default['hadoop']['this.cluster.name'] = 'localhost'
default['hadoop']['this.domain'] = 'localhost'
default['hadoop']['this.realm'] = 'LOCALDOMAIN'
-default['hadoop']['this.keytab.dir'] = '/grid/etc/keytabs/${this.cluster.name}'
+default['hadoop']['this.keytab.dir'] = "/grid/etc/keytabs/#{default['hadoop']['this.cluster.name']}"
default['hadoop']['this.namenode.fqdn'] = 'localhost'
default['hadoop']['hadoop.http.authentication.kerberos.principal'] = 'HTTP/localhost@${this.realm}'
## hdfs-site.xml
# with security
if node['hadoop']['with_security'] then
+directory node['hadoop']['this.keytab.dir'] do
+ owner 'root'
+ group 'root'
+ mode '0755'
+ action :create
+ recursive true
+end
+
template "/grid/usr/hadoop-#{hadoop_ver}/conf/taskcontroller.cfg" do
source "conf/taskcontroller.cfg"
owner 'root'
log <<-EOM
Note:
-The next step is to initialize HDFS:
+You must initialize HDFS in the first installation:
$ cd /grid/usr/hadoop
$ sudo -u hdfs ./bin/hadoop namenode -format
$ sudo -u hdfs ./bin/hadoop-daemon.sh start namenode
<value>/grid/vol/0/var/lib/${user.name}/checkpoint</value>
<!-- <value>/grid/vol/0/var/lib/${user.name}/checkpoint,/export/home/${user.name}/var/lib/checkpoint</value> -->
</property>
+
<% if node['hadoop']['with_security'] then %>
<property>
<name>hadoop.security.authentication</name>
</description>
</property>
-->
+
<% if node['hadoop']['with_security'] then %>
<property>
<name>dfs.cluster.administrators</name>
</description>
</property>
-->
+
<% if node['hadoop']['with_security'] then %>
<property>
<name>mapred.acls.enabled</name>
--- /dev/null
+# CHANGELOG for krb5
+
+This file is used to list changes made in each version of krb5.
+
+## 0.1.0:
+
+* Initial release of krb5
+
+- - -
+Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
+
+The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
--- /dev/null
+krb5 Cookbook
+=============
+TODO: Enter the cookbook description here.
+
+e.g.
+This cookbook makes your favorite breakfast sandwhich.
+
+Requirements
+------------
+TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
+
+e.g.
+#### packages
+- `toaster` - krb5 needs toaster to brown your bagel.
+
+Attributes
+----------
+TODO: List you cookbook attributes here.
+
+e.g.
+#### krb5::default
+<table>
+ <tr>
+ <th>Key</th>
+ <th>Type</th>
+ <th>Description</th>
+ <th>Default</th>
+ </tr>
+ <tr>
+ <td><tt>['krb5']['bacon']</tt></td>
+ <td>Boolean</td>
+ <td>whether to include bacon</td>
+ <td><tt>true</tt></td>
+ </tr>
+</table>
+
+Usage
+-----
+#### krb5::default
+TODO: Write usage instructions for each cookbook.
+
+e.g.
+Just include `krb5` in your node's `run_list`:
+
+```json
+{
+ "name":"my_node",
+ "run_list": [
+ "recipe[krb5]"
+ ]
+}
+```
+
+Contributing
+------------
+TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
+
+e.g.
