Skip to content

Commit

Permalink
feat(efm): add efm
Browse files Browse the repository at this point in the history
  • Loading branch information
RISCH Francois committed Mar 21, 2024
1 parent 4d972b4 commit 1734e56
Show file tree
Hide file tree
Showing 19 changed files with 731 additions and 34 deletions.
10 changes: 10 additions & 0 deletions README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,16 @@ Given some machines, this script will **setup** all pre-requisites, **Install**,
| True
|

| ✓
| cdp-streaming-with-efm
| CDH 7.1.9.3 & CM 7.11.3.2
| RHEL 8.8
| Postgres 14
| MIT KDC
| True
| YCLOUD
| Use --jdk-version=17 (and a RHEL >= 8)

| ✓
| cdp-observability
| CDH 7.1.9.3 & CM 7.11.3
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-all-services-pvc-oc/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-all-services-pvc/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-all-services/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-basic-enc/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-basic/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-observability/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-pvc-oc/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
2 changes: 1 addition & 1 deletion ansible-cdp-pvc/extra_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ cloudera_manager_options:
message: ""

# MAIN PARAMETERS
jdk_version: 11
jdk_version: ${JDK_VERSION}
debug: ${DEBUG}
node_password: "${NODE_PASSWORD}"
node_key: ${NODE_KEY}
Expand Down
103 changes: 103 additions & 0 deletions ansible-cdp-streaming-with-efm/all
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
# Database configs

database_type: "{{ database_type }}"
database_version: "{{ database_version }}"
database_default_password: "{{ default_password }}"
database_host: "{{ groups['db_server'][0] | default('localhost') }}"

# Kerberos configs
skip_krb5_conf_distribution: "{{ free_ipa }}"
krb5_realm: "{{ realm_user }}"
krb5_kdc_admin_user: "{% if free_ipa == false %}cloudera-scm/{% endif %}admin@{{ krb5_realm }}"
krb5_kdc_admin_password: "{{ default_password }}"
krb5_kdc_type: "{{ krb5_server_type }}"
krb5_enc_types: "aes256-cts aes128-cts"

# IPA Configs
ipadm_password: "{{ default_password }}"
ipaadmin_password: "{{ default_password }}"

# IPA LDAP configs
ipa_ldap_url: "ldaps://{{ groups['krb5_server'][0] | default('localhost') }}:636"
ipa_directory_manager: "cn=Directory Manager"
ipa_directory_manager_password: "{{ default_password }}"

ipa_ldap_dc_suffix: "{% for i in realm_user.split('.') %}dc={{ i | lower }}{% if not loop.last %},{% endif %}{% endfor %}"
ipa_ldap_user_bind_dn: "uid=admin,cn=users,cn=accounts,{{ ipa_ldap_dc_suffix }}"
ipa_ldap_user_bind_password: "{{ default_password }}"
ipa_ldap_user_search_base: "cn=users,cn=accounts,{{ ipa_ldap_dc_suffix }}"
ipa_ldap_user_search_filter: "(&(uid={0})(objectClass=person))"
ipa_ldap_group_search_base: "cn=groups,cn=accounts,{{ ipa_ldap_dc_suffix }}"
ipa_ldap_user_group_filter: "(&(member={1})(objectClass=posixgroup))"


# TLS security configs

skip_tls_cert_distribution: "false"
base_dir_security: /opt/cloudera/security
base_dir_security_pki: "{{ base_dir_security }}/pki"

tls_cert_path: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem"
tls_cert_path_generic: "{{ base_dir_security_pki }}/host.pem"
tls_chain_path: "{{ base_dir_security_pki }}/chain.pem"
tls_csr_path: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.csr"
tls_csr_config_path: "{{ base_dir_security_pki }}/csr.cnf"
tls_key_password: changeme
tls_key_password_file: "{{ base_dir_security_pki }}/host.key.pw"
tls_key_path: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.key"
tls_key_path_generic: "{{ base_dir_security_pki }}/host.key"
tls_key_path_plaintext: "{{ tls_key_path }}.unenc"
tls_key_path_plaintext_generic: "{{ tls_key_path_generic }}.unenc"
tls_keystore_password: changeme
tls_keystore_path: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.jks"
tls_keystore_path_generic: "{{ base_dir_security_pki }}/host.jks"
tls_truststore_password: changeme
tls_truststore_path: "{{ base_dir_security_pki }}/truststore.jks"

tls_acl_groups_keystore: ["cloudera-scm", "cruisecontrol", "flume", "hbase", "hive", "httpfs", "kafka", "keytrustee", "kms", "knox", "livy", "nifi", "nifiregistry", "oozie", "schemaregistry", "solr", "spark", "streamsmsgmgr", "streamsrepmgr", "zeppelin", "zookeeper"]
tls_acl_groups_key: ["cloudera-scm", "hue", "impala", "keytrustee", "kudu", "streamsmsgmgr"]
tls_acl_groups_key_unencrypted: []
tls_acl_groups_key_password: ["cloudera-scm", "hue", "impala", "keytrustee", "kudu"]

ca_server_attrs_general:
OU: PS
O: Cloudera, Inc.
ST: CA
C: US

# Configure FreeIPA LDAP for CM
auth_providers:
FreeIPA:
type: LDAP
ldap_url: "{{ ipa_ldap_url }}"
ldap_base_dn:
ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
ldap_search_base:
user: "{{ ipa_ldap_user_search_base }}"
group: "{{ ipa_ldap_group_search_base }}"
ldap_search_filter:
user: "{{ ipa_ldap_user_search_filter }}"
group: "{{ ipa_ldap_user_group_filter }}"

auth_provider: "{{ auth_providers[cloudera_manager_external_auth.provider] }}"

cloudera_manager_external_auth:
provider: FreeIPA
external_first: no
external_only: no
external_set: "{% if free_ipa == true %}yes{% else %}no{% endif %}"
role_mappings:
- group: admins
roles: [ROLE_ADMIN]
- group: auditors
roles: [ROLE_AUDITOR]
- group: users
roles: [ROLE_USER]


# Other required configs

local_temp_dir: "/home/tmp"
skip_user_group_init: false
Loading

0 comments on commit 1734e56

Please sign in to comment.