ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleew...@apache.org
Subject [2/2] ambari git commit: AMBARI-14627. Ability to automate setup-security and setup-ldap/sync-ldap (oleewere)
Date Mon, 04 Apr 2016 09:12:17 GMT
AMBARI-14627. Ability to automate setup-security and setup-ldap/sync-ldap (oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/79175d03
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/79175d03
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/79175d03

Branch: refs/heads/trunk
Commit: 79175d03373486b9d50dac745f7d1c8e31e1980f
Parents: 62f1982
Author: oleewere <oleewere@gmail.com>
Authored: Mon Apr 4 11:10:33 2016 +0200
Committer: oleewere <oleewere@gmail.com>
Committed: Mon Apr 4 11:10:33 2016 +0200

----------------------------------------------------------------------
 ambari-server/src/main/python/ambari-server.py  |  99 ++++++---
 .../python/ambari_server/dbConfiguration.py     |  14 +-
 .../ambari_server/dbConfiguration_linux.py      |  36 ++--
 .../ambari_server/dbConfiguration_windows.py    |  14 +-
 .../python/ambari_server/serverConfiguration.py |  31 +--
 .../main/python/ambari_server/serverSetup.py    |   2 +-
 .../src/main/python/ambari_server/setupHttps.py |  91 ++++----
 .../main/python/ambari_server/setupSecurity.py  | 145 +++++++------
 .../src/main/python/ambari_server/userInput.py  |  53 +++--
 .../src/test/python/TestAmbariServer.py         | 207 ++++++++++++-------
 10 files changed, 429 insertions(+), 263 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index e0ce37e..e34467c 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -203,49 +203,55 @@ def refresh_stack_hash_action():
 @OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
 def create_setup_security_actions(args):
   action_list = [
-      ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
-      ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
-      ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
-      ['Setup truststore.', UserActionRestart(setup_truststore)],
-      ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
+      ['setup-https', 'Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+      ['encrypt-passwords', 'Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
+      ['setup-kerberos-jaas', 'Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas, args)],
+      ['setup-truststore', 'Setup truststore.', UserActionRestart(setup_truststore, args)],
+      ['import-certificate', 'Import certificate to truststore.', UserActionRestart(setup_truststore, True, args)],
     ]
   return action_list
 
 @OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
 def create_setup_security_actions(args):
   action_list = [
-      ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
-      ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
-      ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
-      ['Setup truststore.', UserActionRestart(setup_truststore)],
-      ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
+      ['setup-https', 'Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+      ['encrypt-passwords', 'Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
+      ['setup-kerberos-jaas', 'Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas, args)],
+      ['setup-truststore', 'Setup truststore.', UserActionRestart(setup_truststore, args)],
+      ['import-certificate', 'Import certificate to truststore.', UserActionRestart(setup_truststore, args, True)],
     ]
   return action_list
 
 def setup_security(args):
   actions = create_setup_security_actions(args)
-
-  #Print menu options
-  print '=' * 75
-  print 'Choose one of the following options: '
-
-  iAction = 0
-  for actionDesc in actions:
-    iAction += 1
-    print '  [{0}] {1}'.format(iAction, actionDesc[0])
-  print '=' * 75
-
-  choice_prompt = 'Enter choice, (1-{0}): '.format(iAction)
-  choice_re = '[1-{0}]'.format(iAction)
-  choice = get_validated_string_input(choice_prompt, '0', choice_re,
-                                      'Invalid choice', False, False)
+  choice = None
+  if args.security_option is not None:
+    optionCounter = 0
+    for actionDesc in actions:
+      optionCounter += 1
+      if actionDesc[0] == args.security_option:
+        choice = optionCounter
+  if choice is None:
+    # Print menu options
+    print '=' * 75
+    print 'Choose one of the following options: '
+    iAction = 0
+    for actionDesc in actions:
+      iAction += 1
+      print '  [{0}] {1}'.format(iAction, actionDesc[1])
+    print '=' * 75
+
+    choice_prompt = 'Enter choice, (1-{0}): '.format(iAction)
+    choice_re = '[1-{0}]'.format(iAction)
+    choice = get_validated_string_input(choice_prompt, '0', choice_re,
+                                        'Invalid choice', False, False)
 
   try:
     actionDesc = actions[int(choice) - 1]
   except IndexError:
     raise FatalException(1, 'Unknown option for setup-security command.')
 
-  action = actionDesc[1]
+  action = actionDesc[2]
   action.execute()
 
   return action.need_restart
@@ -407,6 +413,43 @@ def init_parser_options(parser):
                     dest="purge")
   parser.add_option('--force', action="store_true", default=False, help="Force install management pack", dest="force")
 
