Feature/krb5kdc

[wolf31o2]

This is a pretty big change to the current cookbook. However, I have maintained backwards compatibility with all of the previous attributes. This changes the krb5.conf template to be fully attribute-driven, which adds flexibility. I have, also, added kadmin and kdc recipes, to configure the Kerberos Admin Server and KDC, respectively.

I have included the changes from @dereklwood (a co-worker) in atomic-penguin/cookbook-krb5#3 into this pull request. This has been tested, using bundle exec rake on my Mac, with no issues. The plan is to pull this into our http://github.com/continuuity/loom project, to allow provisioning of secure Hadoop clusters.

Thanks

[atomic-penguin]

I have a deadline to turn in a Master's thesis draft, so won't get to this over the weekend. Trust me, I'd rather be working on this. Will do my best to review/release before Chefconf on April 14.

[wolf31o2]

Awesome! Speaking of which, I assume that means that you will be attending ChefConf, correct?

Derek and I will be there, representing Continuuity.

[atomic-penguin]

Yes, I wouldn't miss it.

See you guys there!

[wolf31o2]

Sorry for all of the additions... I am using this in production to spin up KDCs and secure Hadoop clusters. As such, I am pushing any changes that I end up needing.

I don't know if you're up for it, but I am willing to join on as a collaborator on GitHub/Opscode for the cookbook. I will be using it pretty heavily, as my company is building a ton of secure Hadoop clusters both for ourselves, and our clients. I expect to add proper support for using LDAP for the Kerberos database, too... but that's for another version. :smile:

[wolf31o2]

This may need a little bit more work. It works when I do things by hand, but doesn't seem to work when I use it in my automated system (Continuuity Loom)

[wolf31o2]

I have no idea why Travis is failing. I cannot see anything wrong, and bundle exec rake works perfectly for me, locally.

[wolf31o2]

By the way, this should be safe for merging, now. The issues that I was having was related to trying to create multiple KDCs using this recipe. It's still missing a few things for that, but I don't think that should block this getting merged.

[atomic-penguin]

Added @wolf31o2 as project collaborator. @wolf31o2 what is your community site ID, so I can add you there?

[wolf31o2]

Ahh, right. It is cgianelloni on the community site.

[atomic-penguin]

@wolf31o2 promoted you to maintainer on community site, as I may no longer be able to maintain this in the future. Will certainly collaborate and assist if needed.

Feel free to point this at your own branch at your convenience.

[atomic-penguin]

I have this merged in master, but I think probably should be a 1.0.0 release. Don't feel like I am throwing a hand grenade over the wall here. You've done a lot of work on this, and I don't want to bottleneck you getting this back out to the community site.

TODO:

• CHANGELOG needs updated.
• Kitchen suites need added/updated.
• BATS integration tests?

[wolf31o2]

I was planning on moving the hash to be unrolled in the files, similarly to how I do things in the hadoop cookbook. I just hadn't had time to do all of it, since I was trying to get the functionality working before I made even more changes. I didn't want to change the attribute format more than once.

You're right about it being a 1.0 release. I will actually change that before I push it to the community site for others to use, since it's an API change.