+1. Fork the repository on Github
+2. Create a named feature branch (like `add_component_x`)
+3. Write you change
+4. Write tests for your change (if applicable)
+5. Run the tests, ensuring they all pass
+6. Submit a Pull Request using Github
+
+License and Authors
+-------------------
+Authors: TODO: List authors
--- /dev/null
+#
+# Cookbook Name:: krb5
+# Attributes:: default
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['krb5']['libdefaults']['default_realm'] = 'LOCALDOMAIN'
+default['krb5']['realms']['default_realm']['kdcs'] = ['localhost']
+default['krb5']['realms']['default_realm']['admin_server'] = 'localhost'
+default['krb5']['domain_realms'] = ['localhost = LOCALDOMAIN']
+default['krb5']['kpropd.acl'] = ''
+=begin
+# e.g. list KDCs
+default['krb5']['kpropd.acl'] = <<-EOC
+host/ns00.grid.example.com@GRID.EXAMPLE.COM
+host/ns01.grid.example.com@GRID.EXAMPLE.COM
+EOC
+=end
+#default['krb5'][''] = ''
--- /dev/null
+name 'krb5'
+maintainer 'whitestar'
+maintainer_email ''
+license 'Apache 2.0'
+description 'Installs/Configures krb5'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version '0.1.0'
--- /dev/null
+#
+# Cookbook Name:: krb5
+# Recipe:: admin
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node[:platform_family]
+ when 'debian'
+ package 'krb5-admin-server' do
+ action :install
+ end
+
+ service 'krb5-admin-server' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ package 'krb5-kdc' do
+ action :install
+ end
+
+ service 'krb5-kdc' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ template '/etc/krb5kdc/kdc.conf' do
+ source 'etc/krb5kdc/kdc.conf'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
+ when 'rhel'
+ package 'krb5-server' do
+ action :install
+ end
+
+ service 'kadmin' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+ service 'krb5kdc' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ template '/var/kerberos/krb5kdc/kdc.conf' do
+ source 'var/kerberos/krb5kdc/kdc.conf'
+ owner 'root'
+ group 'root'
+ mode '0600'
+ end
+end
+
+log <<-EOM
+Note:
+You must initialize a Kerberos realm in the first installation:
+ [Debian]
+ $ sudo krb5_newrealm
+ $ sudo service krb5-kdc restart
+ $ sudo service krb5-admin-server restart
+ [CentOS]
+ $ sudo kdb5_util create -s
+ $ sudo service kadmin restart
+ $ sudo service krb5kdc restart
+EOM
+
--- /dev/null
+#
+# Cookbook Name:: krb5
+# Recipe:: client
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node[:platform_family]
+ when 'debian'
+ package 'krb5-user' do
+ action :install
+ end
+ when 'rhel'
+ package 'krb5-workstation' do
+ action :install
+ end
+end
+
+template '/etc/krb5.conf' do
+ source 'etc/krb5.conf'
+ owner 'root'
+ group 'root'
+ mode '0644'
+end
+
--- /dev/null
+#
+# Cookbook Name:: krb5
+# Recipe:: default
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
--- /dev/null
+#
+# Cookbook Name:: krb5
+# Recipe:: kdc
+#
+# Copyright 2013, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node[:platform_family]
+ when 'debian'
+ package 'krb5-kdc' do
+ action :install
+ end
+
+ service 'krb5-kdc' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ template '/etc/krb5kdc/kdc.conf' do
+ source 'etc/krb5kdc/kdc.conf'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
+ template '/etc/krb5kdc/kpropd.acl' do
+ source 'etc/krb5kdc/kpropd.acl'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
+
+ package 'xinetd' do
+ action :install
+ end
+
+ service 'xinetd' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ template '/etc/xinetd.d/krb_prop' do
+ source 'etc/xinetd.d/krb_prop'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ notifies :reload, 'service[xinetd]'
+ end
+ when 'rhel'
+ package 'krb5-server' do
+ action :install
+ end
+
+ service 'krb5kdc' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => false
+ end
+
+ template '/var/kerberos/krb5kdc/kdc.conf' do
+ source 'var/kerberos/krb5kdc/kdc.conf'
+ owner 'root'
+ group 'root'
+ mode '0600'
+ end
+ template '/var/kerberos/krb5kdc/kpropd.acl' do
+ source 'var/kerberos/krb5kdc/kpropd.acl'
+ owner 'root'
+ group 'root'
+ mode '0600'
+ end
+
+ service 'kprop' do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => true
+ end
+end
+
+log <<-EOM
+Note:
+You must add the host principal of this host for propagation.:
+ $ sudo kadmin -p admin
+ ...
+ kadmin: add_principal -randkey host/ns01.grid.example.com
+ ...
+ kadmin: ktadd host/ns01.grid.example.com
+ ...
+EOM
+
--- /dev/null
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ default_realm = <%= node['krb5']['libdefaults']['default_realm'] %>
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+
+default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+
+[realms]
+ <%= node['krb5']['libdefaults']['default_realm'] %> = {
+<% node['krb5']['realms']['default_realm']['kdcs'].each do |kdc| %>
+ kdc = <%= kdc %>
+<% end %>
+ admin_server = <%= node['krb5']['realms']['default_realm']['admin_server'] %>
+ }
+
+[domain_realm]
+<% node['krb5']['domain_realms'].each do |domain_realm| %>
+ <%= domain_realm %>
+<% end %>
+
--- /dev/null
+[kdcdefaults]
+ kdc_ports = 88
+ kdc_tcp_ports = 88
+
+[realms]
+<%= node['krb5']['libdefaults']['default_realm'] %> = {
+ LOCALDOMAIN = {
+ master_key_type = aes256-cts
+ acl_file = /var/kerberos/krb5kdc/kadm5.acl
+ dict_file = /usr/share/dict/words
+ admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+ #supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+ supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal
+ }
+
--- /dev/null
+<%= node['krb5']['kpropd.acl'] %>
--- /dev/null
+[libdefaults]
+ default_realm = <%= node['krb5']['libdefaults']['default_realm'] %>
+
+# The following krb5.conf variables are only for MIT Kerberos.