+  parser.add_option('--ldap-url', default=None, help="Primary url for LDAP", dest="ldap_url")
+  parser.add_option('--ldap-secondary-url', default=None, help="Secondary url for LDAP", dest="ldap_secondary_url")
+  parser.add_option('--ldap-ssl', default=None, help="Use SSL [true/false] for LDAP", dest="ldap_ssl")
+  parser.add_option('--ldap-user-class', default=None, help="User Attribute Object Class for LDAP", dest="ldap_user_class")
+  parser.add_option('--ldap-user-attr', default=None, help="User Attribute Name for LDAP", dest="ldap_user_attr")
+  parser.add_option('--ldap-group-class', default=None, help="Group Attribute Object Class for LDAP", dest="ldap_group_class")
+  parser.add_option('--ldap-group-attr', default=None, help="Group Attribute Name for LDAP", dest="ldap_group_attr")
+  parser.add_option('--ldap-member-attr', default=None, help="Group Membership Attribute Name for LDAP", dest="ldap_member_attr")
+  parser.add_option('--ldap-dn', default=None, help="Distinguished name attribute for LDAP", dest="ldap_dn")
+  parser.add_option('--ldap-base-dn', default=None, help="Base DN for LDAP", dest="ldap_base_dn")
+  parser.add_option('--ldap-manager-dn', default=None, help="Manager DN for LDAP", dest="ldap_manager_dn")
+  parser.add_option('--ldap-manager-password', default=None, help="Manager Password For LDAP", dest="ldap_manager_password")
+  parser.add_option('--ldap-save-settings', action="store_true", default=None, help="Save without review for LDAP", dest="ldap_save_settings")
+  parser.add_option('--ldap-referral', default=None, help="Referral method [follow/ignore] for LDAP", dest="ldap_referral")
+  parser.add_option('--ldap-bind-anonym', default=None, help="Bind anonymously [true/false] for LDAP", dest="ldap_bind_anonym")
+  parser.add_option('--ldap-sync-admin-name', default=None, help="Username for LDAP sync", dest="ldap_sync_admin_name")
+  parser.add_option('--ldap-sync-admin-password', default=None, help="Password for LDAP sync", dest="ldap_sync_admin_password")
+
+  parser.add_option('--truststore-type', default=None, help="Type of TrustStore (jks|jceks|pkcs12)", dest="trust_store_type")
+  parser.add_option('--truststore-path', default=None, help="Path of TrustStore", dest="trust_store_path")
+  parser.add_option('--truststore-password', default=None, help="Password for TrustStore", dest="trust_store_password")
+  parser.add_option('--truststore-reconfigure', action="store_true", default=None, help="Force to reconfigure TrustStore if exits", dest="trust_store_reconfigure")
+
+  parser.add_option('--security-option', default=None,
+                    help="Setup security option (setup-https|encrypt-password|setup-kerberos-jaas|setup-truststore|import-certificate)",
+                    dest="security_option")
+  parser.add_option('--api-ssl', default=None, help="Enable SSL for Ambari API [true/false]", dest="api_ssl")
+  parser.add_option('--api-ssl-port', default=None, help="Client API SSL port", dest="api_ssl_port")
+  parser.add_option('--import-cert-path', default=None, help="Path to Certificate (import)", dest="import_cert_path")
+  parser.add_option('--import-cert-alias', default=None, help="Alias for the imported certificate", dest="import_cert_alias")
+  parser.add_option('--import-key-path', default=None, help="Path to Private Key (import)", dest="import_key_path")
+  parser.add_option('--pem-password', default=None, help="Password for Private Key", dest="pem_password")
+  parser.add_option('--master-key', default=None, help="Master key for encrypting passwords", dest="master_key")
+  parser.add_option('--master-key-persist', default=None, help="Persist master key [true/false]", dest="master_key_persist")
+  parser.add_option('--jaas-principal', default=None, help="Kerberos principal for ambari server", dest="jaas_principal")
+  parser.add_option('--jaas-keytab', default=None, help="Keytab path for Kerberos principal", dest="jaas_keytab")
+
 @OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
 def are_cmd_line_db_args_blank(options):
   if (options.database_host is None \
@@ -532,7 +575,7 @@ def create_user_action_map(args, options):
     RESET_ACTION: UserAction(reset, options),
     STATUS_ACTION: UserAction(status, options),
     UPGRADE_ACTION: UserAction(upgrade, options),
-    LDAP_SETUP_ACTION: UserAction(setup_ldap),
+    LDAP_SETUP_ACTION: UserAction(setup_ldap, options),
     SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),
     REFRESH_STACK_HASH_ACTION: UserAction(refresh_stack_hash_action),
     SETUP_SSO_ACTION: UserActionRestart(setup_sso, options),
@@ -552,7 +595,7 @@ def create_user_action_map(args, options):
         STATUS_ACTION: UserAction(status, options),
         UPGRADE_ACTION: UserAction(upgrade, options),
         UPGRADE_STACK_ACTION: UserActionPossibleArgs(upgrade_stack, [2, 4], args),
-        LDAP_SETUP_ACTION: UserAction(setup_ldap),
+        LDAP_SETUP_ACTION: UserAction(setup_ldap, options),
         LDAP_SYNC_ACTION: UserAction(sync_ldap, options),
         SET_CURRENT_ACTION: UserAction(set_current, options),
         SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration.py b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
index 5519a3d..caff519 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
@@ -118,17 +118,17 @@ class DBMSConfig(object):
   #
   # Main method. Configures the database according to the options and the existing properties.
   #
-  def configure_database(self, properties):
+  def configure_database(self, properties, options):
     result = self._prompt_db_properties()
     if result:
       #DB setup should be done last after doing any setup.
       if self._is_local_database():
-        self._setup_local_server(properties)
+        self._setup_local_server(properties, options)
         # this issue appears only for Suse. Postgres need /var/run/postgresql dir but do not create it
         if OSCheck.is_suse_family():
           self._create_postgres_lock_directory()
       else:
-        self._setup_remote_server(properties)
+        self._setup_remote_server(properties, options)
     return result
 
