主脚本 add_princ-download_keytabs.sh
#! /bin/bash
base_dir=/etc/security/keytabs
counter=1
while read host_name princ k_name user_name;
do
echo "$counter ==>> ${host_name} ${princ} ${k_name} ${user_name}"
[ ! -d ${base_dir}/${host_name} ] && mkdir -p ${base_dir}/${host_name}
kadmin.local -q "addprinc -randkey ${princ}"
kadmin.local -q "ktadd -k ${base_dir}/${host_name}/${k_name} -norandkey ${princ}"
chown -R ${user_name} ${base_dir}/${host_name}/${k_name}
let counter++;
done<keytab_list
配置文件 keytab_list
hadoop-0 nm/hadoop-0 nm.service.keytab yarn
hadoop-0 nn/hadoop-0 nn.service.keytab hdfs
hadoop-0 rm/hadoop-0 rm.service.keytab yarn
hadoop-0 spark-hdp_offline spark.headless.keytab spark
hadoop-0 spark/hadoop-0 spark.service.keytab spark
hadoop-0 spark_atlas spark-atlas.headless.keytab spark
hadoop-0 yarn-ats-hbase/hadoop-0 yarn-ats.hbase-master.service.keytab yarn-ats
hadoop-0 yarn-ats-hbase/hadoop-0 yarn-ats.hbase-regionserver.service.keytab yarn-ats
hadoop-0 yarn-ats-hdp_offline yarn-ats.hbase-client.headless.keytab yarn-ats
hadoop-0 yarn/hadoop-0 yarn.service.keytab yarn
hadoop-0 zookeeper/hadoop-0 zk.service.keytab zookeeper
hadoop-1 HTTP/hadoop-1 spnego.service.keytab root
hadoop-1 ambari-qa-hdp_offline smokeuser.headless.keytab ambari-qa
hadoop-1 ambari-server-hdp_offline ambari.server.keytab ambari-qa
hadoop-1 amsmon/hadoop-1 ams-monitor.keytab ams
hadoop-1 dn/hadoop-1 dn.service.keytab hdfs
hadoop-1 hdfs-hdp_offline hdfs.headless.keytab hdfs
hadoop-1 hive/hadoop-1 hive.service.keytab hive
hadoop-1 hive/hadoop-1 hive.llap.task.keytab yarn
hadoop-1 jhs/hadoop-1 jhs.service.keytab mapred
hadoop-1 nm/hadoop-1 nm.service.keytab yarn
hadoop-1 nn/hadoop-1 nn.service.keytab hdfs
hadoop-1 spark-hdp_offline spark.headless.keytab spark
hadoop-1 spark/hadoop-1 spark.service.keytab spark
hadoop-1 spark_atlas spark-atlas.headless.keytab spark
hadoop-1 yarn-ats-hbase/hadoop-1 yarn-ats.hbase-master.service.keytab yarn-ats
