linux/dockerFiles
1
1
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

add kerberos docker

Browse Source
This commit is contained in:
LingZhaoHui 2022-07-15 23:42:47 +08:00
parent f3f5b2709b
commit efdbb344db
4 changed files with 31 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kerberos/client/krb5.conf
View File

@ -4,7 +4,7 @@ kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] [libdefaults]
default_realm = HADOOP.COM default_realm = TEST.COM
dns_lookup_realm = false dns_lookup_realm = false
dns_lookup_kdc = false dns_lookup_kdc = false
ticket_lifetime = 24h ticket_lifetime = 24h
@ -12,7 +12,7 @@ renew_lifetime = 7d
forwardable = true forwardable = true
[realms] [realms]
HADOOP.COM = { TEST.COM = {
kdc = krb5-kdc-server:88 kdc = krb5-kdc-server:88
admin_server = krb5-kdc-server admin_server = krb5-kdc-server
} }

2
kerberos/server/kadm5.acl
View File

@ -1 +1 @@
*/admin@HADOOP.COM * */admin@TEST.COM *

2
kerberos/server/krb5.conf
View File

@ -3,7 +3,7 @@ kdc_ports = 88
kdc_tcp_ports = 88 kdc_tcp_ports = 88
[realms] [realms]
HADOOP.COM = { TEST.COM = {
#master_key_type = aes256-cts #master_key_type = aes256-cts
acl_file = /etc/krb5kdc/kadm5.acl acl_file = /etc/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words dict_file = /usr/share/dict/words

44
kerberos/start.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
FQDN="hadoop.com" FQDN="test.com"
ADMIN="admin" ADMIN="admin"
PASS="airflow" PASS="Admin12!"
KRB5_KTNAME=/etc/admin.keytab KRB5_KTNAME=/etc/admin.keytab
@ -10,21 +10,31 @@ cat /etc/hosts
echo "hostname: ${FQDN}" echo "hostname: ${FQDN}"
# create kerberos database inited="/app/inited"
echo -e "${PASS}\n${PASS}" | kdb5_util create -s
# create admin function init_user() {
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc ${ADMIN}/admin" if [ -f "${inited}" ];then
echo "user inited"
return;
fi
echo "begin init user"
# create kerberos database
echo -e "${PASS}\n${PASS}" | kdb5_util create -s
# create admin
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc ${ADMIN}/admin"
# create hadoop
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc hadoop"
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc hadoop/${FQDN}"
kadmin.local -q "ktadd -norandkey -k ${KRB5_KTNAME} hadoop"
kadmin.local -q "ktadd -norandkey -k ${KRB5_KTNAME} hadoop/${FQDN}"
kadmin.local -q "xst -k /app/hadoop.keytab -norandkey hadoop/${FQDN}"
touch "${inited}"
echo "user inite success"
}
# create airflow function main() {
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc -randkey airflow" init_user
/usr/local/bin/supervisord -n -c /etc/supervisord.conf
echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc -randkey airflow/${FQDN}" }
kadmin.local -q "ktadd -k ${KRB5_KTNAME} airflow"
kadmin.local -q "ktadd -k ${KRB5_KTNAME} airflow/${FQDN}"
/usr/local/bin/supervisord -n -c /etc/supervisord.conf
main