   def setup_database(self):
@@ -169,12 +169,12 @@ class DBMSConfig(object):
   #
 
   @staticmethod
-  def _read_password_from_properties(properties):
+  def _read_password_from_properties(properties, options):
     database_password = DEFAULT_PASSWORD
     password_file = get_value_from_properties(properties, JDBC_PASSWORD_PROPERTY, "")
     if password_file:
       if is_alias_string(password_file):
-        database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS)
+        database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS, options)
       else:
         if os.path.isabs(password_file) and os.path.exists(password_file):
           with open(password_file, 'r') as file:
@@ -218,7 +218,7 @@ class DBMSConfig(object):
   def _create_postgres_lock_directory(self):
     pass
 
-  def _setup_local_server(self, properties):
+  def _setup_local_server(self, properties, options):
     pass
 
   def _setup_local_database(self):
@@ -227,7 +227,7 @@ class DBMSConfig(object):
   def _reset_local_database(self):
     pass
 
-  def _setup_remote_server(self, properties):
+  def _setup_remote_server(self, properties, options):
     pass
 
   def _setup_remote_database(self):

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
index 59c5d85..754873f 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
@@ -77,7 +77,7 @@ class LinuxDBMSConfig(DBMSConfig):
                                                                        properties, JDBC_USER_NAME_PROPERTY, DEFAULT_USERNAME)
     self.database_password = getattr(options, "database_password", "")
     if not self.database_password:
-      self.database_password = DBMSConfig._read_password_from_properties(properties)
+      self.database_password = DBMSConfig._read_password_from_properties(properties, options)
 
     self.database_url_pattern = ""
     self.database_url_pattern_alt = ""
@@ -128,8 +128,8 @@ class LinuxDBMSConfig(DBMSConfig):
     return True
 
   # Supporting remote server for all the DB types. Supporting local server only for PostgreSQL.
-  def _setup_remote_server(self, args):
-    self._store_remote_properties(args)
+  def _setup_remote_server(self, args, options):
+    self._store_remote_properties(args, options)
 
   def _setup_remote_database(self):
     properties = get_ambari_properties()
@@ -257,11 +257,11 @@ class LinuxDBMSConfig(DBMSConfig):
 
     return retCode
 
-  def _store_password_property(self, properties, property_name):
+  def _store_password_property(self, properties, property_name, options):
     properties.process_pair(property_name,
                             store_password_file(self.database_password, JDBC_PASSWORD_FILENAME))
     if self.isSecure:
-      encrypted_password = encrypt_password(JDBC_RCA_PASSWORD_ALIAS, self.database_password)
+      encrypted_password = encrypt_password(JDBC_RCA_PASSWORD_ALIAS, self.database_password, options)
       if encrypted_password != self.database_password:
         properties.process_pair(property_name, encrypted_password)
 
@@ -282,7 +282,7 @@ class LinuxDBMSConfig(DBMSConfig):
     return connectionStringFormat.format(jdbc_hostname, self.database_port, self.database_name)
 
   # Store set of properties for remote database connection
-  def _store_remote_properties(self, properties):
+  def _store_remote_properties(self, properties, options):
     properties.process_pair(PERSISTENCE_TYPE_PROPERTY, self.persistence_type)
 
     properties.process_pair(JDBC_DATABASE_PROPERTY, self.dbms)
@@ -296,7 +296,7 @@ class LinuxDBMSConfig(DBMSConfig):
     properties.process_pair(JDBC_URL_PROPERTY, connection_string)
     properties.process_pair(JDBC_USER_NAME_PROPERTY, self.database_username)
 
-    self._store_password_property(properties, JDBC_PASSWORD_PROPERTY)
+    self._store_password_property(properties, JDBC_PASSWORD_PROPERTY, options)
 
     # save any other defined properties to pass to JDBC
     for pair in self.jdbc_extra_params:
@@ -306,7 +306,7 @@ class LinuxDBMSConfig(DBMSConfig):
     properties.process_pair(JDBC_RCA_URL_PROPERTY, connection_string)
     properties.process_pair(JDBC_RCA_USER_NAME_PROPERTY, self.database_username)
 
-    self._store_password_property(properties, JDBC_RCA_PASSWORD_FILE_PROPERTY)
+    self._store_password_property(properties, JDBC_RCA_PASSWORD_FILE_PROPERTY, options)
 
     # connection pooling (internal JPA by default)
     properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "internal")
@@ -413,11 +413,11 @@ class PGConfig(LinuxDBMSConfig):
   # Private implementation
   #
   # Supporting remote server for all the DB types. Supporting local server only for PostgreSQL.
-  def _setup_local_server(self, properties):
+  def _setup_local_server(self, properties, options):
     # check if jdbc user is changed
     self._is_user_changed = PGConfig._is_jdbc_user_changed(self.database_username)
     print 'Default properties detected. Using built-in database.'
-    self._store_local_properties(properties)
+    self._store_local_properties(properties, options)
 
   def _create_postgres_lock_directory(self):
     postgres_user_uid = None
@@ -550,7 +550,7 @@ class PGConfig(LinuxDBMSConfig):
     return None
 
