Configuring MIT Kerberos with Open
LDAP and IBM BigInsights 3.0.0.2
Eric Yang
Laser Nahoom Kabakov
Roman Zeltser
Yifat Yulevich
Yu Gao
05/04/2015
Contents
Background...................................................................................................................................... 4
Topology solution and hosts ........................................................................................................... 5
Installation prequists: .................................................................................................................. 5
1. Setting up users and groups in open ldap: .......................................................................... 5
Step 1: Setting up the linux machines: ........................................................................................ 7
1.
Host Name setup : ........................................................................................................... 7
Host name requirements: ........................................................................................................... 7
Host resolution: ........................................................................................................................... 7
2.
Passwordless ssh for root user ........................................................................................ 8
3.
Install ldap client (on each Linux node) ........................................................................... 8
4.
Install DB2 prerequisites (on each Linux node) ............................................................... 8
5.
Install Kerberos V5 client libraries on each of the Linux machines (4 total) ................... 8
6.
Install various prequisits .................................................................................................. 8
7.
Disable IPV6 on all nodes ................................................................................................ 9
8.
Disable firewall ................................................................................................................ 9
9.
Disable Selinux ................................................................................................................. 9
10.
Create disks for data store ........................................................................................ 10
11.
Configure Sudo permissions for admin user: ............................................................ 12
12.
Configure limits.conf on each BI node: ..................................................................... 12
13.
Configure /etc/ssh/sshd_config on each BI node ..................................................... 12
14.
Configure pam_ ldap module .................................................................................... 12
15.
Configure SSHD at /etc/pam.d/sshd ......................................................................... 13
16.
Configure System auth at /etc/pam.d/system-auth ................................................. 14
17.
Configure ladp configuiration at /etc/openldap/ldap.conf ....................................... 14
18.
Configuring name service daemon at /etc/nslcd.conf .............................................. 15
19.
Configuring name service switch at /etc/nsswitch.conf ........................................... 15
20.
Configuring pam_ldap.conf at /etc/pam_ldap.conf ................................................. 16
21.
Copying certs from openLDAP server to all of the BigInsights nodes ....................... 16
22.
Start local name service daemon (nslcd)................................................................... 16
Step 2: Setting up IBM JDK and JCE: .......................................................................................... 16
Download and Install IBM JDK and JCE on Linux servers: ..................................................... 17
Step 3: Open LDAP time synchronization .................................................................................. 17
Step 4: Configuring Kerberos client on all BigInsights nodes .................................................... 17
1.
Configure /etc/krb5.conf on each of your Linux machines (4 total) ............................ 17
2.
Add Kerberos service definitions to each /etc/services (all Linux machines) ............... 18
Step 5: Creating and deploying host keytabs ............................................................................ 18
1.
Create the host keytabs................................................................................................. 18
2.
Configure sssd (security deamon) file on each node .................................................... 19
3.
Caching enablement ...................................................................................................... 20
4.
Deploy initialize and test the host keytabs ................................................................... 21
Step 6: Creating the service Keytabs: ........................................................................................ 23
Step 7: Initializing the service keytabs ...................................................................................... 34
Step 8: Creating the cluster hosts file for the BigInsights installer .......................................... 42
Step 9: Running BigInsights installer prechecker ...................................................................... 42
Step 10: BigInsights installation ................................................................................................ 43
Prefix 1: Complete users LDIF file .............................................................................................. 66
Prefix 2: Complete groups LDIF file ......................................................................................... 103
Prefix 3: Complete hosts LDIF file ............................................................................................ 105
Background:
Big Data environments are characterized by a multiplicity of technologies, distributed data
repositories, and parallel computation systems with different deployment models. With all that
complexity, organizations want to maintain data privacy, to ensure that the data will not be
exposed to unauthorized parties. Organizations also need to provide a unified security
mechanism that allows Single Sign-On, ensuring that any service connected to the data cluster
goes through the authentication process to be permitted to access the data. Like other
distributed systems, Big Data clusters share the same security weaknesses. Distributed systems
are demanding to ensure that parties are who they claim to be, to verify client applications
before they join the cluster and access the data that resides on federated systems.
This article describes the series of steps required to set up an IBM Big Data environment using
Kerberos for host validation and authentication of client applications The environment settings
were based on the requirements of an IBM customer, as described in the next section of this
article.
Requirements:
Following are the list of the system requirements:
The system must manage a large number of documents and the metadata for those
documents. The documents are classified into a variety of different topics and
categories.
The system should handle many different document types (such as html, PDF,
spreadsheets etc.) that are originated by many different systems.
The system should provide a federated search that considers the documents as well as
the relevant topics that are associated with them.
The document categories are mapped to different authorization groups. Users
belonging to those groups will have access to the corresponding documents.
The documents metadata is added to throughout the document’s life cycle.
The Proof Of Concept (PoC) documented in this article demonstrates the ability to apply a single
sign-on mechanism in a subset (market in figure 1) of the proposed environment while using a
Kerberos ticket to authenticate hosts, users and add-on services to the BigInsights Hadoop
cluster.
Topology solution and hosts
# Function
Hostname
OS
1 LDAP + KDC (open LDAP)
ldp.iic.il.ibm.com
Red-Hat 6.3 Server
3 BigInsights 3.0 management node
4 BigInsights 3.0 Data node 1
5 BigInsights 3.0 Data node 2
bigins.iic.il.ibm.com
bigins1.iic.il.ibm.com
bigins1.iic.il.ibm.com
Red-Hat 6.3 Server
Red-Hat 6.3 Server
Red-Hat 6.3 Server
6 BigInsights 3.0 Data node 3
bigins3.iic.il.ibm.com
Red-Hat 6.3 Server
Installation prequists:
1. Setting up users and groups in open ldap:
1. Service groups for BigInsights:
a. gbiadmin
b. gbidataadmin
c. gbiappadmin
d. gbisysadmin
e. gbiuser
2. Service users for BigInsights
a. biadmin: user in gbiadmin group * number of BigInsights nodes (biadmin1,
biadmin2..)
b. alert : (user in gbiadmin group) * number of BigInsights nodes
c. bigsql: (user in gbiadmin group) * number of BigInsights nodes
d. catalog: (user in gbiadmin group) * number of BigInsights nodes
e. console: (user in gbiadmin group) * number of BigInsights nodes
f. hadoop: (user in gbiadmin group) * number of BigInsights nodes
g. hbase: (user in gbiadmin group) * number of BigInsights nodes
h. hdfs: (user in gbiadmin group) * number of BigInsights nodes
i. hive: (user in gbiadmin group) * number of BigInsights nodes
j. http: (user in gbiadmin group) * number of BigInsights nodes
k. httpfs: (user in gbiadmin group) * number of BigInsights nodes
l. mapred: (user in gbiadmin group) * number of BigInsights nodes
m. monitoring: (user in gbiadmin group) * number of BigInsights nodes
n. oozie: (user in gbiadmin group) * number of BigInsights nodes
o. orchestrator: (user in gbiadmin group) * number of BigInsights nodes
p. zookeeper: (user in gbiadmin group) * number of BigInsights nodes
Apache Directory studio screenshot for user biadmin on machine bigins.iic.il.ibm.com
Apache Directory studio screenshot for user biadmin1 on machine bigins1.iic.il.ibm.com
To sum up the changes between 2 consecutive users:
Property
biadmin1
biadmin2
dn:
cn=biadmin1,ou=users,dc=iic,dc=il
,dc=ibm,dc=com
biadmin1
/home/biadmin
cn=biadmin2,ou=users,dc=iic,dc=il
,dc=ibm,dc=com
biadmin2
/home/biadmin
biadmin
200
biadmin
200
cn:
homeDirect
ory:
uid:
uidNumber:
For a full reference on users, groups and managed hosts in this solution please refer to
prefix 1,2,3 at the end of this document .
Step 1: Setting up the linux machines:
1. Host Name setup :
Host name requirements:
All host names should be all lower case as specified here:
http://www01.ibm.com/support/knowledgecenter/SSPT3X_3.0.0/com.ibm.swg.im.infosphere.biginsights.in
stall.doc/doc/bi_install_generate_keytabs.html
Host resolution:
Option 1: use dns (prefferd)
Make sure that the short name and fqdn of each server can be resolved to the same IP from
each of the nodes.
Option 2: use hosts file (if dns not available)
Hosts file for each of the computers in the solution:
Comment out or remove these lines:
127.0.0.1
localhost localhost.localdomain localhost4 localhost4.localdomain4
::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
These are the only lines which is needed in the file :
10.10.162.15
10.10.162.16
10.10.162.17
10.10.162.18
10.10.162.13
bigins.iic.il.ibm.com bigins
bigins1.iic.il.ibm.com bigins1
bigins2.iic.il.ibm.com bigins2
bigins3.iic.il.ibm.com bigins3
ldp.iic.il.ibm.com ldp
In this guide we assume that the operating system is configured with local or any other
repository.
2. Passwordless ssh for root user
Configure passwordless ssh access to all machines in the cluster for the root user.
Make sure the authorized keys and the pub are holding the same value
Test the configuration with:
ssh <your_server_name>
Verify that no password is required
3. Install ldap client (on each Linux node)
yum -y install openldap openldap-clients nss-pam-ldapd pam_ldap
4. Install DB2 prerequisites (on each Linux node)
yum -y install mksh.x86_64 libaio compat-libstdc++ pam.x86_64 pam.i686 libstdc++.i686
5.
Install Kerberos V5 client libraries on each of the Linux machines (4 total)
Kerberos packages may be installed by default, but make sure that the appropriate packages are
installed for the Kerberos server or client being configured.
To install packages for a Kerberos client packages:
yum -y install krb5-workstation krb5-libs krb5-auth-dialog words pam_krb5
6. Install various prequisits
yum -y install expect rpm-build
7. Disable IPV6 on all nodes
in /etc/sysctl.conf:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.ip_local_port_range = 1024 64000
kernel.pid_max = 4194303
Reload the sysctl.conf by issuing the following command:
sysctl -p /etc/sysctl.conf
In /etc/sysconfig/network:
NETWORKING_IPV6=no
In /etc/sysconfig/network-scripts/ifcfg-eth0:
IPV6INIT=”no”
8. Disable firewall
chkconfig iptables off
service iptables stop
chkconfig ip6tables off
service ip6tables stop
reboot
9.
Disable Selinux
setenforce 0
Modify selinux configuration file to disable selinux
vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
10. Create disks for data store
The BigInsights HDFS will use the internal disks for data store. Each server in the clustrer will
hold 6 disks , that would be mounted to /media as a JBOD configuration.
