Fixed Kerberos deployment, added HA variable so this is no longer coupled directly with secure cluster install.

Author: smithzc

compute.tf

@@ -1,6 +1,6 @@
 module "bastion" {
 	source	= "modules/bastion"
-	instances = "1"
+	instances = "${var.bastion_node_count}"
 	region = "${var.region}"
 	compartment_ocid = "${var.compartment_ocid}"
 	subnet_id = "${module.network.bastion-id}" 
@@ -41,6 +41,7 @@ module "utility" {
 	block_volume_count = "${var.block_volumes_per_worker}"
 	AD = "${var.availability_domain}"
 	deployment_type = "${var.deployment_type}"
+	hdfs_ha = "${var.hdfs_ha}"
 	cluster_name = "${var.cluster_name}"
 }
 

schema.yaml

@@ -16,6 +16,14 @@ groupings:
   - ${deployment_type}
   - ${log_volume_size_in_gbs}
   - ${cloudera_volume_size_in_gbs}
+- title: "High Availability"
+  variables:
+  - ${hdfs_ha}
+  visible:
+    not:
+      - eq:
+        - ${deployment_type}
+        - "simple"
 - title: "Worker Node Options"
   variables:
   - ${worker_instance_shape}
@@ -40,6 +48,7 @@ groupings:
 - title: "Edge Node Options"
   variables:
   - ${bastion_instance_shape}
+  - ${bastion_node_count}
 
 - title: "Pre-Defined"
   variables:
@@ -106,6 +115,15 @@ variables:
     title: "Deployment Type"
     required: true
 
+  hdfs_ha:
+    type: enum
+    enum:
+    - "True"
+    - "False"
+    title: "High Availability"
+    description: "Enable High Availability?"
+    required: true
+
   worker_instance_shape:
     type: enum
     enum:
@@ -179,6 +197,13 @@ variables:
     title: "Shape of Edge Nodes"
     required: true
 
+  bastion_node_count:
+    type: integer
+    title: "Number of Edge Nodes"
+    description: "Enter a number, 0 to service limit of shape"
+    minimum: 0
+    required: true
+
   ssh_public_key:
     type: string
     title: "SSH Public Key"

scripts/boot.sh

@@ -53,6 +53,24 @@ includedir /etc/krb5.conf.d/
 [domain_realm]
     .${realm} = ${REALM}
      ${realm} = ${REALM}
+    bastion1.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion1.cdhvcn.oraclevcn.com = ${REALM}
+    bastion2.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion2.cdhvcn.oraclevcn.com = ${REALM}
+    bastion3.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion3.cdhvcn.oraclevcn.com = ${REALM}
+    .public1.cdhvcn.oraclevcn.com = ${REALM}
+    public1.cdhvcn.oraclevcn.com = ${REALM}
+    .public2.cdhvcn.oraclevcn.com = ${REALM}
+    public2.cdhvcn.oraclevcn.com = ${REALM}
+    .public3.cdhvcn.oraclevcn.com = ${REALM}
+    public3.cdhvcn.oraclevcn.com = ${REALM}
+    .private1.cdhvcn.oraclevcn.com = ${REALM}
+    private1.cdhvcn.oraclevcn.com = ${REALM}
+    .private2.cdhvcn.oraclevcn.com = ${REALM}
+    private2.cdhvcn.oraclevcn.com = ${REALM}
+    .private3.cdhvcn.oraclevcn.com = ${REALM}
+    private3.cdhvcn.oraclevcn.com = ${REALM}
 