   # Store local database connection properties
-  def _store_local_properties(self, properties):
+  def _store_local_properties(self, properties, options):
     properties.removeOldProp(JDBC_DATABASE_PROPERTY)
     properties.removeOldProp(JDBC_DATABASE_NAME_PROPERTY)
     properties.removeOldProp(JDBC_POSTGRES_SCHEMA_PROPERTY)
@@ -571,7 +571,7 @@ class PGConfig(LinuxDBMSConfig):
     # connection pooling (internal JPA by default)
     properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "internal")
 
-    self._store_password_property(properties, JDBC_PASSWORD_PROPERTY)
+    self._store_password_property(properties, JDBC_PASSWORD_PROPERTY, options)
 
 
   @staticmethod
@@ -730,8 +730,8 @@ class PGConfig(LinuxDBMSConfig):
         return retcode, out, err
     return 0, "", ""
 
-  def _store_remote_properties(self, properties):
-    super(PGConfig, self)._store_remote_properties(properties)
+  def _store_remote_properties(self, properties, options):
+    super(PGConfig, self)._store_remote_properties(properties, options)
 
     properties.process_pair(JDBC_POSTGRES_SCHEMA_PROPERTY, self.postgres_schema)
 
@@ -934,13 +934,13 @@ class MySQLConfig(LinuxDBMSConfig):
       scriptFile
     )
 
-  def _store_remote_properties(self, properties):
+  def _store_remote_properties(self, properties, options):
     """
     Override the remote properties written for MySQL, inheriting those from the parent first.
     :param properties:  the properties object to set MySQL specific properties on
     :return:
     """
-    super(MySQLConfig, self)._store_remote_properties(properties)
+    super(MySQLConfig, self)._store_remote_properties(properties, options)
 
     # connection pooling (c3p0 used by MySQL by default)
     properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "c3p0")
@@ -1074,13 +1074,13 @@ class SQLAConfig(LinuxDBMSConfig):
   def _get_remote_script_line(self, scriptFile):
     return "stub script line" #TODO not used anymore, investigate if it can be removed
 
-  def _store_remote_properties(self, properties):
+  def _store_remote_properties(self, properties, options):
     """
     Override the remote properties written for MySQL, inheriting those from the parent first.
     :param properties:  the properties object to set MySQL specific properties on
     :return:
     """
-    super(SQLAConfig, self)._store_remote_properties(properties)
+    super(SQLAConfig, self)._store_remote_properties(properties, options)
     properties.process_pair(JDBC_SQLA_SERVER_NAME, self.server_name)
 
   def _extract_client_tarball(self, properties):

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
index 96cd823..eca46cc 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
@@ -85,7 +85,7 @@ class MSSQLConfig(DBMSConfig):
                                                                        properties, self.dbAuthKeys.user_name_key, DEFAULT_USERNAME)
     self.database_password = DBMSConfig._init_member_with_default(options, "database_password", "")
     if not self.database_password:
-      self.database_password = DBMSConfig._read_password_from_properties(properties)
+      self.database_password = DBMSConfig._read_password_from_properties(properties, options)
 
     self.database_url = self._build_sql_server_connection_string()
 
@@ -148,7 +148,7 @@ class MSSQLConfig(DBMSConfig):
 
     return True
 
-  def _setup_remote_server(self, properties):
+  def _setup_remote_server(self, properties, options):
     if self.ensure_jdbc_driver_installed(properties):
       properties.removeOldProp(self.dbPropKeys.port_key)
       properties.removeOldProp(self.dbAuthKeys.integrated_auth_key)
@@ -164,7 +164,7 @@ class MSSQLConfig(DBMSConfig):
         properties.process_pair(self.dbPropKeys.port_key, self.database_port)
       properties.process_pair(self.dbPropKeys.db_name_key, self.database_name)
 
-      self._store_db_auth_config(properties, self.dbAuthKeys)
+      self._store_db_auth_config(properties, self.dbAuthKeys, options)
 
       properties.process_pair(self.dbPropKeys.db_url_key, self.database_url)
     pass
@@ -262,7 +262,7 @@ class MSSQLConfig(DBMSConfig):
     #No need to append the username and password, the Ambari server adds them by itself when connecting to the database
     return databaseUrl
 
-  def _store_db_auth_config(self, properties, keys):
+  def _store_db_auth_config(self, properties, keys, options):
     if (self.use_windows_authentication):
       properties.process_pair(keys.integrated_auth_key, "True")
       properties.removeProp(keys.password_key)
@@ -272,7 +272,7 @@ class MSSQLConfig(DBMSConfig):
       properties.process_pair(keys.user_name_key, self.database_username)
 
       if self.isSecure:
-        encrypted_password = encrypt_password(keys.password_alias, self.database_password)
+        encrypted_password = encrypt_password(keys.password_alias, self.database_password, options)
         if self.database_password != encrypted_password:
           properties.process_pair(keys.password_key, encrypted_password)
       else:
@@ -338,8 +338,8 @@ class MSSQLAmbariDBConfig(MSSQLConfig):
     self.drop_tables_script_file = compress_backslashes(DBMSConfig._init_member_with_default(options, "cleanup_db_script_file",
         "resources" + os.path.sep + "Ambari-DDL-SQLServer-DROP.sql"))
 