Create mount point
mkdir -p /media/disk1
The remaining mount points will be /media/disk2-/media/disk6
Create the partitions
Each disk /dev/sdb
-- /dev/sdg
Will have the entire disk partitioned using fdisk
fdisk /dev/sdb
Press “d” to delete existing partition table
Press “n” to create new partition
Press “p” for primary Partition
Press 1 for Partition Number
Press enter to default First cylinder
Press enter to default Last cylinder
Press “w” to save the partition created
Format the partitions
The partitions will be formatted with the ext4 file system
mkfs.ext4 /dev/sdb1
mkfs.ext4 /dev/sdc1
mkfs.ext4 /dev/sdd1
mkfs.ext4 /dev/sde1
mkfs.ext4 /dev/sdf1
mkfs.ext4 /dev/sdg1
Mount the partitions
Mount the partition to the /media mount points.
The first mount point will be:
mount /dev/sdb1 /media/disk1
The remaining mount points will be /dev/sdX - /media/diskX.
mount /dev/sdc1 /media/disk2
Update fstab
Make the mounts permanent by adding them to fstab.
vi /etc/fstab
Insert the mount points into the file:
/dev/sdb1 /media/disk1 ext4 defaults 0 0
/dev/sdc1 /media/disk2 ext4 defaults 0 0
/dev/sdd1 /media/disk3 ext4 defaults 0 0
/dev/sde1 /media/disk4 ext4 defaults 0 0
/dev/sdf1 /media/disk5 ext4 defaults 0 0
/dev/sdg1 /media/disk6 ext4 defaults 0 0
11. Configure Sudo permissions for admin user:
Add the following line /etc/sudoers:
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
gbiadmin ALL=(ALL) NOPASSWORD: ALL
12. Configure limits.conf on each BI node:
vi /etc/security/limits.conf
biadmin hard nofile 65536
biadmin soft nofile 65536
biadmin hard nproc 65536
biadmin soft nproc 65536
root hard nofile 65536
root soft nofile 65536
root hard nproc 65536
root soft nproc 65536
13. Configure /etc/ssh/sshd_config on each BI node
Uncomment/enter the following values on /etc/ssh/sshd_config
PermitRootLogin yes
AllowUsers biadmin root bigsql catalog
14. Configure pam_ ldap module
Step 1: /etc/pam.d/password-auth
Add and edit the lines in the file, to be like the the following:
#auth
auth
sufficient
sufficient
pam_sss.so use_first_pass
pam_krb5.so use_first_pass
auth
sufficient
#account
[default=bad success=ok user_unknown=ignore] pam_sss.so
account
[default=bad success=ok user_unknown=ignore] pam_ldap.so
account
[default=bad success=ok user_unknown=ignore] pam_krb5.so
#password
sufficient
pam_ldap.so use_first_pass
pam_sss.so use_authtok
password
sufficient
pam_krb5.so use_authtok
password
sufficient
pam_ldap.so use_authtok
#session
optional
pam_sss.so
session
optional
pam_krb5.so
session
optional
pam_ldap.so
session
optional
pam_oddjob_mkhomedir.so
15. Configure SSHD at /etc/pam.d/sshd
#%PAM-1.0
auth
sufficient
pam_ldap.so
auth
required
pam_sepermit.so
auth
include
password-auth
account
required
pam_nologin.so
account
include
password-auth
password
include
password-auth
# pam_selinux.so close should be the first session rule
session
required
pam_selinux.so close
session
required
pam_loginuid.so
# # pam_selinux.so open should only be followed by sessions to be executed in the user
context
session
required
pam_selinux.so open env_params
session
optional
pam_keyinit.so force revoke
session
include
password-auth
#
16. Configure System auth at /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
#auth sufficient pam_sss.so use_first_pass
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
#account [default=bad success=ok user_unknown=ignore] pam_sss.so
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
#password sufficient pam_sss.so use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_ldap.so use_authtok
#session optional pam_sss.so
session optional pam_krb5.so
session optional pam_ldap.so
session optional pam_oddjob_mkhomedir.so
17. Configure ladp configuiration at /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=iic,dc=il,dc=ibm,dc=com
URI ldap://ldp.iic.il.ibm.com
ssl
start_tls
TLS_REQCERT allow
TLS_CACERTDIR /etc/openldap/certs
TIMELIMIT 15
TIMEOUT
20
18. Configuring name service daemon at /etc/nslcd.conf
# /etc/nslcd.conf
#
# Configuration file for nslcd(8).
# See nslcd.conf(5), nslcd(8) and nsswitch.conf(5) for more info.
#
uid nslcd
gid ldap
uri ldap://ldp.iic.il.ibm.com
base dc=iic,dc=il,dc=ibm,dc=com
binddn cn=nssproxy,ou=users,dc=iic,dc=il,dc=ibm,dc=com
bindpw abc#123
rootpwmoddn cn=root,dc=iic,dc=il,dc=ibm,dc=com
bind_timelimit 5
timelimit 10
idle_timelimit 60
ssl start_tls
tls_reqcert never
nss_initgroups_ignoreusers adm,bin,daemon,dbus,ftp
nss_initgroups_ignoreusers games,gopher,halt,lp,mail
nss_initgroups_ignoreusers nfsnobody,nobody,nscd,nslcd,ntp,operator
nss_initgroups_ignoreusers root,rpc,rpcuser,saslauth
nss_initgroups_ignoreusers shutdown,sshd,sync,uucp,vcsa
tls_cacertdir /etc/openldap/certs
# EOF
19. Configuring name service switch at /etc/nsswitch.conf
passwd:
shadow:
group:
hosts:
ethers:
netmasks:
networks:
protocols:
rpc:
services:
netgroup:
automount:
aliases:
sudoers
files
files
files
files
files
files
files
files
files
files
ldap
files
files
files
ldap
ldap
ldap
dns
# sss changed by ldap
# sss changed by ldap
# sss changed by ldap
# removed sss
ldap
# sss changed by ldap
ldap
# sss changed by ldap
20. Configuring pam_ldap.conf at /etc/pam_ldap.conf
base dc=iic,dc=il,dc=ibm,dc=com
uri ldap://ldp.iic.il.ibm.com
binddn cn=nssproxy,ou=users,dc=iic,dc=il,dc=ibm,dc=com
bindpw abc#123
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password md5
21. Copying certs from openLDAP server to all of the BigInsights nodes
On the LDAP Server host, run the following commands (for each BigInsights node):
scp /etc/openldap/certs/* bigins:/etc/openldap/certs/
scp /etc/openldap/certs/* bigins1:/etc/openldap/certs/
scp /etc/openldap/certs/* bigins2:/etc/openldap/certs/
scp /etc/openldap/certs/* bigins3:/etc/openldap/certs/
22. Start local name service daemon (nslcd)
service nslcd start
Step 2: Setting up IBM JDK and JCE:
Download and Install IBM JDK and JCE on Linux servers:
http://www.ibm.com/developerworks/java/jdk/linux/download.html - JDK 6.0 SR 16
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk
On each Linux node run the following command (based on the JDK version which was provided
with the product) :
Remove the openjdk and other jdk's which are not IBM JDK
Copy the IBM JDK which is shipped with the BigInsights product, from :
/<INSTALL_DIR>/biginsights-3.0.0.2-enterprise-nonproduction-Linux-amd64b20141111_0600/artifacts/ibm-java-sdk-7.1-1.0-linux-x86_64.tgz
to a temporary
directory
Unzip the JDK tar.gz with tar
–xvf ibm-java-sdk-7.1-1.0-linux-x86_64.tgz
Unzip the JCE zip file and copy the extracted files to the directory which you have
unzipped the JDK files to meaning: <path_to_extracted_jdk_dir>/ jre/lib/security/
Compress the <path_to_extracted_jdk_dir> with command tar -cvzf
<filename><path.tgz> which you have done changes too, to a file named ibm-java-sdk7.1-1.0-linux-x86_64.tgz and replace the JDK which is shipped with the BigInsights
installation binaries (file name might change based on your version of JDK).
Step 3: Open LDAP time synchronization
Make sure all the nodes are synchronized to the same time and time zone before continuing.
chkconfig ntpd on
service ntpd start
Step 4: Configuring Kerberos client on all BigInsights nodes
1. Configure /etc/krb5.conf on each of your Linux machines (4 total)
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = IIC.IL.IBM.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
IIC.IL.IBM.COM = {
kdc = ldp.iic.il.ibm.com
admin_server = ldp.iic.il.ibm.com
}
[domain_realm]
iic.il.ibm.com = IIC.IL.IBM.COM
.iic.il.ibm.com = IIC.IL.IBM.COM
[login]
krb4_convert = true
krb4_get_tickets = false
2. Add Kerberos service definitions to each /etc/services (all Linux machines)
kerberos 88/udp kdc # Kerberos V5 KDC
kerberos 88/tcp kdc # Kerberos V5 KDC
klogin 543/tcp # Kerberos authenticated rlogin
kshell 544/tcp cmd # and remote shell
kerberos-adm 749/tcp # Kerberos 5 admin/changepw
kerberos-adm 749/udp # Kerberos 5 admin/changepw
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos auth. & encrypted rlogin
krb524 4444/tcp # Kerberos 5 to 4 ticket translator
Step 5: Creating and deploying host keytabs
1. Create the host keytabs
addprinc -randkey -e aes128-cts:normal host/[email protected]
cpw -pw abc#123 host/[email protected]
xst -norandkey -k /etc/keytabs/bigins.keytab host/[email protected]
addprinc -randkey -e aes128-cts:normal host/[email protected]
cpw -pw abc#123 host/[email protected]
xst -norandkey -k /etc/keytabs/bigins1.keytab host/[email protected]
addprinc -randkey -e aes128-cts:normal host/[email protected]
cpw -pw abc#123 host/[email protected]
xst -norandkey -k /etc/keytabs/bigins2.keytab host/[email protected]
addprinc -randkey -e aes128-cts:normal host/[email protected]
cpw -pw abc#123 host/[email protected]
xst -norandkey -k /etc/keytabs/bigins3.keytab host/[email protected]
2. Configure sssd (security deamon) file on each node
Backup the ssd file: cp -p /etc/sssd/sssd.conf /etc/sssd/sssd.conf.back
Edit the /etc/sssd/sssd.conf to look like following (on each of the BI servers )
File should look like the following:
[sssd]
config_file_version = 2
domains = default
services = nss, pam
debug level = 0
[nss]
[pam]
[domain/default]
ldap_tls_reqcert = never
auth_provider = krb5
ldap_schema = rfc2307bis
krb5_realm = IIC.IL.IBM.COM
ldap_search_base = dc=iic,dc=il,dc=ibm,dc=com
ldap_group_member = uniquemember
id_provider = ldap
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/[email protected]
ldap_id_use_start_tls = True
chpass_provider = krb5
ldap_uri = ldap://ldp.iic.il.ibm.com
krb5_kdcip = ldp.iic.il.ibm.com
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
krb5_server = ldp.iic.il.ibm.com
krb5_kpasswd = ldp.iic.il.ibm.com
3. Caching enablement
In our case we used configuration of AD+openLDAP+SSSD caching capability, therefore in
addition to previous file, the db2.pam.rhel from
$BIGINSIGHTS_INSTALLER_DIR/installer/hdm/components/db2/conf/
should be modified as follows:
[root@bigins ~]#
more /install/biginsights-3.0.0.0-SNAPSHOT-enterprise-production-Linuxamd64-b20140616_1652/installer/hdm/components/db2/conf/db2.pam.rhel
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account
account
account
account
account
required pam_unix.so
sufficient pam_succeed_if.so uid < 100 quiet
sufficient pam_ldap.so
sufficient pam_sss.so
required pam_permit.so
password requisite pam_cracklib.so retry=3 dcredit=-1 ucredit=-1
password sufficient pam_unix.so nullok use_authtok md5 shadowremember=3
password sufficient pam_ldap.so use_first_pass
password sufficient pam_sss.so use_first_pass
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
The pam_ldap.so should be replaced with pam_sss.so, /etc/pam.d/db2 will be replaced with this
file during BigInsights installation, and will be used by BigSQL3.0 for end user authentication as
well.
