Generating a Ticket for a Tenant
Explains what tenant tickets are and how to generate one.
About this task
Tenant tickets allow tenant users to access the tenant volume on the cluster if you have a multi-tenant environment on file system. Generate the tenant ticket on the cluster and copy it to tenant hosts to grant tenant users access to provisioned storage.
Procedure
To generate a tenant ticket, run one of the following commands on the
cluster:
By default, the
tenant ticket:
maprlogin generateticket -type tenant -cluster <cluster_name> -user <tenant_admin_user> \
-duration <seconds> -out <ticket_file_path>.txt
NOTE
For more
information, see the maprlogin
command.- Is stored in
/tmp
and can only be read by that user. To change the default location, specify the path to the desired location with theout
parameter. - Has no expiration. To change the expiration time, specify
duration
for the ticket with the command.
CanImpersonate
and
tenant
is always true
. For example, if you
run the maprlogin print
command, the output should look similar
to the following example.
Opening keyfile /user/clstrAdmin/tenant_user_ticket.txt
tenantHost: user = tenant_user, created = 'Mon Jul 11 07:14:53 UTC 2016',
expires = 'Mon Jul 11 07:14:53 UTC 12016', RenewalTill = 'Mon Jul 11 07:14:53 UTC 12016',
uid = 500, gids = 500, 42, CanImpersonate = true, tenant = true
To grant access to tenant users, the tenant ticket must be copied over to the
tenant hosts.What to do next
- Reset the permissions on the ticket to grant the tenant admin read permissions on the ticket.
- Move the ticket out of the default
/tmp
directory to a secure location on one or more tenant hosts.