-  def _setup_remote_server(self, properties):
-    super(MSSQLAmbariDBConfig, self)._setup_remote_server(properties)
+  def _setup_remote_server(self, properties, options):
+    super(MSSQLAmbariDBConfig, self)._setup_remote_server(properties, options)
 
     properties.process_pair(JDBC_RCA_DRIVER_PROPERTY, self.driver_class_name)
     properties.process_pair(JDBC_RCA_HOSTNAME_PROPERTY, ensure_double_backslashes(self.database_host))

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/serverConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverConfiguration.py b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
index a259a1f..54db372 100644
--- a/ambari-server/src/main/python/ambari_server/serverConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
@@ -755,20 +755,20 @@ def update_database_name_property(upgrade=False):
       raise FatalException(-1, err)
 
 
-def encrypt_password(alias, password):
+def encrypt_password(alias, password, options):
   properties = get_ambari_properties()
   if properties == -1:
     raise FatalException(1, None)
-  return get_encrypted_password(alias, password, properties)
+  return get_encrypted_password(alias, password, properties, options)
 
-def get_encrypted_password(alias, password, properties):
+def get_encrypted_password(alias, password, properties, options):
   isSecure = get_is_secure(properties)
   (isPersisted, masterKeyFile) = get_is_persisted(properties)
   if isSecure:
     masterKey = None
     if not masterKeyFile:
       # Encryption enabled but no master key file found
-      masterKey = get_original_master_key(properties)
+      masterKey = get_original_master_key(properties, options)
 
     retCode = save_passwd_for_alias(alias, password, masterKey)
     if retCode != 0:
@@ -795,7 +795,7 @@ def get_alias_string(alias):
 def get_alias_from_alias_string(aliasStr):
   return aliasStr[8:-1]
 
-def read_passwd_for_alias(alias, masterKey=""):
+def read_passwd_for_alias(alias, masterKey="", options=None):
   if alias:
     jdk_path = find_jdk()
     if jdk_path is None:
@@ -812,6 +812,8 @@ def read_passwd_for_alias(alias, masterKey=""):
     with open(tempFilePath, 'w+'):
       os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
 
+    if options is not None and options.master_key is not None and options.master_key:
+      masterKey = options.master_key
     if masterKey is None or masterKey == "":
       masterKey = "None"
 
@@ -832,16 +834,15 @@ def read_passwd_for_alias(alias, masterKey=""):
   else:
     print_error_msg("Alias is unreadable.")
 
-def decrypt_password_for_alias(properties, alias):
+def decrypt_password_for_alias(properties, alias, options=None):
   isSecure = get_is_secure(properties)
   if isSecure:
     masterKey = None
     (isPersisted, masterKeyFile) = get_is_persisted(properties)
     if not masterKeyFile:
       # Encryption enabled but no master key file found
-      masterKey = get_original_master_key(properties)
-
-    return read_passwd_for_alias(alias, masterKey)
+      masterKey = get_original_master_key(properties, options)
+    return read_passwd_for_alias(alias, masterKey, options)
   else:
     return alias
 
@@ -899,12 +900,16 @@ def remove_password_file(filename):
   return 0
 
 
-def get_original_master_key(properties):
+def get_original_master_key(properties, options = None):
   input = True
+  masterKey = None
   while(input):
     try:
-      masterKey = get_validated_string_input('Enter current Master Key: ',
-                                             "", ".*", "", True, False)
+      if options is not None and options.master_key is not None and options.master_key:
+        masterKey = options.master_key
+      if masterKey is None:
+        masterKey = get_validated_string_input('Enter current Master Key: ',
+                                               "", ".*", "", True, False)
     except KeyboardInterrupt:
       print 'Exiting...'
       sys.exit(1)
@@ -927,7 +932,7 @@ def get_original_master_key(properties):
 
     # Decrypt alias with master to validate it, if no master return
     if alias and masterKey:
-      password = read_passwd_for_alias(alias, masterKey)
+      password = read_passwd_for_alias(alias, masterKey, options)
       if not password:
         print "ERROR: Master key does not match."
         continue

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index cbb96d9..217d988 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -915,7 +915,7 @@ def _setup_database(options):
   factory = DBMSConfigFactory()
 
   dbmsAmbari = factory.create(options, properties, "Ambari")
-  resultA = dbmsAmbari.configure_database(properties)
+  resultA = dbmsAmbari.configure_database(properties, options)
 
   # Now save the properties file
   if resultA:

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/setupHttps.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupHttps.py b/ambari-server/src/main/python/ambari_server/setupHttps.py
index ce676d2..824fe04 100644
--- a/ambari-server/src/main/python/ambari_server/setupHttps.py
+++ b/ambari-server/src/main/python/ambari_server/setupHttps.py
@@ -82,7 +82,7 @@ SRVR_ONE_WAY_SSL_PORT = "8440"
 GANGLIA_HTTPS = 'ganglia.https'
 