4. Deploy initialize and test the host keytabs
Copy the server keytabs into the /etc/ directory for each host (copy only its own keytab), each
server only its co-related keytab
Run the following commands on each of the BI servers .
chown root:root /etc/<servername>.keytab
chmod 0600 /etc/<servername>.keytab
mv /etc/<servername>.keytab /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/<servername>[email protected]
klist
ldapsearch -xZLLLWD cn=root,dc=iic,dc=il,dc=ibm,dc=com -b dc=iic,dc=il,dc=ibm,dc=com -H ldap://ldp.iic.il.ibm.com
Example output:
dn: cn=zookeeper,ou=users,dc=iic,dc=il,dc=ibm,dc=com
uid: zookeeper
shadowMin: 0
shadowMax: 99999
shadowLastChange: 15140
loginShell: /bin/bash
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: zookeeper
gidNumber: 200
shadowWarning: 7
homeDirectory: /home/zookeeper
uidNumber: 214
userPassword:: e3NzaGF9aFJhWGtOYnpGM0Qrbmp1WVNacVRyMHRUQWNidXlEbHNWVnV4c0E9PQ=
=
Following example file:
bigins
========
chown root:root /etc/keytabs/bigins.keytab
chmod 0600 /etc/keytabs/bigins.keytab
mv /etc/keytabs/bigins.keytab /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/[email protected]
klist
ldapsearch -xZLLLWD cn=root,dc=iic,dc=il,dc=ibm,dc=com -b
dc=iic,dc=il,dc=ibm,dc=com -H ldap://ldp.iic.il.ibm.com
bigins1
========
chown root:root /etc/keytabs/bigins1.keytab
chmod 0600 /etc/keytabs/bigins1.keytab
mv /etc/keytabs/bigins1.keytab /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/[email protected]
klist
ldapsearch -xZLLLWD cn=root,dc=iic,dc=il,dc=ibm,dc=com -b
dc=iic,dc=il,dc=ibm,dc=com -H ldap://ldp.iic.il.ibm.com
bigins2
========
chown root:root /etc/keytabs/bigins2.keytab
chmod 0600 /etc/keytabs/bigins2.keytab
mv /etc/keytabs/bigins2.keytab /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab
host/[email protected]
klist
ldapsearch -xZLLLWD cn=root,dc=iic,dc=il,dc=ibm,dc=com -b
dc=iic,dc=il,dc=ibm,dc=com -H ldap://ldp.iic.il.ibm.com
bigins3
========
chown root:root /etc/keytabs/bigins3.keytab
chmod 0600 /etc/keytabs/bigins3.keytab
mv /etc/keytabs/bigins3.keytab /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/[email protected]
klist
ldapsearch -xZLLLWD cn=root,dc=iic,dc=il,dc=ibm,dc=com -b
dc=iic,dc=il,dc=ibm,dc=com -H ldap://ldp.iic.il.ibm.com
End Example file.
Step 6: Creating the service Keytabs:
All keytabs are created on the KDC Server, and later moved and deployed to the BigInsights
nodes.
bigins-----------------------------------------------------------------
addprinc -randkey -e aes128-cts:normal HTTP/[email protected]
cpw -pw abc#123 HTTP/[email protected]
xst -norandkey -k /etc/keytabs/http.bigins.iic.il.ibm.com.keytab
HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal biadmin/[email protected]
cpw -pw abc#123 biadmin/[email protected]
xst -norandkey -k /etc/keytabs/biadmin.bigins.iic.il.ibm.com.keytab
biadmin/[email protected]
addprinc -randkey -e aes128-cts:normal alert/[email protected]
cpw -pw abc#123 alert/[email protected]
xst -norandkey -k /etc/keytabs/alert.bigins.iic.il.ibm.com.keytab
alert/[email protected]
addprinc -randkey -e aes128-cts:normal bigsql/[email protected]
cpw -pw abc#123 bigsql/[email protected]
xst -norandkey -k /etc/bigsql.bigins.iic.il.ibm.com.keytab
bigsql/[email protected]
addprinc -randkey -e aes128-cts:normal catalog/[email protected]
cpw -pw abc#123 catalog/[email protected]
xst -norandkey -k /etc/keytabs/catalog.bigins.iic.il.ibm.com.keytab
catalog/[email protected]
addprinc -randkey -e aes128-cts:normal console/[email protected]
cpw -pw abc#123 console/[email protected]
xst -norandkey -k /etc/keytabs/console.bigins.iic.il.ibm.com.keytab
console/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hadoop/[email protected]
cpw -pw abc#123 hadoop/[email protected]
xst -norandkey -k /etc/keytabs/hadoop.bigins.iic.il.ibm.com.keytab
hadoop/[email protected]
addprinc -randkey -e aes128-cts:normal hbase/[email protected]
cpw -pw abc#123 hbase/[email protected]
xst -norandkey -k /etc/keytabs/hbase.bigins.iic.il.ibm.com.keytab
hbase/[email protected]
addprinc -randkey -e aes128-cts:normal hdfs/[email protected]
cpw -pw abc#123 hdfs/[email protected]
xst -norandkey -k /etc/keytabs/hdfs.bigins.iic.il.ibm.com.keytab
hdfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hive/[email protected]
cpw -pw abc#123 hive/[email protected]
xst -norandkey -k /etc/keytabs/hive.bigins.iic.il.ibm.com.keytab
hive/[email protected]
addprinc -randkey -e aes128-cts:normal httpfs/[email protected]
cpw -pw abc#123 httpfs/[email protected]
xst -norandkey -k /etc/keytabs/httpfs.bigins.iic.il.ibm.com.keytab
httpfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal mapred/[email protected]
cpw -pw abc#123 mapred/[email protected]
xst -norandkey -k /etc/keytabs/mapred.bigins.iic.il.ibm.com.keytab
mapred/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal monitoring/[email protected]
cpw -pw abc#123 monitoring/[email protected]
xst -norandkey -k /etc/keytabs/monitoring.bigins.iic.il.ibm.com.keytab
monitoring/[email protected]
addprinc -randkey -e aes128-cts:normal oozie/[email protected]
cpw -pw abc#123 oozie/[email protected]
xst -norandkey -k /etc/keytabs/oozie.bigins.iic.il.ibm.com.keytab
oozie/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal orchestrator/[email protected]
cpw -pw abc#123 orchestrator/[email protected]
xst -norandkey -k /etc/keytabs/orchestrator.bigins.iic.il.ibm.com.keytab
orchestrator/[email protected]
addprinc -randkey -e aes128-cts:normal zookeeper/[email protected]
cpw -pw abc#123 zookeeper/[email protected]
xst -norandkey -k /etc/keytabs/zookeeper.bigins.iic.il.ibm.com.keytab
zookeeper/[email protected]
bigins1---------------------
addprinc -randkey -e aes128-cts:normal HTTP/[email protected]
cpw -pw abc#123 HTTP/[email protected]
xst -norandkey -k /etc/keytabs/http.bigins1.iic.il.ibm.com.keytab
HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal biadmin/[email protected]
cpw -pw abc#123 biadmin/[email protected]
xst -norandkey -k /etc/keytabs/biadmin.bigins1.iic.il.ibm.com.keytab
biadmin/[email protected]
addprinc -randkey -e aes128-cts:normal alert/[email protected]
cpw -pw abc#123 alert/[email protected]
xst -norandkey -k /etc/keytabs/alert.bigins1.iic.il.ibm.com.keytab
alert/[email protected]
addprinc -randkey -e aes128-cts:normal bigsql/[email protected]
cpw -pw abc#123 bigsql/[email protected]
xst -norandkey -k /etc/bigsql.bigins1.iic.il.ibm.com.keytab
bigsql/[email protected]
addprinc -randkey -e aes128-cts:normal catalog/[email protected]
cpw -pw abc#123 catalog/[email protected]
xst -norandkey -k /etc/keytabs/catalog.bigins1.iic.il.ibm.com.keytab
catalog/[email protected]
addprinc -randkey -e aes128-cts:normal console/[email protected]
cpw -pw abc#123 console/[email protected]
xst -norandkey -k /etc/keytabs/console.bigins1.iic.il.ibm.com.keytab
console/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hadoop/[email protected]
cpw -pw abc#123 hadoop/[email protected]
xst -norandkey -k /etc/keytabs/hadoop.bigins1.iic.il.ibm.com.keytab
hadoop/[email protected]
addprinc -randkey -e aes128-cts:normal hbase/[email protected]
cpw -pw abc#123 hbase/[email protected]
xst -norandkey -k /etc/keytabs/hbase.bigins1.iic.il.ibm.com.keytab
hbase/[email protected]
addprinc -randkey -e aes128-cts:normal hdfs/[email protected]
cpw -pw abc#123 hdfs/[email protected]
xst -norandkey -k /etc/keytabs/hdfs.bigins1.iic.il.ibm.com.keytab
hdfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hive/[email protected]
cpw -pw abc#123 hive/[email protected]
xst -norandkey -k /etc/keytabs/hive.bigins1.iic.il.ibm.com.keytab
hive/[email protected]
addprinc -randkey -e aes128-cts:normal httpfs/[email protected]
cpw -pw abc#123 httpfs/[email protected]