 [kdc]
     profile = /var/kerberos/krb5kdc/kdc.conf

scripts/cms_mysql.sh

@@ -14,6 +14,7 @@ availability_domain=`curl -L http://169.254.169.254/opc/v1/instance/metadata/ava
 worker_shape=`curl -L http://169.254.169.254/opc/v1/instance/metadata/worker_shape`
 worker_disk_count=`curl -L http://169.254.169.254/opc/v1/instance/metadata/block_volume_count`
 deployment_type=`curl -L http://169.254.169.254/opc/v1/instance/metadata/deployment_type`
+hdfs_ha=`curl -L http://169.254.169.254/opc/v1/instance/metadata/hdfs_ha`
 cluster_name=`curl -L http://169.254.169.254/opc/v1/instance/metadata/cluster_name`
 EXECNAME="TUNING"
 log "-> START"
@@ -46,7 +47,7 @@ log "-> INSTALL"
 yum -y install krb5-server krb5-libs krb5-workstation >> $LOG_FILE
 KERBEROS_PASSWORD="SOMEPASSWORD"
 SCM_USER_PASSWORD="somepassword"
-kdc_server=${cm_fqdn}
+kdc_fqdn=${cm_fqdn}
 realm="hadoop.com"
 REALM="HADOOP.COM"
 log "-> CONFIG"
@@ -78,6 +79,24 @@ includedir /etc/krb5.conf.d/
 [domain_realm]
     .${realm} = ${REALM}
      ${realm} = ${REALM}
+    bastion1.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion1.cdhvcn.oraclevcn.com = ${REALM}
+    bastion2.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion2.cdhvcn.oraclevcn.com = ${REALM}
+    bastion3.cdhvcn.oraclevcn.com = ${REALM}
+    .bastion3.cdhvcn.oraclevcn.com = ${REALM}
+    .public1.cdhvcn.oraclevcn.com = ${REALM}
+    public1.cdhvcn.oraclevcn.com = ${REALM}
+    .public2.cdhvcn.oraclevcn.com = ${REALM}
+    public2.cdhvcn.oraclevcn.com = ${REALM}
+    .public3.cdhvcn.oraclevcn.com = ${REALM}
+    public3.cdhvcn.oraclevcn.com = ${REALM}
+    .private1.cdhvcn.oraclevcn.com = ${REALM}
+    private1.cdhvcn.oraclevcn.com = ${REALM}
+    .private2.cdhvcn.oraclevcn.com = ${REALM}
+    private2.cdhvcn.oraclevcn.com = ${REALM}
+    .private3.cdhvcn.oraclevcn.com = ${REALM}
+    private3.cdhvcn.oraclevcn.com = ${REALM}
 
 [kdc]
     profile = /var/kerberos/krb5kdc/kdc.conf
@@ -388,6 +407,11 @@ for w in `seq 1 $num_workers`; do
 done;
 log "-->Host List: ${fqdn_list}"
 log "-->Cluster Build"
-log "---> python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type}  -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name}"
-python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type} -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name} 2>&1 1>> $LOG_FILE
+if [ $hdfs_ha = "True" ]; then 
+	log "---> python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type} -H -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name}"
+	python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type} -H -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name} 2>&1 1>> $LOG_FILE	
+else
+	log "---> python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type} -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name}"
+	python /var/lib/cloud/instance/scripts/deploy_on_oci.py -D ${deployment_type} -m ${cm_ip} -i ${fqdn_list} -d ${worker_disk_count} -w ${worker_shape} -n ${num_workers} -cdh ${cdh_version} -ad ${availability_domain} -N ${cluster_name} 2>&1 1>> $LOG_FILE
+fi
 log "->DONE"

scripts/deploy_on_oci.py

@@ -30,6 +30,7 @@
 data_tiering = 'False'
 nvme_disks = 0
 deployment_type = 'simple'  # type: str
+availability_domain = 'None'
 # Custom Global Parameters - Customize below here
 debug = 'False'  # type: str
 # Define new admin username and password for Cloudera Manager
@@ -42,7 +43,7 @@
 cluster_primary_version = ' '
 kafka_parcel_url = ' '
 secure_cluster = 'True'  # type: bool
-hdfs_ha = 'True'  # type: bool
+hdfs_ha = 'False'  # type: bool
 # These should match what is in the Cloudera Manager CloudInit bootstrap file and instance boot files
 realm = 'HADOOP.COM'
 kdc_admin = 'cloudera-scm@HADOOP.COM'
@@ -592,29 +593,6 @@ def monitor_parcel(parcel_product, parcel_version, target_stage):
     print('\n\n')
 
 
-def read_parcels():
-    """
-    List all parcels the cluster has access to
-    :return:
-    """
-    try:
-        api_response = parcels_api.read_parcels(cluster_name, view='FULL')
-        pprint(api_response)
-    except ApiException as e:
-        print('Exception calling ParcelResourceApi->read_parcels {}'.format(e))
-
-
-def delete_parcel(parcel_product, parcel_version):
-    """
-    Delete specified parcel
-    :param parcel_product: Parcel Product Name - e.g. CDH, SPARK_ON_YARN
-    :param parcel_version: Version of Parcel
-    :return:
-    """
-    parcel_api.start_removal_of_distribution_command(cluster_name, parcel_product, parcel_version)
-    parcel_api.remove_download_command(cluster_name, parcel_product, parcel_version)
-
-
 def restart_cluster():
     """
     Restart Cluster
@@ -771,19 +749,6 @@ def begin_trial():
         print('Exception calling ClouderaManagerResourceApi -> begin_trial: {}\n'.format(e))
 
