Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-14627

Ability to automate setup-security and setup-ldap/sync-ldap

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.1
    • Fix Version/s: 2.4.0
    • Component/s: ambari-server
    • Labels:
      None

      Description

      Currently the ambari-server setup-security command does not have any options thus it's interactive. This makes it really hard to automate this process. For kerberos 1 option should be enough for setting the master key.

      Same for setup-ldap and sync-ldap

      Example usage:

      1.) LDAP setup: 
        ambari-server setup-ldap \
        --ldap-url="ldap.apache.org389" \
        --ldap-secondary-url="" \
        --ldap-ssl="false" \
        --ldap-user-class="person" \
        --ldap-user-attr="sAMAccountName" \
        --ldap-group-class="group" \
        --ldap-group-attr="cn" \
        --ldap-member-attr="member" \
        --ldap-dn="distunguishedName" \
        --ldap-base-dn="dc=ambari01,dc=local" \
        --ldap-referral="" \
        --ldap-bind-anonym=false \
        --ldap-manager-dn="cn=hdfs,ou=ambari,dc=ambari01,dc=local" \
        --ldap-manager-password="myldappassword" \
        --ldap-save-settings \
        --truststore-type="jks" \
        --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
        --truststore-password="mypass"
      
      2.) Ldap sync:
          ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
      
      3.) Setup Https:
        ambari-server setup-security \ 
          --security-option=setup-https \
          --api-ssl=true --client-api-ssl-port=8443 \ 
          --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
          --import-key-path=/var/lib/ambari-server/keys/my.key \
          --pem-password=password
      4.) Encrypt passwords:
        ambari-server setup-security --security-option=encrypt-passwords --master-key=masterkey --master-key-persist=true
      
      5.) Setup Kerberos JAAS:
        ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
      
      6.) Setup TrustStore:
          ambari-server setup-security \
            --security-option=setup-truststore \ 
            --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
            --truststore-type=pkcs12 \ 
            --truststore-password=password \
            --truststore-reconfigure
      7.) Import certificate to TrustStore:
          ambari-server setup-security \ 
            --security-option=import-certificate \ 
            --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
            --truststore-type=pkcs12 \ 
            --truststore-password=password \ 
            --import-cert-path=/var/lib/ambari-server/my.crt \ 
            --import-cert-alias=myalias \ 
            --truststore-reconfigure
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                oleewere Olivér Szabó
                Reporter:
                keyki Krisztian Horvath
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: