properties in blueprint still its creating some groups and users

{
"kafka-env" : {
"properties_attributes" : { },
"properties" : {
"kafka_user" : "{{ ambari_user_prefix }}-kafka"
}}},
{
"ams-env" : {
"properties_attributes" : { },
"properties" : {
"ambari_metrics_user" : "{{ ambari_user_prefix }}-ams"
}
}},
{
"zookeeper-env" : {
"properties_attributes" : { },
"properties" : {
"zk_user" : "{{ ambari_user_prefix }}-zookeeper"
}}},
{
"cluster-env" : {
"properties_attributes" : { },
"properties" : {
"user_group" : "{{ ambari_user_prefix }}-hadoop",
"smokeuser" : "{{ ambari_user_prefix }}-ambari-qa"

}},{
"hbase-env" : {
"properties_attributes" : { },
"properties" : {
"hbase_user" : "{{ ambari_user_prefix }}-hbase",
}}},
{
"hadoop-env" : {
"properties_attributes" : { },
"properties" : {
"hdfs_user" : "{{ ambari_user_prefix }}-hdfs",
}}},

{
"hdfs-site" : {
"properties" : {
"dfs.permissions.superusergroup" : "{{ ambari_user_prefix }}-hdfs",
"dfs.cluster.administrators" : " {{ ambari_user_prefix }}-hdfs",
"dfs.block.local-path-access.user" : "{{ ambari_user_prefix }}-hbase"

}}

{
"kafka-broker" : {
"properties" : {
"kafka.ganglia.metrics.group" : "{{ ambari_user_prefix }}-kafka"

}

{
"core-site" : {
"properties" : {
"hadoop.proxyuser.{{ ambari_user_prefix }}-hbase.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hbase.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hdfs.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hdfs.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-kafka.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-kafka.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-zookeeper.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-zookeeper.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-mapred.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-mapred.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-yarn.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-yarn.hosts" : "*",

"fs.defaultFS" : "hdfs://{{ ambari_cluster_name }}",
"ha.zookeeper.quorum" : "%HOSTGROUP::master_0%:12181,%HOSTGROUP::master_1%:12181,%HOSTGROUP::master_2%:12181"
}

Groups created

vcp-9999-hdfs:x:16031:vcp-9999-hdfs
vcp-9999-hadoop:x:16032:vcp-9999-zookeeper,vcp-9999-hbase,vcp-9999-kafka,vcp-9999-ams,vcp-9999-hdfs
zookeeper:x:498:
hadoop:x:497:
yarn:x:496:
mapred:x:495:
hdfs:x:494:

Users created
vcp-9999-zookeeper:x:16028:16032::/home/vcp-9999-zookeeper:/bin/bash
vcp-9999-hbase:x:16031:16032::/home/vcp-9999-hbase:/bin/bash
vcp-9999-ambari-qa:x:16034:16032::/home/vcp-9999-ambari-qa:/bin/bash
vcp-9999-kafka:x:16035:16032::/home/vcp-9999-kafka:/bin/bash
vcp-9999-ams:x:16038:16032::/home/vcp-9999-ams:/bin/bash
vcp-9999-hdfs:x:16039:16032::/home/vcp-9999-hdfs:/bin/bash
kafka:x:995:492:KAFKA:/home/kafka:/bin/bash

Can any one help to explain that why groups and users created ( in bold text) even though I have added properties.

How can we remove these users at the time of creation.

Thanks!

Don't have an account?