Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.2.1
-
None
Description
Currently the ambari-server setup-security command does not have any options thus it's interactive. This makes it really hard to automate this process. For kerberos 1 option should be enough for setting the master key.
Same for setup-ldap and sync-ldap
Example usage:
1.) LDAP setup: ambari-server setup-ldap \ --ldap-url="ldap.apache.org389" \ --ldap-secondary-url="" \ --ldap-ssl="false" \ --ldap-user-class="person" \ --ldap-user-attr="sAMAccountName" \ --ldap-group-class="group" \ --ldap-group-attr="cn" \ --ldap-member-attr="member" \ --ldap-dn="distunguishedName" \ --ldap-base-dn="dc=ambari01,dc=local" \ --ldap-referral="" \ --ldap-bind-anonym=false \ --ldap-manager-dn="cn=hdfs,ou=ambari,dc=ambari01,dc=local" \ --ldap-manager-password="myldappassword" \ --ldap-save-settings \ --truststore-type="jks" \ --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \ --truststore-password="mypass" 2.) Ldap sync: ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin 3.) Setup Https: ambari-server setup-security \ --security-option=setup-https \ --api-ssl=true --client-api-ssl-port=8443 \ --import-cert-path=/var/lib/ambari-server/keys/my.crt \ --import-key-path=/var/lib/ambari-server/keys/my.key \ --pem-password=password 4.) Encrypt passwords: ambari-server setup-security --security-option=encrypt-passwords --master-key=masterkey --master-key-persist=true 5.) Setup Kerberos JAAS: ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab" 6.) Setup TrustStore: ambari-server setup-security \ --security-option=setup-truststore \ --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ --truststore-type=pkcs12 \ --truststore-password=password \ --truststore-reconfigure 7.) Import certificate to TrustStore: ambari-server setup-security \ --security-option=import-certificate \ --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ --truststore-type=pkcs12 \ --truststore-password=password \ --import-cert-path=/var/lib/ambari-server/my.crt \ --import-cert-alias=myalias \ --truststore-reconfigure
Attachments
Attachments
Issue Links
- links to