 
-def end_trial():
-    """
-    End Trial License
-    :return:
-    """
-    try:
-        api_response = cloudera_manager_api.end_trial()
-        if debug == 'True':
-            pprint(api_response)
-    except ApiException as e:
-        print('Exception calling ClouderaManagerResourceApi -> end_trial: {}\n'.format(e))
-
-
 def update_mgmt_rcg(rcg_name, role, display_name, rcg_config):
     """
     Create Management Services using api_mgmt_service_list
@@ -1531,19 +1496,6 @@ def create_mgmt_roles(mgmt_rcg, mgmt_rcg_roletype, mgmt_host_id, mgmt_hostname,
         print('Exception calling MgmtRolesResourceApi -> create_roles {}\n'.format(e))
 
 
-def lookup_host_uuid(hostname):
-    """
-    Search cluster_host_list for a specific hostname - depends on list_hosts()
-    :param hostname: Hostname to return UUID for
-    :return:
-    """
-    for x in range(0, len(cluster_host_list.items)):
-        if hostname in cluster_host_list.items[x].hostname:
-            print(cluster_host_list.items[x].host_id)
-    else:
-        pass
-
-
 def cluster_action(action, *kwargs):
     """
     Execute a cluster action
@@ -1966,7 +1918,7 @@ def config_mgmt_for_kerberos():
     Setup Cloudera Manager Kerberos Configuration
     :return:
     """
-    cm_fqdn = cm_hostname + 'public' + availability_domain + '.cdhvcn.oraclevcn.com'
+    cm_fqdn = cm_hostname 
     KDC_ADMIN_HOST = cm_client.ApiConfig(name='KDC_ADMIN_HOST', value=cm_fqdn)
     KDC_ADMIN_PASSWORD = cm_client.ApiConfig(name='KDC_ADMIN_PASSWORD', value=kdc_password)
     KDC_ADMIN_USER = cm_client.ApiConfig(name='KDC_ADMIN_USER', value=kdc_admin)
@@ -2067,7 +2019,8 @@ def options_parser(args=None):
                                                                                  'OCI using cm_client with Cloudera '
                                                                                  'Manager API %s' % (cdh_version,
                                                                                                      api_version))
-    parser.add_argument('-D', '--deployment_type', metavar='deployment_type', help='simple, no HA or Kerberos at deployment, or secure to enable both')
+    parser.add_argument('-D', '--deployment_type', metavar='deployment_type', help='simple, no Kerberos at deployment, or secure to enable')
+    parser.add_argument('-H', '--hdfs_ha', action='store_true')
     parser.add_argument('-m', '--cm_server', metavar='cm_server', required='True',
                         help='Cloudera Manager IP to connect API using cm_client')
     parser.add_argument('-i', '--input_host_list', metavar='input_host_list',
@@ -2088,6 +2041,7 @@ def options_parser(args=None):
     cdh_version = options.cdh_version
     if cluster_primary_version == '6':
 	remote_parcel_url = 'https://archive.cloudera.com/cdh6/' + options.cdh_version + '/parcels'  # type: str
+	kafka_parcel_url = ' '
     else:
 	remote_parcel_url = 'https://archive.cloudera.com/cdh5/parcels/' + options.cdh_version  #type: str
         if options.cdh_version.split('.')[2] >= '13':
@@ -2322,7 +2276,7 @@ def enable_kerberos():
 #
 
 if __name__ == '__main__':
-    cm_server, input_host_list, disk_count, license_file, worker_shape, num_workers, deployment_type, cdh_version, cms_version, cluster_name, cluster_primary_version, kafka_parcel_url =\
+    cm_server, input_host_list, disk_count, license_file, worker_shape, num_workers, deployment_type, cdh_version, availability_domain, cluster_name, cluster_primary_version, kafka_parcel_url =\
         options_parser(sys.argv[1:])
     if debug == 'True':
         print('cm_server = %s' % cm_server)

variables.tf

@@ -24,6 +24,10 @@ variable "deployment_type" {
     default = "simple" 
 }
 
+variable "hdfs_ha" {
+    default = "False"
+}
+
 variable "worker_instance_shape" {
   default = "BM.DenseIO2.52"
 }
@@ -74,6 +78,10 @@ variable "bastion_instance_shape" {
   default = "VM.Standard2.4"
 }
 
+variable "bastion_node_count" {
+  default = "1"
+}
+
 # Which AD to target - this can be adjusted.  Default 1 for single AD regions.
 variable "availability_domain" {
   default = "1"