Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Customized service accounts with Ambari BluePrint

Solved Go to solution

Customized service accounts with Ambari BluePrint

Contributor

How can I Provide customized service accounts in Ambari Blueprint.Any references can help us.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Customized service accounts with Ambari BluePrint

New Contributor

@avoma @Artem Ervits

The Blueprint API Doesn't cover how to set custom service accounts like :

hdptest-ambari-qa instead of ambari-qa as smokeuser.

We can do this using Service accounts in Ambari UI. But Through blueprint it should be with <app>-env properties like :

"core-site" : {
  "properties" : {
  "hadoop.proxyuser.{{ cluster_name }}-hcat.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hcat.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.hosts" : "*"
}}
"hadoop-env": {
  "properties": {
     "hdfs_user" : "{{ cluster_name }}-hdfs"
 }}
"hive-env" : {
  "properties" : {
     "webhcat_user" : "{{ cluster_name }}-hcat",
     "hive_user" : "{{ cluster_name }}-hive",
     "hcat_user" : "{{ cluster_name }}-hcat"
}}
4 REPLIES 4

Re: Customized service accounts with Ambari BluePrint

Mentor

here's blueprint reference api. @avoma

Re: Customized service accounts with Ambari BluePrint

New Contributor

@avoma @Artem Ervits

The Blueprint API Doesn't cover how to set custom service accounts like :

hdptest-ambari-qa instead of ambari-qa as smokeuser.

We can do this using Service accounts in Ambari UI. But Through blueprint it should be with <app>-env properties like :

"core-site" : {
  "properties" : {
  "hadoop.proxyuser.{{ cluster_name }}-hcat.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hcat.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.groups" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hdfs.hosts" : "*",
  "hadoop.proxyuser.{{ cluster_name }}-hive.hosts" : "*"
}}
"hadoop-env": {
  "properties": {
     "hdfs_user" : "{{ cluster_name }}-hdfs"
 }}
"hive-env" : {
  "properties" : {
     "webhcat_user" : "{{ cluster_name }}-hcat",
     "hive_user" : "{{ cluster_name }}-hive",
     "hcat_user" : "{{ cluster_name }}-hcat"
}}
Highlighted

Re: Customized service accounts with Ambari BluePrint

New Contributor

Thanks All !!

Let me try...Appreciate your help.

Re: Customized service accounts with Ambari BluePrint

New Contributor

I set below properties in blueprint still its creating some groups and users

{
"kafka-env" : {
"properties_attributes" : { },
"properties" : {
"kafka_user" : "{{ ambari_user_prefix }}-kafka"
}}},
{
"ams-env" : {
"properties_attributes" : { },
"properties" : {
"ambari_metrics_user" : "{{ ambari_user_prefix }}-ams"
}
}},
{
"zookeeper-env" : {
"properties_attributes" : { },
"properties" : {
"zk_user" : "{{ ambari_user_prefix }}-zookeeper"
}}},
{
"cluster-env" : {
"properties_attributes" : { },
"properties" : {
"user_group" : "{{ ambari_user_prefix }}-hadoop",
"smokeuser" : "{{ ambari_user_prefix }}-ambari-qa"

}},{
"hbase-env" : {
"properties_attributes" : { },
"properties" : {
"hbase_user" : "{{ ambari_user_prefix }}-hbase",
}}},
{
"hadoop-env" : {
"properties_attributes" : { },
"properties" : {
"hdfs_user" : "{{ ambari_user_prefix }}-hdfs",
}}},

{
"hdfs-site" : {
"properties" : {
"dfs.permissions.superusergroup" : "{{ ambari_user_prefix }}-hdfs",
"dfs.cluster.administrators" : " {{ ambari_user_prefix }}-hdfs",
"dfs.block.local-path-access.user" : "{{ ambari_user_prefix }}-hbase"

}}

{
"kafka-broker" : {
"properties" : {
"kafka.ganglia.metrics.group" : "{{ ambari_user_prefix }}-kafka"

}

{
"core-site" : {
"properties" : {
"hadoop.proxyuser.{{ ambari_user_prefix }}-hbase.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hbase.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hdfs.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-hdfs.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-kafka.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-kafka.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-zookeeper.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-zookeeper.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-mapred.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-mapred.hosts" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-yarn.groups" : "*",
"hadoop.proxyuser.{{ ambari_user_prefix }}-yarn.hosts" : "*",

"fs.defaultFS" : "hdfs://{{ ambari_cluster_name }}",
"ha.zookeeper.quorum" : "%HOSTGROUP::master_0%:12181,%HOSTGROUP::master_1%:12181,%HOSTGROUP::master_2%:12181"
}

Groups created

vcp-9999-hdfs:x:16031:vcp-9999-hdfs
vcp-9999-hadoop:x:16032:vcp-9999-zookeeper,vcp-9999-hbase,vcp-9999-kafka,vcp-9999-ams,vcp-9999-hdfs
zookeeper:x:498:
hadoop:x:497:
yarn:x:496:
mapred:x:495:
hdfs:x:494:

Users created
vcp-9999-zookeeper:x:16028:16032::/home/vcp-9999-zookeeper:/bin/bash
vcp-9999-hbase:x:16031:16032::/home/vcp-9999-hbase:/bin/bash
vcp-9999-ambari-qa:x:16034:16032::/home/vcp-9999-ambari-qa:/bin/bash
vcp-9999-kafka:x:16035:16032::/home/vcp-9999-kafka:/bin/bash
vcp-9999-ams:x:16038:16032::/home/vcp-9999-ams:/bin/bash
vcp-9999-hdfs:x:16039:16032::/home/vcp-9999-hdfs:/bin/bash
kafka:x:995:492:KAFKA:/home/kafka:/bin/bash

Can any one help to explain that why groups and users created ( in bold text) even though I have added properties.

How can we remove these users at the time of creation.

Thanks!

Don't have an account?
Coming from Hortonworks? Activate your account here