================================ Cluster-DR ==================================== Cluster-DR --> krb5.conf file cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = HORTONWORKS.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] HORTONWORKS.COM = { kdc = ambarinode.myhadoop.com admin_server = ambarinode.myhadoop.com } EXAMPLE.COM = { admin_server = ambaristandby.myhadoop.com kdc = ambaristandby.myhadoop.com } [domain_realm] ambarinode.myhadoop.com = HORTONWORKS.COM ambaristandby.myhadoop.com = EXAMPLE.COM [capaths] HORTONWORKS.COM = { EXAMPLE.COM = . } kadmin.local: list_principals HTTP/ambarinode.myhadoop.com@HORTONWORKS.COM HTTP/dn1.myhadoop.com@HORTONWORKS.COM HTTP/dn2.myhadoop.com@HORTONWORKS.COM HTTP/dn3.myhadoop.com@HORTONWORKS.COM HTTP/ms.myhadoop.com@HORTONWORKS.COM K/M@HORTONWORKS.COM admin/admin@HORTONWORKS.COM ambari-qa-dr@HORTONWORKS.COM ambari-server-dr@HORTONWORKS.COM amshbase/ambarinode.myhadoop.com@HORTONWORKS.COM amszk/ambarinode.myhadoop.com@HORTONWORKS.COM dn/dn1.myhadoop.com@HORTONWORKS.COM dn/dn2.myhadoop.com@HORTONWORKS.COM dn/dn3.myhadoop.com@HORTONWORKS.COM hdfs-dr@HORTONWORKS.COM jhs/ms.myhadoop.com@HORTONWORKS.COM jn/ambarinode.myhadoop.com@HORTONWORKS.COM jn/dn1.myhadoop.com@HORTONWORKS.COM jn/ms.myhadoop.com@HORTONWORKS.COM kadmin/admin@HORTONWORKS.COM kadmin/ambarinode.myhadoop.com@HORTONWORKS.COM kadmin/changepw@HORTONWORKS.COM krbtgt/EXAMPLE.COM@HORTONWORKS.COM krbtgt/HORTONWORKS.COM@EXAMPLE.COM krbtgt/HORTONWORKS.COM@HORTONWORKS.COM nm/dn1.myhadoop.com@HORTONWORKS.COM nm/dn2.myhadoop.com@HORTONWORKS.COM nm/dn3.myhadoop.com@HORTONWORKS.COM nn/ambarinode.myhadoop.com@HORTONWORKS.COM nn/ms.myhadoop.com@HORTONWORKS.COM rm/ambarinode.myhadoop.com@HORTONWORKS.COM rm/ms.myhadoop.com@HORTONWORKS.COM root@HORTONWORKS.COM varnika1@HORTONWORKS.COM varnika@HORTONWORKS.COM yarn/ms.myhadoop.com@HORTONWORKS.COM zookeeper/ambarinode.myhadoop.com@HORTONWORKS.COM zookeeper/dn1.myhadoop.com@HORTONWORKS.COM zookeeper/ms.myhadoop.com@HORTONWORKS.COM kadmin.local: RULES: RULE:[1:$1@$0](ambari-qa-dr@HORTONWORKS.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](hdfs-dr@HORTONWORKS.COM)s/.*/hdfs/ RULE:[1:$1@$0](.*@HORTONWORKS.COM)s/@.*// RULE:[2:$1@$0](amshbase@HORTONWORKS.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@HORTONWORKS.COM)s/.*/ams/ RULE:[2:$1@$0](dn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](jhs@HORTONWORKS.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@HORTONWORKS.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](rm@HORTONWORKS.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@HORTONWORKS.COM)s/.*/yarn/ RULE:[1:$1@$0](ambari-qa-primary@EXAMPLE.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](hdfs-primary@EXAMPLE.COM)s/.*/hdfs/ RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](.*@EXAMPLE.COM)s/@.*// DEFAULT ============================================ Cluster-PRIMARY ================================================ Cluster-PRIMARY --> krb5.conf file cat /etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = EXAMPLE.