From f3f5b2709b566ffa643b6b2bbfcd8ffc97689e16 Mon Sep 17 00:00:00 2001 From: zeekling Date: Fri, 15 Jul 2022 21:19:10 +0800 Subject: [PATCH] add kerberos docker --- kerberos/Dockerfile | 40 +++++++++++++++++++++++++++++++++++++++ kerberos/client/krb5.conf | 18 ++++++++++++++++++ kerberos/run.sh | 7 +++++++ kerberos/server/kadm5.acl | 1 + kerberos/server/krb5.conf | 14 ++++++++++++++ kerberos/start.sh | 30 +++++++++++++++++++++++++++++ kerberos/supervisord.conf | 23 ++++++++++++++++++++++ 7 files changed, 133 insertions(+) create mode 100644 kerberos/Dockerfile create mode 100644 kerberos/client/krb5.conf create mode 100755 kerberos/run.sh create mode 100644 kerberos/server/kadm5.acl create mode 100644 kerberos/server/krb5.conf create mode 100755 kerberos/start.sh create mode 100644 kerberos/supervisord.conf diff --git a/kerberos/Dockerfile b/kerberos/Dockerfile new file mode 100644 index 0000000..7c4f9f9 --- /dev/null +++ b/kerberos/Dockerfile @@ -0,0 +1,40 @@ +FROM ubuntu:xenial + +ENV DEBIAN_FRONTEND noninteractive + + +RUN sed -i s@/archive.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list + +RUN sed -i s@/security.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list + +RUN apt clean + +RUN apt update + +RUN apt install -y ntp python-dev python-pip python-wheel python-setuptools python-pkg-resources krb5-admin-server krb5-kdc + +RUN apt install vim -y + +RUN rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /var/log/supervisord/ + +RUN mkdir /app/ + +RUN pip install supervisor==4.2.4 + +COPY ./server/krb5.conf /etc/krb5kdc/kdc.conf + +COPY ./server/kadm5.acl /etc/krb5kdc/kadm5.acl + +COPY ./client/krb5.conf /etc/krb5.conf + +COPY ./start.sh /app/start.sh + +COPY ./supervisord.conf /etc/supervisord.conf + +WORKDIR /app + +CMD ["/bin/bash", "/app/start.sh"] + + diff --git a/kerberos/client/krb5.conf b/kerberos/client/krb5.conf new file mode 100644 index 0000000..e6248e0 --- /dev/null +++ b/kerberos/client/krb5.conf @@ -0,0 +1,18 @@ +[logging] +default = FILE:/var/log/krb5libs.log +kdc = FILE:/var/log/krb5kdc.log +admin_server = FILE:/var/log/kadmind.log + +[libdefaults] +default_realm = HADOOP.COM +dns_lookup_realm = false +dns_lookup_kdc = false +ticket_lifetime = 24h +renew_lifetime = 7d +forwardable = true + +[realms] +HADOOP.COM = { + kdc = krb5-kdc-server:88 + admin_server = krb5-kdc-server +} diff --git a/kerberos/run.sh b/kerberos/run.sh new file mode 100755 index 0000000..052c69b --- /dev/null +++ b/kerberos/run.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +docker stop kerberos + +docker rm kerberos + +docker run -d --name=kerberos kerberos:1.0.0 diff --git a/kerberos/server/kadm5.acl b/kerberos/server/kadm5.acl new file mode 100644 index 0000000..3673218 --- /dev/null +++ b/kerberos/server/kadm5.acl @@ -0,0 +1 @@ +*/admin@HADOOP.COM * diff --git a/kerberos/server/krb5.conf b/kerberos/server/krb5.conf new file mode 100644 index 0000000..be08703 --- /dev/null +++ b/kerberos/server/krb5.conf @@ -0,0 +1,14 @@ +[kdcdefaults] +kdc_ports = 88 +kdc_tcp_ports = 88 + +[realms] +HADOOP.COM = { + #master_key_type = aes256-cts + acl_file = /etc/krb5kdc/kadm5.acl + dict_file = /usr/share/dict/words + admin_keytab = /var/krb5kdc/kadm5.keytab + max_renewable_life = 7d 0h 0m 0s + supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal +} + diff --git a/kerberos/start.sh b/kerberos/start.sh new file mode 100755 index 0000000..ad5e3fe --- /dev/null +++ b/kerberos/start.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +FQDN="hadoop.com" +ADMIN="admin" +PASS="airflow" + +KRB5_KTNAME=/etc/admin.keytab + +cat /etc/hosts + +echo "hostname: ${FQDN}" + +# create kerberos database +echo -e "${PASS}\n${PASS}" | kdb5_util create -s + +# create admin +echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc ${ADMIN}/admin" + +# create airflow +echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc -randkey airflow" + +echo -e "${PASS}\n${PASS}" | kadmin.local -q "addprinc -randkey airflow/${FQDN}" + +kadmin.local -q "ktadd -k ${KRB5_KTNAME} airflow" + +kadmin.local -q "ktadd -k ${KRB5_KTNAME} airflow/${FQDN}" + + +/usr/local/bin/supervisord -n -c /etc/supervisord.conf + diff --git a/kerberos/supervisord.conf b/kerberos/supervisord.conf new file mode 100644 index 0000000..699f8b7 --- /dev/null +++ b/kerberos/supervisord.conf @@ -0,0 +1,23 @@ +[supervisord] +logfile=/var/log/supervisord/supervisord.log ; supervisord log file +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error ; info, debug, warn, trace +pidfile=/var/run/supervisord.pid ; pidfile location +nodaemon=false ; run supervisord as a daemon +minfds=1024 ; number of startup file descriptors +minprocs=200 ; number of process descriptors +user=root ; default user +childlogdir=/var/log/supervisord/ ; where child log files will live + +[program:krb5-kdc] +command=service krb5-kdc start +autostart=true +autorestart=true + +[program:krb5-admin-server] +command=service krb5-admin-server start +autostart=true +autorestart=true + +[supervisorctl]