xst -norandkey -k /etc/keytabs/httpfs.bigins1.iic.il.ibm.com.keytab
httpfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal mapred/[email protected]
cpw -pw abc#123 mapred/[email protected]
xst -norandkey -k /etc/keytabs/mapred.bigins1.iic.il.ibm.com.keytab
mapred/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal monitoring/[email protected]
cpw -pw abc#123 monitoring/[email protected]
xst -norandkey -k /etc/keytabs/monitoring.bigins1.iic.il.ibm.com.keytab
monitoring/[email protected]
addprinc -randkey -e aes128-cts:normal oozie/[email protected]
cpw -pw abc#123 oozie/[email protected]
xst -norandkey -k /etc/keytabs/oozie.bigins1.iic.il.ibm.com.keytab
oozie/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal orchestrator/[email protected]
cpw -pw abc#123 orchestrator/[email protected]
xst -norandkey -k /etc/keytabs/orchestrator.bigins1.iic.il.ibm.com.keytab
orchestrator/[email protected]
addprinc -randkey -e aes128-cts:normal zookeeper/[email protected]
cpw -pw abc#123 zookeeper/[email protected]
xst -norandkey -k /etc/keytabs/zookeeper.bigins1.iic.il.ibm.com.keytab
zookeeper/[email protected]
bigins2---------------------
addprinc -randkey -e aes128-cts:normal HTTP/[email protected]
cpw -pw abc#123 HTTP/[email protected]
xst -norandkey -k /etc/keytabs/http.bigins2.iic.il.ibm.com.keytab
HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal biadmin/[email protected]
cpw -pw abc#123 biadmin/[email protected]
xst -norandkey -k /etc/keytabs/biadmin.bigins2.iic.il.ibm.com.keytab
biadmin/[email protected]
addprinc -randkey -e aes128-cts:normal alert/[email protected]
cpw -pw abc#123 alert/[email protected]
xst -norandkey -k /etc/keytabs/alert.bigins2.iic.il.ibm.com.keytab
alert/[email protected]
addprinc -randkey -e aes128-cts:normal bigsql/[email protected]
cpw -pw abc#123 bigsql/[email protected]
xst -norandkey -k /etc/bigsql.bigins2.iic.il.ibm.com.keytab
bigsql/[email protected]
addprinc -randkey -e aes128-cts:normal catalog/[email protected]
cpw -pw abc#123 catalog/[email protected]
xst -norandkey -k /etc/keytabs/catalog.bigins2.iic.il.ibm.com.keytab
catalog/[email protected]
addprinc -randkey -e aes128-cts:normal console/[email protected]
cpw -pw abc#123 console/[email protected]
xst -norandkey -k /etc/keytabs/console.bigins2.iic.il.ibm.com.keytab
console/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hadoop/[email protected]
cpw -pw abc#123 hadoop/[email protected]
xst -norandkey -k /etc/keytabs/hadoop.bigins2.iic.il.ibm.com.keytab
hadoop/[email protected]
addprinc -randkey -e aes128-cts:normal hbase/[email protected]
cpw -pw abc#123 hbase/[email protected]
xst -norandkey -k /etc/keytabs/hbase.bigins2.iic.il.ibm.com.keytab
hbase/[email protected]
addprinc -randkey -e aes128-cts:normal hdfs/[email protected]
cpw -pw abc#123 hdfs/[email protected]
xst -norandkey -k /etc/keytabs/hdfs.bigins2.iic.il.ibm.com.keytab
hdfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hive/[email protected]
cpw -pw abc#123 hive/[email protected]
xst -norandkey -k /etc/keytabs/hive.bigins2.iic.il.ibm.com.keytab
hive/[email protected]
addprinc -randkey -e aes128-cts:normal httpfs/[email protected]
cpw -pw abc#123 httpfs/[email protected]
xst -norandkey -k /etc/keytabs/httpfs.bigins2.iic.il.ibm.com.keytab
httpfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal mapred/[email protected]
cpw -pw abc#123 mapred/[email protected]
xst -norandkey -k /etc/keytabs/mapred.bigins2.iic.il.ibm.com.keytab
mapred/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal monitoring/[email protected]
cpw -pw abc#123 monitoring/[email protected]
xst -norandkey -k /etc/keytabs/monitoring.bigins2.iic.il.ibm.com.keytab
monitoring/[email protected]
addprinc -randkey -e aes128-cts:normal oozie/[email protected]
cpw -pw abc#123 oozie/[email protected]
xst -norandkey -k /etc/keytabs/oozie.bigins2.iic.il.ibm.com.keytab
oozie/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal orchestrator/[email protected]
cpw -pw abc#123 orchestrator/[email protected]
xst -norandkey -k /etc/keytabs/orchestrator.bigins2.iic.il.ibm.com.keytab
orchestrator/[email protected]
addprinc -randkey -e aes128-cts:normal zookeeper/[email protected]
cpw -pw abc#123 zookeeper/[email protected]
xst -norandkey -k /etc/keytabs/zookeeper.bigins2.iic.il.ibm.com.keytab
zookeeper/[email protected]
bigins3---------------------
addprinc -randkey -e aes128-cts:normal HTTP/[email protected]
cpw -pw abc#123 HTTP/[email protected]
xst -norandkey -k /etc/keytabs/http.bigins3.iic.il.ibm.com.keytab
HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal biadmin/[email protected]
cpw -pw abc#123 biadmin/[email protected]
xst -norandkey -k /etc/keytabs/biadmin.bigins3.iic.il.ibm.com.keytab
biadmin/[email protected]
addprinc -randkey -e aes128-cts:normal alert/[email protected]
cpw -pw abc#123 alert/[email protected]
xst -norandkey -k /etc/keytabs/alert.bigins3.iic.il.ibm.com.keytab
alert/[email protected]
addprinc -randkey -e aes128-cts:normal bigsql/[email protected]
cpw -pw abc#123 bigsql/[email protected]
xst -norandkey -k /etc/bigsql.bigins3.iic.il.ibm.com.keytab
bigsql/[email protected]
addprinc -randkey -e aes128-cts:normal catalog/[email protected]
cpw -pw abc#123 catalog/[email protected]
xst -norandkey -k /etc/keytabs/catalog.bigins3.iic.il.ibm.com.keytab
catalog/[email protected]
addprinc -randkey -e aes128-cts:normal console/[email protected]
cpw -pw abc#123 console/[email protected]
xst -norandkey -k /etc/keytabs/console.bigins3.iic.il.ibm.com.keytab
console/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hadoop/[email protected]
cpw -pw abc#123 hadoop/[email protected]
xst -norandkey -k /etc/keytabs/hadoop.bigins3.iic.il.ibm.com.keytab
hadoop/[email protected]
addprinc -randkey -e aes128-cts:normal hbase/[email protected]
cpw -pw abc#123 hbase/[email protected]
xst -norandkey -k /etc/keytabs/hbase.bigins3.iic.il.ibm.com.keytab
hbase/[email protected]
addprinc -randkey -e aes128-cts:normal hdfs/[email protected]
cpw -pw abc#123 hdfs/[email protected]
xst -norandkey -k /etc/keytabs/hdfs.bigins3.iic.il.ibm.com.keytab
hdfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal hive/[email protected]
cpw -pw abc#123 hive/[email protected]
xst -norandkey -k /etc/keytabs/hive.bigins3.iic.il.ibm.com.keytab
hive/[email protected]
addprinc -randkey -e aes128-cts:normal httpfs/[email protected]
cpw -pw abc#123 httpfs/[email protected]
xst -norandkey -k /etc/keytabs/httpfs.bigins3.iic.il.ibm.com.keytab
httpfs/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal mapred/[email protected]
cpw -pw abc#123 mapred/[email protected]
xst -norandkey -k /etc/keytabs/mapred.bigins3.iic.il.ibm.com.keytab
mapred/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal monitoring/[email protected]
cpw -pw abc#123 monitoring/[email protected]
xst -norandkey -k /etc/keytabs/monitoring.bigins3.iic.il.ibm.com.keytab
monitoring/[email protected]
addprinc -randkey -e aes128-cts:normal oozie/[email protected]
cpw -pw abc#123 oozie/[email protected]
xst -norandkey -k /etc/keytabs/oozie.bigins3.iic.il.ibm.com.keytab
oozie/[email protected] HTTP/[email protected]
addprinc -randkey -e aes128-cts:normal orchestrator/[email protected]
cpw -pw abc#123 orchestrator/[email protected]
xst -norandkey -k /etc/keytabs/orchestrator.bigins3.iic.il.ibm.com.keytab
orchestrator/[email protected]
addprinc -randkey -e aes128-cts:normal zookeeper/[email protected]
cpw -pw abc#123 zookeeper/[email protected]
xst -norandkey -k /etc/keytabs/zookeeper.bigins3.iic.il.ibm.com.keytab
zookeeper/[email protected]
Step 7: Initializing the service keytabs
For each user run the following commands on each node! Make sure to run kinit from IBM JDK
path the kinit step is only optional to validate your keytabs.
Syntax:
1. kinit -c FILE:/tmp/krb5cc_UID [email protected]
2. kinit -k -t /etc/keytabs/username.machine.domain.keytab -c FILE:/tmp/krb5cc_UID [email protected]
example:
1. kinit -c FILE:/tmp/krb5cc_200 [email protected]
2. kinit -k -t /etc/keytabs/biadmin.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_200
[email protected]
Full kinit file :
bigins
-----kinit -c FILE:/tmp/krb5cc_200 biadmin/[email protected]
kinit -k -t /etc/keytabs/biadmin.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_200
biadmin/[email protected]
kinit -c FILE:/tmp/krb5cc_201 alert/[email protected]
kinit -k -t /etc/keytabs/alert.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_201
alert/[email protected]
kinit -c FILE:/tmp/krb5cc_202 bigsql/[email protected]
kinit -k -t /etc/keytabs/bigsql.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_202
bigsql/[email protected]
kinit -c FILE:/tmp/krb5cc_203 catalog/[email protected]
kinit -k -t /etc/keytabs/catalog.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_203
catalog/[email protected]
kinit -c FILE:/tmp/krb5cc_204 console/[email protected]
kinit -k -t /etc/keytabs/console.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_204
console/[email protected]
kinit -c FILE:/tmp/krb5cc_205 hadoop/[email protected]
kinit -k -t /etc/keytabs/hadoop.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_205
hadoop/[email protected]
kinit -c FILE:/tmp/krb5cc_206 hbase/[email protected]
kinit -k -t /etc/keytabs/hbase.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_206
hbase/[email protected]
kinit -c FILE:/tmp/krb5cc_207 hdfs/[email protected]
kinit -k -t /etc/keytabs/hdfs.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_207
hdfs/[email protected]
kinit -c FILE:/tmp/krb5cc_208 hive/[email protected]
kinit -k -t /etc/keytabs/hive.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_208
hive/[email protected]
kinit -c FILE:/tmp/krb5cc_209 httpfs/[email protected]
kinit -k -t /etc/keytabs/httpfs.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_209
httpfs/[email protected]
kinit -c FILE:/tmp/krb5cc_210 mapred/[email protected]
kinit -k -t /etc/keytabs/mapred.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_210
mapred/[email protected]
kinit -c FILE:/tmp/krb5cc_211 monitoring/[email protected]
kinit -k -t /etc/keytabs/monitoring.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_211
monitoring/[email protected]
kinit -c FILE:/tmp/krb5cc_212 oozie/[email protected]
kinit -k -t /etc/keytabs/oozie.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_212
oozie/[email protected]
kinit -c FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -k -t /etc/keytabs/orchestrator.bigins.iic.il.ibm.com.keytab -c
FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -c FILE:/tmp/krb5cc_214 zookeeper/[email protected]
kinit -k -t /etc/keytabs/zookeeper.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_214
zookeeper/[email protected]
kinit -c FILE:/tmp/krb5cc_215 HTTP/[email protected]
kinit -k -t /etc/keytabs/http.bigins.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_215
HTTP/[email protected]
bigins1
-----kinit -c FILE:/tmp/krb5cc_200 biadmin/[email protected]
kinit -k -t /etc/keytabs/biadmin.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_200
biadmin/[email protected]
kinit -c FILE:/tmp/krb5cc_201 alert/[email protected]
kinit -k -t /etc/keytabs/alert.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_201
alert/[email protected]
kinit -c FILE:/tmp/krb5cc_202 bigsql/[email protected]
kinit -k -t /etc/keytabs/bigsql.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_202
bigsql/[email protected]
kinit -c FILE:/tmp/krb5cc_203 catalog/[email protected]
kinit -k -t /etc/keytabs/catalog.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_203
catalog/[email protected]
kinit -c FILE:/tmp/krb5cc_204 console/[email protected]
kinit -k -t /etc/keytabs/console.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_204
console/[email protected]
kinit -c FILE:/tmp/krb5cc_205 hadoop/[email protected]
kinit -k -t /etc/keytabs/hadoop.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_205
hadoop/[email protected]
kinit -c FILE:/tmp/krb5cc_206 hbase/[email protected]
kinit -k -t /etc/keytabs/hbase.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_206
hbase/[email protected]
kinit -c FILE:/tmp/krb5cc_207 hdfs/[email protected]
kinit -k -t /etc/keytabs/hdfs.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_207
hdfs/[email protected]
kinit -c FILE:/tmp/krb5cc_208 hive/[email protected]
kinit -k -t /etc/keytabs/hive.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_208
hive/[email protected]
kinit -c FILE:/tmp/krb5cc_209 httpfs/[email protected]
kinit -k -t /etc/keytabs/httpfs.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_209
httpfs/[email protected]
kinit -c FILE:/tmp/krb5cc_210 mapred/[email protected]
kinit -k -t /etc/keytabs/mapred.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_210
mapred/[email protected]
kinit -c FILE:/tmp/krb5cc_211 monitoring/[email protected]
kinit -k -t /etc/keytabs/monitoring.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_211
monitoring/[email protected]
kinit -c FILE:/tmp/krb5cc_212 oozie/[email protected]
kinit -k -t /etc/keytabs/oozie.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_212
oozie/[email protected]
kinit -c FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -k -t /etc/keytabs/orchestrator.bigins1.iic.il.ibm.com.keytab -c
FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -c FILE:/tmp/krb5cc_214 zookeeper/[email protected]
kinit -k -t /etc/keytabs/zookeeper.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_214
zookeeper/[email protected]
kinit -c FILE:/tmp/krb5cc_215 HTTP/[email protected]
kinit -k -t /etc/keytabs/http.bigins1.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_215
HTTP/[email protected]
bigins2
------
kinit -c FILE:/tmp/krb5cc_200 biadmin/[email protected]
kinit -k -t /etc/keytabs/biadmin.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_200
biadmin/[email protected]
kinit -c FILE:/tmp/krb5cc_201 alert/[email protected]
kinit -k -t /etc/keytabs/alert.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_201
alert/[email protected]
kinit -c FILE:/tmp/krb5cc_202 bigsql/[email protected]
kinit -k -t /etc/keytabs/bigsql.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_202
bigsql/[email protected]
kinit -c FILE:/tmp/krb5cc_203 catalog/[email protected]
kinit -k -t /etc/keytabs/catalog.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_203
catalog/[email protected]
kinit -c FILE:/tmp/krb5cc_204 console/[email protected]
kinit -k -t /etc/keytabs/console.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_204
console/[email protected]
kinit -c FILE:/tmp/krb5cc_205 hadoop/[email protected]
kinit -k -t /etc/keytabs/hadoop.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_205
hadoop/[email protected]
kinit -c FILE:/tmp/krb5cc_206 hbase/[email protected]
kinit -k -t /etc/keytabs/hbase.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_206
hbase/[email protected]
kinit -c FILE:/tmp/krb5cc_207 hdfs/[email protected]
kinit -k -t /etc/keytabs/hdfs.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_207
hdfs/[email protected]
kinit -c FILE:/tmp/krb5cc_208 hive/[email protected]
kinit -k -t /etc/keytabs/hive.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_208
hive/[email protected]
kinit -c FILE:/tmp/krb5cc_209 httpfs/[email protected]
kinit -k -t /etc/keytabs/httpfs.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_209
httpfs/[email protected]
kinit -c FILE:/tmp/krb5cc_210 mapred/[email protected]
kinit -k -t /etc/keytabs/mapred.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_210
mapred/[email protected]
kinit -c FILE:/tmp/krb5cc_211 monitoring/[email protected]
kinit -k -t /etc/keytabs/monitoring.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_211
monitoring/[email protected]
kinit -c FILE:/tmp/krb5cc_212 oozie/[email protected]
kinit -k -t /etc/keytabs/oozie.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_212
oozie/[email protected]
kinit -c FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -k -t /etc/keytabs/orchestrator.bigins2.iic.il.ibm.com.keytab -c
FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -c FILE:/tmp/krb5cc_214 zookeeper/[email protected]
kinit -k -t /etc/keytabs/zookeeper.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_214
zookeeper/[email protected]
kinit -c FILE:/tmp/krb5cc_215 HTTP/[email protected]
kinit -k -t /etc/keytabs/http.bigins2.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_215
HTTP/[email protected]
bigins3
------
kinit -c FILE:/tmp/krb5cc_200 biadmin/[email protected]
kinit -k -t /etc/keytabs/biadmin.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_200
biadmin/[email protected]
kinit -c FILE:/tmp/krb5cc_201 alert/[email protected]
kinit -k -t /etc/keytabs/alert.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_201
alert/[email protected]
kinit -c FILE:/tmp/krb5cc_202 bigsql/[email protected]
kinit -k -t /etc/keytabs/bigsql.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_202
bigsql/[email protected]
kinit -c FILE:/tmp/krb5cc_203 catalog/[email protected]
kinit -k -t /etc/keytabs/catalog.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_203
catalog/[email protected]
kinit -c FILE:/tmp/krb5cc_204 console/[email protected]
kinit -k -t /etc/keytabs/console.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_204
console/[email protected]
kinit -c FILE:/tmp/krb5cc_205 hadoop/[email protected]
kinit -k -t /etc/keytabs/hadoop.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_205
hadoop/[email protected]
kinit -c FILE:/tmp/krb5cc_206 hbase/[email protected]
kinit -k -t /etc/keytabs/hbase.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_206
hbase/[email protected]
kinit -c FILE:/tmp/krb5cc_207 hdfs/[email protected]
kinit -k -t /etc/keytabs/hdfs.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_207
hdfs/[email protected]
kinit -c FILE:/tmp/krb5cc_208 hive/[email protected]
kinit -k -t /etc/keytabs/hive.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_208
hive/[email protected]
kinit -c FILE:/tmp/krb5cc_209 httpfs/[email protected]
kinit -k -t /etc/keytabs/httpfs.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_209
httpfs/[email protected]
kinit -c FILE:/tmp/krb5cc_210 mapred/[email protected]
kinit -k -t /etc/keytabs/mapred.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_210
mapred/[email protected]
kinit -c FILE:/tmp/krb5cc_211 monitoring/[email protected]
kinit -k -t /etc/keytabs/monitoring.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_211
monitoring/[email protected]
kinit -c FILE:/tmp/krb5cc_212 oozie/[email protected]
kinit -k -t /etc/keytabs/oozie.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_212
oozie/[email protected]
kinit -c FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -k -t /etc/keytabs/orchestrator.bigins3.iic.il.ibm.com.keytab -c
FILE:/tmp/krb5cc_213 orchestrator/[email protected]
kinit -c FILE:/tmp/krb5cc_214 zookeeper/[email protected]
kinit -k -t /etc/keytabs/zookeeper.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_214
zookeeper/[email protected]
kinit -c FILE:/tmp/krb5cc_215 HTTP/[email protected]
kinit -k -t /etc/keytabs/http.bigins3.iic.il.ibm.com.keytab -c FILE:/tmp/krb5cc_215