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] EXAMPLE.COM = { admin_server = ambaristandby.myhadoop.com kdc = ambaristandby.myhadoop.com } HORTONWORKS.COM = { kdc = ambarinode.myhadoop.com admin_server = ambarinode.myhadoop.com } [domain_realm] ambarinode.myhadoop.com = HORTONWORKS.COM ambaristandby.myhadoop.com = EXAMPLE.COM [capaths] EXAMPLE.COM = { HORTONWORKS.COM = . } kadmin.local: list_principals HTTP/ambaristandby.myhadoop.com@EXAMPLE.COM HTTP/standbydn1.myhadoop.com@EXAMPLE.COM HTTP/standbydn2.myhadoop.com@EXAMPLE.COM HTTP/standbydn3.myhadoop.com@EXAMPLE.COM HTTP/standbyms.myhadoop.com@EXAMPLE.COM K/M@EXAMPLE.COM admin/admin@EXAMPLE.COM ambari-qa-primary@EXAMPLE.COM ambari-server-primary@EXAMPLE.COM amshbase/ambaristandby.myhadoop.com@EXAMPLE.COM amszk/ambaristandby.myhadoop.com@EXAMPLE.COM dn/standbydn1.myhadoop.com@EXAMPLE.COM dn/standbydn2.myhadoop.com@EXAMPLE.COM dn/standbydn3.myhadoop.com@EXAMPLE.COM hdfs-primary@EXAMPLE.COM jhs/standbyms.myhadoop.com@EXAMPLE.COM jn/ambaristandby.myhadoop.com@EXAMPLE.COM jn/dn1.myhadoop.com@EXAMPLE.COM jn/ms.myhadoop.com@EXAMPLE.COM jn/standbydn1.myhadoop.com@EXAMPLE.COM jn/standbyms.myhadoop.com@EXAMPLE.COM kadmin/admin@EXAMPLE.COM kadmin/ambaristandby.myhadoop.com@EXAMPLE.COM kadmin/changepw@EXAMPLE.COM krbtgt/EXAMPLE.COM@EXAMPLE.COM krbtgt/EXAMPLE.COM@HORTONWORKS.COM krbtgt/HORTONWORKS.COM@EXAMPLE.COM nm/standbydn1.myhadoop.com@EXAMPLE.COM nm/standbydn2.myhadoop.com@EXAMPLE.COM nm/standbydn3.myhadoop.com@EXAMPLE.COM nn/ambaristandby.myhadoop.com@EXAMPLE.COM nn/standbyms.myhadoop.com@EXAMPLE.COM rm/ambaristandby.myhadoop.com@EXAMPLE.COM rm/standbyms.myhadoop.com@EXAMPLE.COM root/admin@EXAMPLE.COM root/ambaristandby.myhadoop.com@EXAMPLE.COM root@EXAMPLE.COM varnika@EXAMPLE.COM yarn/standbyms.myhadoop.com@EXAMPLE.COM zookeeper/ambaristandby.myhadoop.com@EXAMPLE.COM zookeeper/standbydn1.myhadoop.com@EXAMPLE.COM zookeeper/standbyms.myhadoop.com@EXAMPLE.COM kadmin.local: RULES: RULE:[1:$1@$0](ambari-qa-primary@EXAMPLE.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](hdfs-primary@EXAMPLE.COM)s/.*/hdfs/ RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ RULE:[1:$1@$0](ambari-qa-dr@HORTONWORKS.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](hdfs-dr@HORTONWORKS.COM)s/.*/hdfs/ RULE:[1:$1@$0](.*@HORTONWORKS.COM)s/@.*// RULE:[2:$1@$0](amshbase@HORTONWORKS.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@HORTONWORKS.COM)s/.*/ams/ RULE:[2:$1@$0](dn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](jhs@HORTONWORKS.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@HORTONWORKS.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@HORTONWORKS.COM)s/.*/hdfs/ RULE:[2:$1@$0](rm@HORTONWORKS.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@HORTONWORKS.COM)s/.*/yarn/ RULE:[2:$1@$0](.*@HORTONWORKS.COM)s/@.*// DEFAULT