 
-def get_and_persist_truststore_path(properties):
+def get_and_persist_truststore_path(properties, options):
   truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
   if not truststore_path:
     SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
@@ -90,39 +90,37 @@ def get_and_persist_truststore_path(properties):
     while not truststore_path:
       truststore_path = get_validated_string_input(
           "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
-          SSL_TRUSTSTORE_PATH_DEFAULT,
-          ".*", False, False)
+          SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
 
     if truststore_path:
       properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path)
 
   return truststore_path
 
-def get_and_persist_truststore_type(properties):
+def get_and_persist_truststore_type(properties, options):
   truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
   if not truststore_type:
     SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
-
     truststore_type = get_validated_string_input(
         "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
-        SSL_TRUSTSTORE_TYPE_DEFAULT,
-        "^(jks|jceks|pkcs12)?$", "Wrong type", False)
+        SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer = options.trust_store_type)
 
     if truststore_type:
         properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type)
 
   return truststore_type
 
-def get_and_persist_truststore_password(properties):
+def get_and_persist_truststore_password(properties, options):
   truststore_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
   isSecure = get_is_secure(properties)
   if truststore_password:
     if isSecure:
-      truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS)
+      truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS, options)
   else:
-    truststore_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
+    truststore_password = read_password("", ".*", "Password for TrustStore:",
+                                        "Invalid characters in password", options.trust_store_password)
     if truststore_password:
-      encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties)
+      encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties, options)
       properties.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, encrypted_password)
 
   return truststore_password
@@ -143,13 +141,13 @@ def get_delete_cert_command(jdk_path, alias, truststore_path, truststore_passwor
     return cmd
 
 
-def import_cert_and_key(security_server_keys_dir):
+def import_cert_and_key(security_server_keys_dir, options):
   import_cert_path = get_validated_filepath_input( \
-      "Enter path to Certificate: ", \
-      "Certificate not found")
-  import_key_path  =  get_validated_filepath_input( \
-      "Enter path to Private Key: ", "Private Key not found")
-  pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
+      "Enter path to Certificate: ", "Certificate not found", answer = options.import_cert_path)
+  import_key_path  = get_validated_filepath_input( \
+      "Enter path to Private Key: ", "Private Key not found", answer = options.import_key_path)
+  pem_password = get_validated_string_input("Please enter password for Private Key: ", "",
+                                            None, None, True, answer = options.pem_password)
 
   certInfoDict = get_cert_info(import_cert_path)
 
@@ -378,8 +376,8 @@ def is_valid_https_port(port):
   return True
 
 
-def import_cert_and_key_action(security_server_keys_dir, properties):
-  if import_cert_and_key(security_server_keys_dir):
+def import_cert_and_key_action(security_server_keys_dir, properties, options):
+  if import_cert_and_key(security_server_keys_dir, options):
     properties.process_pair(SSL_SERVER_CERT_NAME, SSL_CERT_FILE_NAME)
     properties.process_pair(SSL_SERVER_KEY_NAME, SSL_KEY_FILE_NAME)
     properties.process_pair(SSL_API, "true")
@@ -395,12 +393,12 @@ def run_component_https_cmd(cmd):
     raise FatalException(1, err)
 
 
-def setup_https(args):
+def setup_https(options):
   if not is_root():
     warn = 'ambari-server setup-https is run as ' \
           'non-root user, some sudo privileges might be required'
     print warn
-  args.exit_message = None
+  options.exit_message = None
   if not get_silent():
     properties = get_ambari_properties()
     try:
@@ -412,8 +410,13 @@ def setup_https(args):
       api_ssl_old_value = properties.get_property(SSL_API)
       cert_was_imported = False
       cert_must_import = True
+
+      disable_https = options.api_ssl in ['false'] if options.api_ssl is not None else None
+      configure_https = options.api_ssl in ['true'] if options.api_ssl is not None else None
+
       if api_ssl:
-        if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
+        disable_https = disable_https if disable_https is not None else get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False)
+        if disable_https:
           properties.process_pair(SSL_API, "false")
           cert_must_import=False
         else:
@@ -421,14 +424,17 @@ def setup_https(args):
                                   get_validated_string_input( \
                                       "SSL port ["+str(client_api_ssl_port)+"] ? ", \
                                       str(client_api_ssl_port), \
-                                      "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
-          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+                                      "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port, \
+                                      answer = options.api_ssl_port))
+          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties, options)
       else:
-        if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
+        if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True, configure_https):
           properties.process_pair(SSL_API_PORT, \
                                   get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
-                                                               str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
-          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+                                                             str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.",
+                                                             False, validatorFunction = is_valid_https_port,
+                                                             answer = options.api_ssl_port))
+          cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties, options)
         else:
           return False
 
@@ -457,7 +463,7 @@ def setup_https(args):
     raise NonFatalException(warning)
 
 
-def setup_truststore(import_cert=False):
+def setup_truststore(options, import_cert=False):
   if not get_silent():
     jdk_path = find_jdk()
     if jdk_path is None:
@@ -468,32 +474,37 @@ def setup_truststore(import_cert=False):
 
     properties = get_ambari_properties()
 
-    if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
+    truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False
+    truststore_reconfigure = True if options.trust_store_reconfigure is not None else False
+
+    if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
 
