Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-14627

Ability to automate setup-security and setup-ldap/sync-ldap

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.1
    • 2.4.0
    • ambari-server
    • None

    Description

      Currently the ambari-server setup-security command does not have any options thus it's interactive. This makes it really hard to automate this process. For kerberos 1 option should be enough for setting the master key.

      Same for setup-ldap and sync-ldap

      Example usage: 

      1.) LDAP setup: 
  ambari-server setup-ldap \
  --ldap-url="ldap.apache.org389" \
  --ldap-secondary-url="" \
  --ldap-ssl="false" \
  --ldap-user-class="person" \
  --ldap-user-attr="sAMAccountName" \
  --ldap-group-class="group" \
  --ldap-group-attr="cn" \
  --ldap-member-attr="member" \
  --ldap-dn="distunguishedName" \
  --ldap-base-dn="dc=ambari01,dc=local" \
  --ldap-referral="" \
  --ldap-bind-anonym=false \
  --ldap-manager-dn="cn=hdfs,ou=ambari,dc=ambari01,dc=local" \
  --ldap-manager-password="myldappassword" \
  --ldap-save-settings \
  --truststore-type="jks" \
  --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
  --truststore-password="mypass"

2.) Ldap sync:
    ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin

3.) Setup Https:
  ambari-server setup-security \ 
    --security-option=setup-https \
    --api-ssl=true --client-api-ssl-port=8443 \ 
    --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
    --import-key-path=/var/lib/ambari-server/keys/my.key \
    --pem-password=password
4.) Encrypt passwords:
  ambari-server setup-security --security-option=encrypt-passwords --master-key=masterkey --master-key-persist=true

5.) Setup Kerberos JAAS:
  ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"

6.) Setup TrustStore:
    ambari-server setup-security \
      --security-option=setup-truststore \ 
      --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
      --truststore-type=pkcs12 \ 
      --truststore-password=password \
      --truststore-reconfigure
7.) Import certificate to TrustStore:
    ambari-server setup-security \ 
      --security-option=import-certificate \ 
      --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
      --truststore-type=pkcs12 \ 
      --truststore-password=password \ 
      --import-cert-path=/var/lib/ambari-server/my.crt \ 
      --import-cert-alias=myalias \ 
      --truststore-reconfigure

      Attachments

        1. AMBARI-14627_v5.patch
          88 kB
          Oliver Szabo

        Issue Links

          links to

          Web Link Review Board

          Activity

            People

              oleewere Oliver Szabo
              keyki Krisztian Horvath
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: