Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.7.0
Description
Scenario
Ranger and Atlas are SSO enabled via BP deploys and Ambari is not SSO enabled.
Later Ambari SSO has to be enabled without changing existing configs(so restart will not be required) for Atlas and Ranger.
Now this is not possible with "Enable for the selected services" option.
This was possible in previous versions but with the latest changes from AMBARI-23253, even if SSO was enabled for services earlier we still have to opt SSO for Ranger and Atlas in the list. When services are specified in the list, this would prompt for service restart.
So,
---If we enable SSO for Ambari and not the other services via the CLI, then any previous SSO setting for those services will be cleared
---If we enable SSO for Ambari and the other services via the CLI, then any previous SSO setting for those services will be potentially updated and this cause services to need to restart. But since data is the same no restart should be needed for those services
Solution
Add new prompts to separate Ambari's SSO configuration from the managed service's SSO configs so they can be managed separately:
- Use SSO for Ambari (--sso-enabled-ambari)
- Manage SSO configurations for eligible services (--sso-manage-services)
[root@c7401 ~]# ambari-server setup-sso --help Using python /usr/bin/python Setting up SSO authentication properties... Usage: ambari-server.py action [options] Options: -h, --help show this help message and exit -v, --verbose Print verbose status messages -s, --silent Silently accepts default prompt values. For db-cleanup command, silent mode will stop ambari server. --sso-enabled=SSO_ENABLED Indicates whether to enable/disable SSO --sso-enabled-ambari=SSO_ENABLED_AMBARI Indicates whether to enable/disable SSO authentication for Ambari, itself --sso-manage-services=SSO_MANAGE_SERVICES Indicates whether Ambari should manage the SSO configurations for specified services --sso-enabled-services=SSO_ENABLED_SERVICES A comma separated list of services that are expected to be configured for SSO (you are allowed to use '*' to indicate ALL services) --sso-provider-url=SSO_PROVIDER_URL The URL of SSO provider; this must be provided when --sso-enabled is set to 'true' --sso-public-cert-file=SSO_PUBLIC_CERT_FILE The path where the public certificate PEM is located; this must be provided when --sso-enabled is set to 'true' --sso-jwt-cookie-name=SSO_JWT_COOKIE_NAME The name of the JWT cookie --sso-jwt-audience-list=SSO_JWT_AUDIENCE_LIST A comma separated list of JWT audience(s) --ambari-admin-username=AMBARI_ADMIN_USERNAME Ambari administrator username for accessing Ambari's REST API --ambari-admin-password=AMBARI_ADMIN_PASSWORD Ambari administrator password for accessing Ambari's REST API
Attachments
Issue Links
- links to