+ krb4_config = /etc/krb.conf
+ krb4_realms = /etc/krb.realms
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
+
+# The following encryption type specification will be used by MIT Kerberos
+# if uncommented. In general, the defaults in the MIT Kerberos code are
+# correct and overriding these specifications only serves to disable new
+# encryption types as they are added, creating interoperability problems.
+#
+# Thie only time when you might need to uncomment these lines and change
+# the enctypes is if you have local software that will break on ticket
+# caches containing ticket encryption types it doesn't know about (such as
+# old versions of Sun Java).
+
+# default_tgs_enctypes = des3-hmac-sha1
+# default_tkt_enctypes = des3-hmac-sha1
+# permitted_enctypes = des3-hmac-sha1
+
+# for strong crypto
+default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+
+# for weak crypto
+#allow_weak_crypto = true
+#default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+#default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+#permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+
+# The following libdefaults parameters are only for Heimdal Kerberos.
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+ fcc-mit-ticketflags = true
+
+[realms]
+ <%= node['krb5']['libdefaults']['default_realm'] %> = {
+<% node['krb5']['realms']['default_realm']['kdcs'].each do |kdc| %>
+ kdc = <%= kdc %>
+<% end %>
+ admin_server = <%= node['krb5']['realms']['default_realm']['admin_server'] %>
+ }
+
+[domain_realm]
+<% node['krb5']['domain_realms'].each do |domain_realm| %>
+ <%= domain_realm %>
+<% end %>
+
+[login]
+ krb4_convert = true
+ krb4_get_tickets = false
--- /dev/null
+[kdcdefaults]
+ kdc_ports = 750,88
+
+[realms]
+ <%= node['krb5']['libdefaults']['default_realm'] %> = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ #master_key_type = des3-hmac-sha1
+ master_key_type = aes256-cts
+ #supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
+ supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal
+ # NOT RECOMMENDED:
+ # for KSSL (Kerberized SSL) on JDK 6 (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6946669)
+ #supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal des-cbc-crc:normal des-cbc-md5:normal
+ default_principal_flags = +preauth
+ }
--- /dev/null
+<%= node['krb5']['kpropd.acl'] %>
--- /dev/null
+[libdefaults]
+ default_realm = <%= node['krb5']['libdefaults']['default_realm'] %>
+
+# The following krb5.conf variables are only for MIT Kerberos.
+ krb4_config = /etc/krb.conf
+ krb4_realms = /etc/krb.realms
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
+
+# The following encryption type specification will be used by MIT Kerberos
+# if uncommented. In general, the defaults in the MIT Kerberos code are
+# correct and overriding these specifications only serves to disable new
+# encryption types as they are added, creating interoperability problems.
+#
+# Thie only time when you might need to uncomment these lines and change
+# the enctypes is if you have local software that will break on ticket
+# caches containing ticket encryption types it doesn't know about (such as
+# old versions of Sun Java).
+
+# default_tgs_enctypes = des3-hmac-sha1
+# default_tkt_enctypes = des3-hmac-sha1
+# permitted_enctypes = des3-hmac-sha1
+
+# for strong crypto
+default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
+
+# for weak crypto
+#allow_weak_crypto = true
+#default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+#default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+#permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5
+
+# The following libdefaults parameters are only for Heimdal Kerberos.