HTTP/[email protected]
Step 8: Creating the cluster hosts file for the BigInsights installer
Vi<install_dir>/cluster_hosts.txt
Enter the following hosts :
bigins.iic.il.ibm.com
bigins1.iic.il.ibm.com
bigins2.iic.il.ibm.com
bigins3.iic.il.ibm.com
Step 9: Running BigInsights installer prechecker
installer/hdm/bin/bi-prechecker.sh -u root -m ENTERPRISE -g –f cluster_hosts.txt
Make sure everything is green before proceeding
Step 10: BigInsights installation
Running the BigInsights Installer
<BI_INSTALL_DIR>silent-install/silent-install.sh fullinstall.xml
Full Install.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<cluster-configuration>
<xml-version>2.1</xml-version>
<vendor>ibm</vendor>
<operation>install</operation>
<type>NonProductionEnvironment</type>
<current-version>3.0.0.2</current-version>
<general>
<biginsights-cluster-name>BICluster</biginsights-cluster-name>
<biginsights-install-directory>opt/ibm/biginsights</biginsights-installdirectory>
<biginsights-data-log-directory>var/ibm/biginsights</biginsights-data-logdirectory>
<directory-prefix>/</directory-prefix>
<overwrite>false</overwrite>
<file-system>hdfs</file-system>
<shared-directory/>
</general>
<ssh>
<configure>configure_ssh</configure>
<auth-method/>
<password>{xor}Nj0ybjgrKm0=</password>
<public-key/>
<administrator-user>
<username>biadmin</username>
<uid>200</uid>
</administrator-user>
<administrator-group>
<groupname>gbiadmin</groupname>
<gid>200</gid>
</administrator-group>
<biadmin-password>{xor}Pj08fG5tbA==</biadmin-password>
<current-user-password>{xor}</current-user-password>
</ssh>
<security>
<authentication>ldap</authentication>
<enable-kerberos>true</enable-kerberos>
<biginsightssystemadministrator>
<group>gbiadmin</group>
</biginsightssystemadministrator>
<biginsightsdataadministrator>
<group>gbiadmin</group>
</biginsightsdataadministrator>
<biginsightsapplicationadministrator>
<group>gbiadmin</group>
</biginsightsapplicationadministrator>
<biginsightsuser>
<group>gbiadmin</group>
</biginsightsuser>
<service-security>
<hadoop>
<hdfs-username>hdfs</hdfs-username>
<hdfs-uid>207</hdfs-uid>
<mapred-username>mapred</mapred-username>
<mapred-uid>210</mapred-uid>
</hadoop>
<Zookeeper>
<username>zookeeper</username>
<uid>214</uid>
</Zookeeper>
<HBase>
<username>hbase</username>
<uid>206</uid>
</HBase>
<Hive>
<username>hive</username>
<uid>208</uid>
</Hive>
<Oozie>
<username>oozie</username>
<uid>212</uid>
</Oozie>
<Monitoring>
<username>monitoring</username>
<uid>211</uid>
</Monitoring>
<HttpFS>
<username>httpfs</username>
<uid>209</uid>
</HttpFS>
<BigSQL>
<username>bigsql</username>
<uid>202</uid>
</BigSQL>
<Console>
<username>console</username>
<uid>204</uid>
</Console>
<Catalog>
<username>catalog</username>
<uid>203</uid>
<password>{xor}Pj08fG5tbA==</password>
</Catalog>
<alert>
<username>alert</username>
<uid>201</uid>
</alert>
<Orchestrator>
<username>orchestrator</username>
<uid>213</uid>
</Orchestrator>
</service-security>
<kerberos>
<realm>IIC.IL.IBM.COM</realm>
<keytab-directory>/etc/keytabs</keytab-directory>
<hive-authentication-option>kerberos</hive-authentication-option>
</kerberos>
</security>
<hdm>
<port>8800</port>
</hdm>
<Console>
<node>bigins.iic.il.ibm.com</node>
<sso-domain-name>iic.il.ibm.com</sso-domain-name>
<copy-hosts-file>false</copy-hosts-file>
<web-protocol>HTTP</web-protocol>
<management-console-port>8080</management-console-port>
<management-jmx-port>9180</management-jmx-port>
</Console>
<Jaql-server>
<configure>false</configure>
<node/>
<jaql-server-port>8200</jaql-server-port>
</Jaql-server>
<Jaql>
<configure>true</configure>
<log-directory>var/ibm/biginsights/jaql/logs</log-directory>
</Jaql>
<Catalog>
<configure>true</configure>
<catalog-type>db2</catalog-type>
<node>bigins.iic.il.ibm.com</node>
<port>50000</port>
</Catalog>
<hadoop>
<general>
<cache-directory>/media/data/hadoop/mapred/local</cache-directory>
<log-directory>var/ibm/biginsights/hadoop/logs</log-directory>
<mapred-system-directory>/media/data/hadoop/mapred/system</mapred-systemdirectory>
<apache-mapred>true</apache-mapred>
</general>
<hdfs>
<configure>true</configure>
</hdfs>
<namenode>
<node>bigins.iic.il.ibm.com</node>
<namenode-port>9000</namenode-port>
<namenode-http-port>50070</namenode-http-port>
<name-directory>hadoop/hdfs/name</name-directory>
<jmx-port>51170</jmx-port>
</namenode>
<jobtracker>
<node>bigins.iic.il.ibm.com</node>
<jobtracker-port>9001</jobtracker-port>
<jobtracker-http-port>50030</jobtracker-http-port>
<jmx-port>51130</jmx-port>
</jobtracker>
<secondarynamenode>
<node>bigins.iic.il.ibm.com</node>
<secondarynamenode-http-port>50090</secondarynamenode-http-port>
<data-directory-2nn>hadoop/hdfs/namesecondary</data-directory-2nn>
</secondarynamenode>
<datanode>
<selection-type>All</selection-type>
<nodes/>
<datanode-port>50010</datanode-port>
<datanode-ipc-port>50020</datanode-ipc-port>
<datanode-http-port>50075</datanode-http-port>
<tasktracker-http-port>50060</tasktracker-http-port>
<data-directory>/media/data/hadoop/hdfs/data</data-directory>
<datanode-jmx-port>51110</datanode-jmx-port>
</datanode>
</hadoop>
<Avro>
<configure>false</configure>
</Avro>
<Hive>
<configure>true</configure>
<hwi-node>bigins.iic.il.ibm.com</hwi-node>
<query-directory>var/ibm/biginsights/hive/query</query-directory>
<log-directory>var/ibm/biginsights/hive/logs</log-directory>
<hwi-port>9999</hwi-port>
<server-port>10000</server-port>
<properties/>
</Hive>
<Lucene>
<configure>true</configure>
</Lucene>
<Pig>
<configure>true</configure>
<log-directory>var/ibm/biginsights/pig/logs</log-directory>
</Pig>
<Oozie>
<configure>true</configure>
<node>bigins.iic.il.ibm.com</node>
<oozie-port>8280</oozie-port>
</Oozie>
<Zookeeper>
<configure>true</configure>
<nodes>bigins.iic.il.ibm.com</nodes>
<data-directory>var/ibm/biginsights/zookeeper/data</data-directory>
<log-directory>var/ibm/biginsights/zookeeper/logs</log-directory>
<client-port>2181</client-port>
<time-interval>2000</time-interval>
<init-limit>5</init-limit>
<sync-limit>2</sync-limit>
<jmx-port>3281</jmx-port>
</Zookeeper>
<HBase>
<configure>true</configure>
<zookeeper-mode>shared</zookeeper-mode>
<master-nodes>bigins.iic.il.ibm.com</master-nodes>
<install-mode>fully</install-mode>
<region-nodes-install-option>Specified</region-nodes-install-option>
<region-nodes>bigins3.iic.il.ibm.com, bigins2.iic.il.ibm.com,
bigins1.iic.il.ibm.com</region-nodes>
<root-directory>/hbase</root-directory>
<log-directory>var/ibm/biginsights/hbase/logs</log-directory>
<master-port>60000</master-port>
<master-ui-port>60010</master-ui-port>
<regionserver-port>60020</regionserver-port>
<regionserver-ui-port>60030</regionserver-ui-port>
<master-jmx-port>61100</master-jmx-port>
<regional-jmx-port>61120</regional-jmx-port>
</HBase>
<Flume>
<configure>true</configure>
<pid-directory>var/ibm/biginsights/flume/pids</pid-directory>
<log-directory>var/ibm/biginsights/flume/logs</log-directory>
</Flume>
<node-list>
<node>
<name-or-ip>bigins.iic.il.ibm.com</name-or-ip>
<password>{xor}</password>
<rack/>
<hdfs-data-directory>/media/data/hadoop/hdfs/data</hdfs-data-directory>
<gpfs-node-designation/>
<gpfs-admin-node/>
<gpfs-rawdisk-list/>
<gpfs-datapool-disk-list/>
<bigsql-data-directory/>
<node-type>public</node-type>
</node>
<node>
<name-or-ip>bigins1.iic.il.ibm.com</name-or-ip>
<password>{xor}</password>
<rack/>
<hdfs-data-directory>/media/data/hadoop/hdfs/data</hdfs-data-directory>
<gpfs-node-designation/>
<gpfs-admin-node/>
<gpfs-rawdisk-list/>
<gpfs-datapool-disk-list/>
<bigsql-data-directory/>
<node-type>private</node-type>
</node>
<node>
<name-or-ip>bigins2.iic.il.ibm.com</name-or-ip>
<password>{xor}</password>
<rack/>
<hdfs-data-directory>/media/data/hadoop/hdfs/data</hdfs-data-directory>
<gpfs-node-designation/>
<gpfs-admin-node/>
<gpfs-rawdisk-list/>
<gpfs-datapool-disk-list/>
<bigsql-data-directory/>
<node-type>private</node-type>
</node>
<node>
<name-or-ip>bigins3.iic.il.ibm.com</name-or-ip>
<password>{xor}</password>
<rack/>
<hdfs-data-directory>/media/data/hadoop/hdfs/data</hdfs-data-directory>
<gpfs-node-designation/>
<gpfs-admin-node/>
<gpfs-rawdisk-list/>
<gpfs-datapool-disk-list/>
<bigsql-data-directory/>
<node-type>private</node-type>
</node>
</node-list>
<GPFS>
<install>false</install>
<cluster>
<cluster-name>bigpfs</cluster-name>
<primary-configuration-server/>
<secondary-configuration-server/>
<use-privileged-port>false</use-privileged-port>
<tsc-tcp-port>null</tsc-tcp-port>
</cluster>
<file-system>
<default-metadata-replication>1</default-metadata-replication>
<max-metadata-replication>3</max-metadata-replication>
<default-data-replication>1</default-data-replication>
<max-data-replication>3</max-data-replication>
<block-allocation>cluster</block-allocation>
<block-group-factor>128</block-group-factor>
<write-affinity-depth>1</write-affinity-depth>
<estimated-cluster-size>32</estimated-cluster-size>
<mount-point/>
<tmp-fileset/>
<log-fileset/>
<use-local-cache-directory>true</use-local-cache-directory>
<generate-cache-path>true</generate-cache-path>
</file-system>
<monitoring>
<socket/>
<retries/>
<timeout/>
</monitoring>
</GPFS>
<enterprise>
<Orchestrator>
<configure>false</configure>
<node>bigins.iic.il.ibm.com</node>
<port>8888</port>
</Orchestrator>
<GuardiumProxy>
<configure>false</configure>
<proxy-node/>
<proxy-port>16015</proxy-port>
<collector-host/>
<collector-port>16016</collector-port>
</GuardiumProxy>
<BigSQL>
<configure>true</configure>
<node>bigins.iic.il.ibm.com</node>
<NIC>0.0.0.0</NIC>
<port>7052</port>
<head-node>bigins.iic.il.ibm.com</head-node>
<scheduler-nodes>bigins.iic.il.ibm.com</scheduler-nodes>
<work-nodes-selection-type>All</work-nodes-selection-type>
<work-nodes/>
<partitions>1</partitions>
<admin-user-password>{xor}Pj08fG5tbA==</admin-user-password>
<scheduler-service-port>7053</scheduler-service-port>
<scheduler-admin-port>7054</scheduler-admin-port>
<fcm-start-port>62000</fcm-start-port>
<server-port>51000</server-port>
<node-resources-percentage>25</node-resources-percentage>
<data-directory>var/ibm/biginsights/database/bigsql/data</data-directory>
</BigSQL>
<high-availability>
<hadoop-ha>
<ha-option/>
</hadoop-ha>
<jobtracker-ha>
<ha-option/>
</jobtracker-ha>
</high-availability>
<alert>
<nodes>bigins.iic.il.ibm.com</nodes>
<port>8380</port>
<config-smtp>false</config-smtp>
<smtp-node/>
<smtp-port/>
<smtp-user/>
<smtp-password>{xor}</smtp-password>
<smtp-connection-type/>
<alert-notification-recipients/>
</alert>
</enterprise>
<TaskController>
<directory>/var/bi-task-controller-conf</directory>
<groups>*</groups>
<hosts>*</hosts>
</TaskController>
<Monitoring>
<control-port>9093</control-port>
<rest-port>9099</rest-port>
</Monitoring>
<HttpFS>
<configure>true</configure>
<nodes-install-option>Specified</nodes-install-option>
<nodes>bigins.iic.il.ibm.com</nodes>
<log-directory>var/ibm/biginsights/httpfs/logs</log-directory>
<port>14000</port>
</HttpFS>
</cluster-configuration>
End fullinstall.xml file
Look for the following successful message:
INFO] DeployManager - Validate; SUCCEEDED components: [hadoop, hbase]; Consumes :
137641ms
[INFO] DeployCmdline - [ IBM InfoSphere BigInsights Enterprise Edition
NonProductionEnvironment Version ]
[INFO] DeployManager - Update rebind revalidate BigSQL; SUCCEEDED components: [];
Consumes : 844ms
[INFO] Removing installation status file.
[INFO] HadoopMgmtCmdline - Running removeBiTemp
[INFO] HdmUtil - Install configuration has changed in the system, reloading...
[INFO] Marking installation successful in /opt/ibm/biginsights/conf/operation.properties
[INFO] DeployCmdline - [ IBM InfoSphere BigInsights Enterprise Edition
NonProductionEnvironment Version ]
[INFO] HdmUtil - Install configuration has changed in the system, reloading...
[INFO] DeployManager - completeInstallation; SUCCEEDED components: []; Consumes : 4509ms
The shell environment was configured for all users and will be applied when you log in.
If you are already logged in, run
'source /opt/ibm/biginsights/conf/biginsights-env.sh'
to configure the environment.
Installation Successful!
Prefix 1: Complete users LDIF file
Complete LDIF file for users:
==============================================================================
version: 1
dn: ou=Users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: organizationalUnit
ou: Users
dn: cn=biadmin1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: biadmin1
gidNumber: 200
homeDirectory: /home/biadmin
uid: biadmin
uidNumber: 200
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9b0t5akI0K2liYzJONGpmaEh6UzRPYjYwRThEZG9EbUtTVk1wcUE9P
Q==
dn: cn=alert1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: alert1
gidNumber: 200
homeDirectory: /home/alert
uid: alert
uidNumber: 201
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9Nys4YlM1Njc2Z1BLN1N2b1BTallidkhLNHFXRG5ZaWRIZjdzY2c9P
Q==
dn: cn=bigsql1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: bigsql1
gidNumber: 200
homeDirectory: /home/bigsql
uid: bigsql
uidNumber: 202
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9QjRhdEwwbDhUanRkODBWQms4ejNzYVptalVUR0l0T01pMmFMV2c9P
Q==
dn: cn=catalog1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: catalog1
gidNumber: 200
homeDirectory: /home/catalog
uid: catalog
uidNumber: 203
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9eFJjZFZtVzRGa1JuWW5pYnd3a1NXR29OVVg1SXZZQURuZXN0NGc9P
Q==
dn: cn=console1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: console1
gidNumber: 200
homeDirectory: /home/console
uid: console
uidNumber: 204
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9a2N4d0VqWHkzeGEwQlFHTmF6MEdhMFNHSkUzTkxFNFdoYzRUYVE9P
Q==
dn: cn=hadoop1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hadoop1
gidNumber: 200
homeDirectory: /home/hadoop
uid: hadoop
uidNumber: 205
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9clAvbDlIU04xeXpvWTZBaHVwdUptQXhtd256UFZabm0yMmNjV3c9P
Q==
dn: cn=hbase1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hbase1
gidNumber: 200
homeDirectory: /home/hbase
uid: hbase
uidNumber: 206
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9Y0RjOVFpaXV5ZVNLbjIrRjZCTDFEclJkSng4WkY4Z2QrSlRkMHc9P
Q==
dn: cn=hdfs1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hdfs1
gidNumber: 200
homeDirectory: /home/hdfs
uid: hdfs
uidNumber: 207
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9dXoyY1dweEV5Q2dYdXNUZytQSjNwaElUdElTMFZwSjIxb2JOUWc9P
Q==
dn: cn=hive1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hive1
gidNumber: 200
homeDirectory: /home/hive
uid: hive
uidNumber: 208
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9MVdRZ0dKczRhQ20rdUtpM3l5S1dDdHhxemd6UVhGMjZoczNpM0E9P
Q==
dn: cn=http1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: http1
gidNumber: 200
homeDirectory: /home/http
uid: http
uidNumber: 215
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9UklyRzFTQmpzNDdmb3U2dncxM2o1djlPb25zdlpIVUQ3eU0xYWc9P
Q==
dn: cn=httpfs1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: httpfs1
gidNumber: 200
homeDirectory: /home/httpfs
uid: httpfs
uidNumber: 209
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9M056NlJSZFFOOElyL1NCUVFxZGdEOENyS0hkaldWUVEwRW1LU1E9P
Q==
dn: cn=mapred1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: mapred1
gidNumber: 200
homeDirectory: /home/mapred
uid: mapred
uidNumber: 210
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9TG1SbFJxbENrLzQxNG9IdmVPVHcrWG1QemJOYmhnZFE2SFpqT2c9P
Q==
dn: cn=monitoring1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: monitoring1
gidNumber: 200
homeDirectory: /home/monitoring
uid: monitoring
uidNumber: 211
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9SThRR1h3K1VGano5Titpcis5SmgxN2E2N09MSWdLMmVGdk9EOEE9P
Q==
dn: cn=oozie1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: oozie1
gidNumber: 200
homeDirectory: /home/oozie
uid: oozie
uidNumber: 212
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9ZmtzemlCSmJtK3dJdU1aaTk3b1lXalVKcmhUdThqU2FMdmF0ZEE9P
Q==
dn: cn=orchestrator1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: orchestrator1
gidNumber: 200
homeDirectory: /home/orchestrator
uid: orchestrator
uidNumber: 213
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9UTNCeWY1azREaUtjcEFhaEs3TW5FVWpzZnBCOHJEOVkxMzZoR1E9P
Q==
dn: cn=zookeeper1,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: zookeeper1
gidNumber: 200
homeDirectory: /home/zookeeper
uid: zookeeper
uidNumber: 214
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9NWFIM0hITWNsNFRVTGt0K0o0Q0ZHa1lpU29hcGtCRWNXMXVBNkE9P
Q==
dn: cn=biadmin2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: biadmin2
gidNumber: 200
homeDirectory: /home/biadmin
uid: biadmin
uidNumber: 200
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9U3VtdkR1TjVHVWptNDZnUFdHVnVwbktNOGd1V0diYi9aUzY3RXc9P
Q==
dn: cn=alert2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: alert2
gidNumber: 200
homeDirectory: /home/alert
uid: alert
uidNumber: 201
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9cnBMMlJOMVB2UktlMzZkMmNtb1F4K1l2cnhuK1U1TkZUcEt4VHc9P
Q==
dn: cn=bigsql2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: bigsql2
gidNumber: 200
homeDirectory: /home/bigsql
uid: bigsql
uidNumber: 202
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9K3NTdHgzcm9taG5LMGZjMk53dWpycW9zVWhIeW1xOURlckZUL0E9P
Q==
dn: cn=catalog2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: catalog2
gidNumber: 200
homeDirectory: /home/catalog
uid: catalog
uidNumber: 203
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9alpQWmFqN1FLQVBPV2x6MTJCNktKTnVudWpjaTRqS29VZnErM0E9P
Q==
dn: cn=console2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: console2
gidNumber: 200
homeDirectory: /home/console
uid: console
uidNumber: 204
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9M2FCZ2x6RllZTlUwYVVhd1AzS1cwaWJ0bFErbmwxM0dldFk4SXc9P
Q==
dn: cn=hadoop2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hadoop2
gidNumber: 200
homeDirectory: /home/hadoop
uid: hadoop
uidNumber: 205
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9VWNKZzVTZWlWQklOaXlseUxmcFE1UkxXWE92cTZBZ3BmN1FRU3c9P
Q==
dn: cn=hbase2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hbase2
gidNumber: 200
homeDirectory: /home/hbase
uid: hbase
uidNumber: 206
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9TWNNUFptWGh5UDlnYzFNa1U3N0Ezb2pENkszRUcxVXVvRU5oNUE9P
Q==
dn: cn=hdfs2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hdfs2
gidNumber: 200
homeDirectory: /home/hdfs
uid: hdfs
uidNumber: 207
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9ZHFjSGJYeUxzUU5pSzF4Ukl5SzhaTXFEZmdxaXBUSmlhUy8vcGc9P
Q==
dn: cn=hive2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hive2
gidNumber: 200
homeDirectory: /home/hive
uid: hive
uidNumber: 208
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9c2xEYlA2SGpXNXN4LytkeFhlNno4eGZTUXNXV1RqanhEQUpSbXc9P
Q==
dn: cn=http2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: http2
gidNumber: 200
homeDirectory: /home/http
uid: http
uidNumber: 215
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9OENvaldlWnVSUmRFQzVqV1ptdGw4K1hUNUpXVzB6bkhCU1lIT2c9P
Q==
dn: cn=httpfs2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: httpfs2
gidNumber: 200
homeDirectory: /home/httpfs
uid: httpfs
uidNumber: 209
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9UlEvZ1lkRkd5NUJ1cDVsejIvUEg0WXRpN21TWTBZRVU0ZlpkTmc9P
Q==
dn: cn=mapred2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: mapred2
gidNumber: 200
homeDirectory: /home/mapred
uid: mapred
uidNumber: 210
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9VXlGTHVScTF5ME9hTTR4aG9neS8vVldxY2sxazh1OUM0bU5CaEE9P
Q==
dn: cn=monitoring2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: monitoring2
gidNumber: 200
homeDirectory: /home/monitoring
uid: monitoring
uidNumber: 211
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9b04zRmxIQ3JlVGxyd0FzcWNnZVUxQmNlbW1GZU9tZU04ZTNBMHc9P
Q==
dn: cn=oozie2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: oozie2
gidNumber: 200
homeDirectory: /home/oozie
uid: oozie
uidNumber: 212
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9aGV1K3ZlVmZvVVc2ekNZQzZqWnBITFgzVDZKUUsvWDFOdDdwbGc9P
Q==
dn: cn=orchestrator2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: orchestrator2
gidNumber: 200
homeDirectory: /home/orchestrator
uid: orchestrator
uidNumber: 213
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9amVKa0pySzdaYnZpTnZ2RnVQZGxRVjZUSmpvMXRzaFRua2dRdXc9P
Q==
dn: cn=zookeeper2,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: zookeeper2
gidNumber: 200
homeDirectory: /home/zookeeper
uid: zookeeper
uidNumber: 214
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9aGlNbGVUUzMyMUEwVUZKbEU5ZllYekRGdmF2Y2pGRU0wUUlqcGc9P
Q==
dn: cn=biadmin3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: biadmin3
gidNumber: 200
homeDirectory: /home/biadmin
uid: biadmin
uidNumber: 200
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9bGRvei9wcjBlS0tvbUJhZCt3NWlsaGk3bkJxdXFZS1NnbG9jZmc9P
Q==
dn: cn=alert3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: alert3
gidNumber: 200
homeDirectory: /home/alert
uid: alert
uidNumber: 201
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9L3RXVSszTmxDZHM5bXVuMTF3ZXVkbFVtNHAzN3pvNEcyMlhyUkE9P
Q==
dn: cn=bigsql3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: bigsql3
gidNumber: 200
homeDirectory: /home/bigsql
uid: bigsql
uidNumber: 202
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9d1NYYitHUjVSalNGY3VtWG9SMXF5TVE1YjFtQmYyMEJBdHpWY3c9P
Q==
dn: cn=catalog3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: catalog3
gidNumber: 200
