Generating a Ticket for a Tenant
Explains what tenant tickets are and how to generate a tenant ticket.
Tenant tickets allow tenant users to access the tenant volume on the cluster (when you have a multi-tenant environment on filesystem). Generate the tenant ticket on the cluster and copy it to the tenant host(s) to grant tenant users access to the provisioned storage.
maprlogin generateticket -type tenant -cluster <cluster_name> -user <tenant_admin_user> \
-duration <seconds> -out <ticket_file_path>.txt
maprlogin
command.- Tenant ticket is stored in
/tmp
and can only be read by that user. To change the default location, specify the path to the desired location with theout
parameter. - Tenant ticket has no expiration. To change the expiration time, specify
duration
for the ticket with the command.
CanImpersonate
and
tenant
will always be true
. For example,
when you run the maprlogin print
command, your output should
look similar to the following:
Opening keyfile /user/clstrAdmin/tenant_user_ticket.txt
tenantHost: user = tenant_user, created = 'Mon Jul 11 07:14:53 UTC 2016',
expires = 'Mon Jul 11 07:14:53 UTC 12016', RenewalTill = 'Mon Jul 11 07:14:53 UTC 12016',
uid = 500, gids = 500, 42, CanImpersonate = true, tenant = true
To grant access to tenant users, the tenant ticket must be copied over to the
tenant hosts.- Reset the permissions on the ticket to grant the tenant admin read permissions on the ticket.
- Move the ticket out of the default
/tmp
directory to a secure location on the tenant host(s).