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+ fcc-mit-ticketflags = true
+
+[realms]
+ <%= node['krb5']['libdefaults']['default_realm'] %> = {
+<% node['krb5']['realms']['default_realm']['kdcs'].each do |kdc| %>
+ kdc = <%= kdc %>
+<% end %>
+ admin_server = <%= node['krb5']['realms']['default_realm']['admin_server'] %>
+ }
+
+[domain_realm]
+<% node['krb5']['domain_realms'].each do |domain_realm| %>
+ <%= domain_realm %>
+<% end %>
+
+[login]
+ krb4_convert = true
+ krb4_get_tickets = false
--- /dev/null
+[kdcdefaults]
+ kdc_ports = 750,88
+
+[realms]
+ <%= node['krb5']['libdefaults']['default_realm'] %> = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ #master_key_type = des3-hmac-sha1
+ master_key_type = aes256-cts
+ #supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
+ supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal
+ # NOT RECOMMENDED:
+ # for KSSL (Kerberized SSL) on JDK 6 (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6946669)
+ #supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal des-cbc-crc:normal des-cbc-md5:normal
+ default_principal_flags = +preauth
+ }
--- /dev/null
+<%= node['krb5']['kpropd.acl'] %>
--- /dev/null
+# Debian
+service krb_prop
+# CentOS 5
+#service krb5_prop
+{
+ disable = no
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+ # Debian
+ server = /usr/sbin/kpropd
+ # CentOS 5
+ #server = /usr/kerberos/sbin/kpropd
+}
+++ /dev/null
-{
- "run_list": [
- "role[mocker]",
- "role[hadoop-pseudo-distributed]"
- ]
-}
--- /dev/null
+{
+ "run_list": [
+ "role[mocker]"
+ ]
+}
--- /dev/null
+{
+ "run_list": [
+ "role[mocker]",
+ "role[hadoop-pseudo-distributed-with-security]"
+ ]
+}
--- /dev/null
+name 'hadoop-pseudo-distributed-with-security'
+description 'Hadoop pseudo distributed mode with security'
+
+run_list(
+ 'recipe[krb5::client]',
+ 'recipe[krb5::admin]',
+ 'role[hadoop]'
+)
+
+#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
+
+default_attributes(
+ 'hadoop' => {
+ 'with_security' => true
+ }
+)
+
+#override_attributes "apache2" => { "max_children" => "50" }
'oracle' => {
'accept_oracle_download_terms' => true
},
-# 'jdk' => {
-# '6' => {
-# 'bin_cmds' => []
-# }
-# }
+=begin Not effective
+ 'jdk' => {
+ '6' => {
+ 'bin_cmds' => []
+ }
+ }
+=end
}
)
'java' => {
'jdk' => {
'6' => {
+ # no update-alternatives
'bin_cmds' => []
}
}
run_list(
'recipe[drillbook]',
- 'recipe[java]'
+# 'recipe[java]'
)
#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
--- /dev/null
+name 'nameservice-master'
+description 'The NameService (Kerberos and LDAP) master role'
+
+run_list(
+ 'recipe[node_commons]',
+ 'recipe[krb5:client]',
+ 'recipe[krb5:admin]'
+)
+
+#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
+
+default_attributes(
+ 'krb5' => {
+ 'libdefaults' => {
+ 'default_realm' => 'GRID.EXAMPLE.COM'
+ },
+ 'realms' => {
+ 'default_realm' => {
+ 'kdcs' => [
+ 'ns01.grid.example.com',
+ 'ns02.grid.example.com'
+ ],
+ 'admin_server' => 'krb-admin.grid.example.com'
+ }
+ },
+ 'domain_realms' => [
+ '.grid.example.com = GRID.EXAMPLE.COM'
+ ]
+ }
+)
+
+#override_attributes "apache2" => { "max_children" => "50" }
--- /dev/null
+name 'nameservice-slave'
+description 'The NameService (Kerberos and LDAP) slave role'
+
+run_list(
+ 'recipe[node_commons]',
+ 'recipe[krb5:client]',
+ 'recipe[krb5:kdc]'
+)
+
+#env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
+
+default_attributes(
+ 'krb5' => {
+ 'libdefaults' => {
+ 'default_realm' => 'GRID.EXAMPLE.COM'
+ },
+ 'realms' => {
+ 'default_realm' => {
+ 'kdcs' => [
+ 'ns01.grid.example.com',
+ 'ns02.grid.example.com'
+ ],
+ 'admin_server' => 'krb-admin.grid.example.com'
+ }
+ },
+ 'domain_realms' => [
+ '.grid.example.com = GRID.EXAMPLE.COM'
+ ]
+ }
+)
+
+#override_attributes "apache2" => { "max_children" => "50" }
file_cache_path "/tmp/chef-solo"
cookbook_path "#{current_dir}/cookbooks"
role_path "#{current_dir}/roles"
+node_path "#{current_dir}/nodes"
OSDN Git Service
