+#
+# Copyright 2013-2014, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+$LOAD_PATH.push("#{File.dirname(__FILE__)}/_lib")
+#${chef-repo}/roles/_lib/grid.rb
+require 'grid'
+
name 'grid-realm'
description 'The Grid realm configurations.'
#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
-default_realm = 'GRID.EXAMPLE.COM'
-
default_attributes(
)
override_attributes(
'krb5' => {
'libdefaults' => {
- 'default_realm' => default_realm
+ 'default_realm' => Grid::REALM,
+ # strong crypto
+ 'default_tgs_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
+ 'default_tkt_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
+ 'permitted_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
+ # or weak crypto for 1.0.x KSSL
+ #'allow_weak_crypto' => 'true',
+ #'default_tgs_enctypes' \
+ # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
+ #'default_tkt_enctypes' \
+ # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
+ #'permitted_enctypes' \
+ # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
},
'realms' => {
- default_realm => {
- 'kdcs' => [
- 'ns00.grid.example.com',
- 'ns01.grid.example.com',
- 'ns02.grid.example.com'
- ],
- 'admin_server' => 'krb-admin.grid.example.com'
+ Grid::REALM => {
+ 'kdcs' => "ns0{0..2}.#{Grid::DOMAIN}".expand,
+ 'admin_server' => "krb-admin.#{Grid::DOMAIN}"
}
},
'domain_realms' => [
- '.grid.example.com = GRID.EXAMPLE.COM'
+ ".#{Grid::DOMAIN} = #{Grid::REALM}"
]
+ },
+ 'hadoop' => {
+ # for 1.0.x KSSL on the JDK 6 only >>
+ 'krb5_strong_crypto' => {
+ 'default_tgs_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
+ 'default_tkt_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
+ 'permitted_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
+ },
+ 'krb5_weak_crypto' => {
+ 'default_tgs_enctypes' \
+ => 'des-cbc-crc des-cbc-md5',
+ 'default_tkt_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
+ 'permitted_enctypes' \
+ => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
+ }
+ # <<
}
)