       #Re-configuration enabled only for option "Setup truststore"
       if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\
-        and get_YN_input(
+        and (truststore_reconfigure or get_YN_input(
             "The truststore is already configured. Do you want to re-configure "
-            "the truststore [y/n] (y)? ", True):
+            "the truststore [y/n] (y)? ", True)):
         properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
         properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY)
         properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
 
-      truststore_type = get_and_persist_truststore_type(properties)
-      truststore_path = get_and_persist_truststore_path(properties)
-      truststore_password = get_and_persist_truststore_password(properties)
+      truststore_type = get_and_persist_truststore_type(properties, options)
+      truststore_path = get_and_persist_truststore_path(properties, options)
+      truststore_password = get_and_persist_truststore_password(properties, options)
 
       if import_cert:
 
-        if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
-
-          alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
+        import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True)
+        if import_cert_confirm:
+          aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None
+          alias = aliasOption if aliasOption is not None \
+            else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
 
           run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
 
-          import_cert_path = get_validated_filepath_input( \
-              "Enter path to certificate: ", \
-              "Certificate not found")
+          import_cert_path = get_validated_filepath_input("Enter path to certificate: ",
+                                                          "Certificate not found",
+                                                          answer=options.import_cert_path)
 
           run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index b0ea491..69579cd 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -51,7 +51,7 @@ from ambari_server.serverConfiguration import configDefaults, \
   get_resources_location, SECURITY_MASTER_KEY_LOCATION, SETUP_OR_UPGRADE_MSG, CHECK_AMBARI_KRB_JAAS_CONFIGURATION_PROPERTY
 from ambari_server.serverUtils import is_server_runing, get_ambari_server_api_base
 from ambari_server.setupActions import SETUP_ACTION, LDAP_SETUP_ACTION
-from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input
+from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input, quit_if_has_answer
 from ambari_server.serverClassPath import ServerClassPath
 
 
@@ -67,7 +67,7 @@ CLIENT_SECURITY_KEY = "client.security"
 SERVER_API_LDAP_URL = 'ldap_sync_events'
 
 
-def read_master_key(isReset=False):
+def read_master_key(isReset=False, options = None):
   passwordPattern = ".*"
   passwordPrompt = "Please provide master key for locking the credential store: "
   passwordDescr = "Invalid characters in password. Use only alphanumeric or "\
@@ -78,15 +78,15 @@ def read_master_key(isReset=False):
 
   input = True
   while(input):
-    masterKey = get_validated_string_input(passwordPrompt, passwordDefault,
-                              passwordPattern, passwordDescr, True, True)
+    masterKey = get_validated_string_input(passwordPrompt, passwordDefault, passwordPattern, passwordDescr,
+                                           True, True, answer = options.master_key)
 
     if not masterKey:
       print "Master Key cannot be empty!"
       continue
 
-    masterKey2 = get_validated_string_input("Re-enter master key: ",
-        passwordDefault, passwordPattern, passwordDescr, True, True)
+    masterKey2 = get_validated_string_input("Re-enter master key: ", passwordDefault, passwordPattern, passwordDescr,
+                                            True, True, answer = options.master_key)
 
     if masterKey != masterKey2:
       print "Master key did not match!"
@@ -192,14 +192,12 @@ def adjust_directory_permissions(ambari_user):
     print_info_msg("Changing ownership: {0} {1} {2}".format(path, user, recursive))
     change_owner(path, user, recursive)
 
-def configure_ldap_password():
+def configure_ldap_password(options):
   passwordDefault = ""
   passwordPrompt = 'Enter Manager Password* : '
   passwordPattern = ".*"
   passwordDescr = "Invalid characters in password."
-
-  password = read_password(passwordDefault, passwordPattern, passwordPrompt,
-    passwordDescr)
+  password = read_password(passwordDefault, passwordPattern, passwordPrompt, passwordDescr, options.ldap_manager_password)
 
   return password
 
@@ -246,6 +244,16 @@ class LdapSyncOptions:
     except AttributeError:
       self.ldap_sync_groups = None
 
+    try:
+      self.ldap_sync_admin_name = options.ldap_sync_admin_name
+    except AttributeError:
+      self.ldap_sync_admin_name = None
+
+    try:
+      self.ldap_sync_admin_password = options.ldap_sync_admin_password
+    except AttributeError:
+      self.ldap_sync_admin_password = None
+
   def no_ldap_sync_options_set(self):
     return not self.ldap_sync_all and not self.ldap_sync_existing and self.ldap_sync_users is None and self.ldap_sync_groups is None
 
@@ -280,10 +288,14 @@ def sync_ldap(options):
     err = 'Must specify a sync option (all, existing, users or groups).  Please invoke ambari-server.py --help to print the options.'
     raise FatalException(1, err)
 
-  admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
+  admin_login = ldap_sync_options.ldap_sync_admin_name\
+    if ldap_sync_options.ldap_sync_admin_name is not None and ldap_sync_options.ldap_sync_admin_name \
+    else get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
                                            pattern=None, description=None,
                                            is_pass=False, allowEmpty=False)
-  admin_password = get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
+  admin_password = ldap_sync_options.ldap_sync_admin_password \
+    if ldap_sync_options.ldap_sync_admin_password is not None and ldap_sync_options.ldap_sync_admin_password \
+    else get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
                                               pattern=None, description=None,
                                               is_pass=True, allowEmpty=False)
 