homeDirectory: /home/catalog
uid: catalog
uidNumber: 203
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9QUZXSGp2bWMwVEVqZnc3ZWM2SmRQZnl4MWg2akZxTmFwQVhSVlE9P
Q==
dn: cn=console3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: console3
gidNumber: 200
homeDirectory: /home/console
uid: console
uidNumber: 204
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9SXVpSFA0S0VKblVLaU5WSWtsUmNPV0FwTEdXekdaRktwUkJualE9P
Q==
dn: cn=hadoop3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hadoop3
gidNumber: 200
homeDirectory: /home/hadoop
uid: hadoop
uidNumber: 205
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9ZWtVdHVZSWdVcEJVcUxjc1BhU2FSYWwvOVUxbkZ3VDBsY0U3VGc9P
Q==
dn: cn=hbase3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hbase3
gidNumber: 200
homeDirectory: /home/hbase
uid: hbase
uidNumber: 206
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9OEFNZTI3enI3K2hrTGhyNysxelcrMWdEb2FQUmo2NFJlZnY0c3c9P
Q==
dn: cn=hdfs3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hdfs3
gidNumber: 200
homeDirectory: /home/hdfs
uid: hdfs
uidNumber: 207
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9WGtkbTU4RkpVUXkzQUl2dndrL2toWStsNStHNTZaSVlEMXpuY2c9P
Q==
dn: cn=hive3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hive3
gidNumber: 200
homeDirectory: /home/hive
uid: hive
uidNumber: 208
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9NzhDVE1OQm1ZOTJiZVBPd2Jteno1NUFKc3FCeHVpZzRSck1idkE9P
Q==
dn: cn=http3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: http3
gidNumber: 200
homeDirectory: /home/http
uid: http
uidNumber: 215
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9dFRDb2xZZU10b0FyUFpQdnNpdnlDSnlzL3NXdVIvcWwyRml6ekE9P
Q==
dn: cn=httpfs3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: httpfs3
gidNumber: 200
homeDirectory: /home/httpfs
uid: httpfs
uidNumber: 209
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9TEljNTVDZ2hxNlRmd0hFZC9mMkp2QjNsR2lNTGhXbk5tZEtES3c9P
Q==
dn: cn=mapred3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: mapred3
gidNumber: 200
homeDirectory: /home/mapred
uid: mapred
uidNumber: 210
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9NzV5Z3lEQUh5VUVIY1RWR1JQaFI2dUs4ZXlHdE5WN2pBNjFrZGc9P
Q==
dn: cn=monitoring3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: monitoring3
gidNumber: 200
homeDirectory: /home/monitoring
uid: monitoring
uidNumber: 211
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9a1pMbHROa1JKSEMzZUp3UlpZamxZWWw3SmRwYnJqSnJ4TndnMnc9P
Q==
dn: cn=oozie3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: oozie3
gidNumber: 200
homeDirectory: /home/oozie
uid: oozie
uidNumber: 212
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9eWhQdEtYYlJJa0RIUXBzc2I5b3NpY1dJYS9OeXBsR01NbHdlYmc9P
Q==
dn: cn=orchestrator3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: orchestrator3
gidNumber: 200
homeDirectory: /home/orchestrator
uid: orchestrator
uidNumber: 213
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9aHNVZzdpazIzbW8rTEdwVElsVWdLR09abndHakdvd3dEbTMxVlE9P
Q==
dn: cn=zookeeper3,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: zookeeper3
gidNumber: 200
homeDirectory: /home/zookeeper
uid: zookeeper
uidNumber: 214
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9dVpyTWtVNXhQazk2YjBkZEt2ZldSc1lIRE00NnhQZkNvTDRZY0E9P
Q==
dn: cn=biadmin,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: biadmin
gidNumber: 200
homeDirectory: /home/biadmin
uid: biadmin
uidNumber: 200
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e1NTSEF9aDFlRDYyUHBTWFVYZkpvNWdRMFJNYjN4QXpSenMvcXE=
dn: cn=alert,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: alert
gidNumber: 200
homeDirectory: /home/alert
uid: alert
uidNumber: 201
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9VTU2L1p0NEE5SVFQSUVLUzVWbVJTK2M1QWVtSlBFYjhDUjZ0TXc9P
Q==
dn: cn=bigsql,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: bigsql
gidNumber: 200
homeDirectory: /home/bigsql
uid: bigsql
uidNumber: 202
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9VGUvMlJabVdxbEFjRlpROWNMSUtLZlk2anl4SExNQ2ZsY2laaXc9P
Q==
dn: cn=catalog,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: catalog
gidNumber: 200
homeDirectory: /home/catalog
uid: catalog
uidNumber: 203
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9UUttcEZjd2dtaVdXZGlvU0szbnJuT3p2cUE1ZDVlMjQzNmR5TUE9P
Q==
dn: cn=console,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: console
gidNumber: 200
homeDirectory: /home/console
uid: console
uidNumber: 204
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9S1RsWS9tdStOdmhGZXlyc240VDFzdmd2Y05hQXlhQldEZ3kvTmc9P
Q==
dn: cn=hadoop,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hadoop
gidNumber: 200
homeDirectory: /home/hadoop
uid: hadoop
uidNumber: 205
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9bHFwVm41VUdJS0k3UnBJV1ZyNTlVZTIrRUdYbUE2dFEwRFBKRkE9P
Q==
dn: cn=hbase,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hbase
gidNumber: 200
homeDirectory: /home/hbase
uid: hbase
uidNumber: 206
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9OS9DNE5FT3N5eEVGdTJLTU9zOHZobVBmazBaeFZLM1BCaFB2Umc9P
Q==
dn: cn=hdfs,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hdfs
gidNumber: 200
homeDirectory: /home/hdfs
uid: hdfs
uidNumber: 207
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9L3hTb2pjUko5SkxFL0RmQ3FQUnJWay9wTHFMd1hsck5YU1lYSFE9P
Q==
dn: cn=hive,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: hive
gidNumber: 200
homeDirectory: /home/hive
uid: hive
uidNumber: 208
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9Y0RaWnh3UmdjRFJYZWlrT2N1aU83VlJsYldEMFhYUUxYVnkwZGc9P
Q==
dn: cn=http,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: http
gidNumber: 200
homeDirectory: /home/http
uid: http
uidNumber: 215
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9a0FjRkRrdyt0bW8rWEdmYzJWRVFaMTlDZ2J4YzNaRmNMYy9hSUE9P
Q==
dn: cn=httpfs,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: httpfs
gidNumber: 200
homeDirectory: /home/httpfs
uid: httpfs
uidNumber: 209
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9cCtZK2VpcTMzYklNNnZ1Qnl6eWhqb0RqaXVCM01PSFhXeXhBTEE9P
Q==
dn: cn=mapred,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: mapred
gidNumber: 200
homeDirectory: /home/mapred
uid: mapred
uidNumber: 210
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9clN0UFVaS1NSNW5NdzU5NDUwYWp1YWxFa0ViR2dDUithVjYrY3c9P
Q==
dn: cn=monitoring,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: monitoring
gidNumber: 200
homeDirectory: /home/monitoring
uid: monitoring
uidNumber: 211
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9R1dXeEhwOFB1VEc3aHgwUVhDVFZWS21jcWhFUk1aZ2NtbzRaT3c9P
Q==
dn: cn=oozie,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: oozie
gidNumber: 200
homeDirectory: /home/oozie
uid: oozie
uidNumber: 212
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9ZjdTd29aS2pJUUV1ZDBSVWdaY20vVnBVSWFuK0F0TVBOc0lzM2c9P
Q==
dn: cn=orchestrator,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: orchestrator
gidNumber: 200
homeDirectory: /home/orchestrator
uid: orchestrator
uidNumber: 213
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9OVYrdGw2dWExQytXbVIwbTFZOEw0eEJ3Mld5dlRtWnFtNDVKNkE9P
Q==
dn: cn=zookeeper,ou=users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: zookeeper
gidNumber: 200
homeDirectory: /home/zookeeper
uid: zookeeper
uidNumber: 214
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9aFJhWGtOYnpGM0Qrbmp1WVNacVRyMHRUQWNidXlEbHNWVnV4c0E9P
Q==
dn: cn=nssproxy,ou=Users,dc=iic,dc=il,dc=ibm,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
cn: nssproxy
gidNumber: 801
homeDirectory: /home/nssproxy
uid: nssproxy
uidNumber: 801
loginShell: /bin/bash
shadowLastChange: 15140
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
userPassword:: e3NzaGF9eTZIY3Vod2lnaXlYQzIvR2pqMk5uVHUza1pZaS9YbS9WS1JoZ1E9P
Q==
==============================================================================
End Users LDIF File
Prefix 2: Complete groups LDIF file
Complete groups LDIF file
==============================================================================
version: 1
dn: ou=Groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=gbiadmin,ou=Groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: top
objectClass: posixGroup
cn: gbiadmin
gidNumber: 200
description: BigInsights Admins
dn: cn=gbidataadmin,ou=groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: posixGroup
objectClass: top
cn: gbidataadmin
gidNumber: 4300
description: BigInsights data administrators
dn: cn=gbiappadmin,ou=groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: posixGroup
objectClass: top
cn: gbiappadmin
gidNumber: 4100
description: BigInsights application administrators
dn: cn=gbisysadmin,ou=groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: posixGroup
objectClass: top
cn: gbisysadmin
gidNumber: 4200
description: BigInsights system administrators
dn: cn=gbiusers,ou=groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: posixGroup
objectClass: top
cn: gbiusers
gidNumber: 4400
description: BigInsights system administrators
dn: cn=nssproxy,ou=Groups,dc=iic,dc=il,dc=ibm,dc=com
objectClass: top
objectClass: posixGroup
cn: nssproxy
gidNumber: 801
description: Network Service Switch Proxy
End Groups LDIF File
==============================================================================
Prefix 3: Complete hosts LDIF file
dn: dc=iic,dc=il,dc=ibm,dc=com
objectClass: organization
objectClass: dcObject
objectClass: top
dc: iic
o: Example Organization
description: Example Inc DIT
Q==
dn: ipHostNumber=10.10.162.15,dc=iic,dc=il,dc=ibm,dc=com
objectClass: ipHost
objectClass: top
objectClass: device
cn: bigins
ipHostNumber: 10.10.162.15
dn: ipHostNumber=10.10.162.16,dc=iic,dc=il,dc=ibm,dc=com
objectClass: ipHost
objectClass: top
objectClass: device
cn: bigins1
ipHostNumber: 10.10.162.16
dn: ipHostNumber=10.10.162.17,dc=iic,dc=il,dc=ibm,dc=com
objectClass: ipHost
objectClass: top
objectClass: device
cn: bigins2
ipHostNumber: 10.10.162.17
dn: ipHostNumber=10.10.162.18,dc=iic,dc=il,dc=ibm,dc=com
objectClass: ipHost
objectClass: top
objectClass: device
cn: bigins3
ipHostNumber: 10.10.162.18
==============================================================================