@@ -414,20 +426,20 @@ def setup_master_key(options):
 
   if isSecure:
     print "Password encryption is enabled."
-    resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
+    resetKey = True if options.security_option is not None else get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
 
   # For encrypting of only unencrypted passwords without resetting the key ask
   # for master key if not persisted.
   if isSecure and not isPersisted and not resetKey:
     print "Master Key not persisted."
-    masterKey = get_original_master_key(properties)
+    masterKey = get_original_master_key(properties, options)
   pass
 
   # Make sure both passwords are clear-text if master key is lost
   if resetKey:
     if not isPersisted:
       print "Master Key not persisted."
-      masterKey = get_original_master_key(properties)
+      masterKey = get_original_master_key(properties, options)
       # Unable get the right master key or skipped question <enter>
       if not masterKey:
         print "To disable encryption, do the following:"
@@ -456,13 +468,13 @@ def setup_master_key(options):
     ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
   # Read master key, if non-secure or reset is true
   if resetKey or not isSecure:
-    masterKey = read_master_key(resetKey)
+    masterKey = read_master_key(resetKey, options)
     persist = get_YN_input("Do you want to persist master key. If you choose " \
                            "not to persist, you need to provide the Master " \
                            "Key while starting the ambari server as an env " \
                            "variable named " + SECURITY_KEY_ENV_VAR_NAME + \
                            " or the start will prompt for the master key."
-                           " Persist [y/n] (y)? ", True)
+                           " Persist [y/n] (y)? ", True, options.master_key_persist)
     if persist:
       save_master_key(options, masterKey, get_master_key_location(properties) + os.sep +
                       SECURITY_MASTER_KEY_FILENAME, persist)
@@ -524,18 +536,18 @@ def setup_master_key(options):
 
   return 0
 
-def setup_ambari_krb5_jaas():
+def setup_ambari_krb5_jaas(options):
   jaas_conf_file = search_file(SECURITY_KERBEROS_JASS_FILENAME, get_conf_dir())
   if os.path.exists(jaas_conf_file):
     print 'Setting up Ambari kerberos JAAS configuration to access ' + \
           'secured Hadoop daemons...'
     principal = get_validated_string_input('Enter ambari server\'s kerberos '
-                                           'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
-                                           False)
+                                 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
+                                 False, answer = options.jaas_principal)
     keytab = get_validated_string_input('Enter keytab path for ambari '
-                                        'server\'s kerberos principal: ',
-                                        '/etc/security/keytabs/ambari.keytab', '.*', False, False,
-                                        validatorFunction=is_valid_filepath)
+                                 'server\'s kerberos principal: ',
+                                 '/etc/security/keytabs/ambari.keytab', '.*', False, False,
+                                  validatorFunction=is_valid_filepath, answer = options.jaas_keytab)
 
     for line in fileinput.FileInput(jaas_conf_file, inplace=1):
       line = re.sub('keyTab=.*$', 'keyTab="' + keytab + '"', line)
@@ -549,46 +561,47 @@ def setup_ambari_krb5_jaas():
 
 
 class LdapPropTemplate:
-  def __init__(self, properties, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
+  def __init__(self, properties, i_option, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
     self.prop_name = i_prop_name
+    self.option = i_option
     self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default)
     self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name))
     self.prompt_regex = i_prompt_regex
     self.allow_empty_prompt = i_allow_empty_prompt
 
 @OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
-def init_ldap_properties_list_reqd(properties):
+def init_ldap_properties_list_reqd(properties, options):
   # python2.x dict is not ordered
   ldap_properties = [
-    LdapPropTemplate(properties, "authentication.ldap.primaryUrl", "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
-    LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
-    LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
-    LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
-    LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
-    LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
-    LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+    LdapPropTemplate(properties, options.ldap_url, "authentication.ldap.primaryUrl", "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+    LdapPropTemplate(properties, options.ldap_secondary_url, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+    LdapPropTemplate(properties, options.ldap_ssl, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+    LdapPropTemplate(properties, options.ldap_user_attr, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+    LdapPropTemplate(properties, options.ldap_base_dn, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+    LdapPropTemplate(properties, options.ldap_referral, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
+    LdapPropTemplate(properties, options.ldap_bind_anonym, "authentication.ldap.bindAnonymously" "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
   ]
   return ldap_properties
 
 @OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
-def init_ldap_properties_list_reqd(properties):
+def init_ldap_properties_list_reqd(properties, options):
   ldap_properties = [
-    LdapPropTemplate(properties, LDAP_PRIMARY_URL_PROPERTY, "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
-    LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
-    LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
-    LdapPropTemplate(properties, "authentication.ldap.userObjectClass", "User object class* {0}: ", REGEX_ANYTHING, False, "posixAccount"),
-    LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
-    LdapPropTemplate(properties, "authentication.ldap.groupObjectClass", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
-    LdapPropTemplate(properties, "authentication.ldap.groupNamingAttr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
-    LdapPropTemplate(properties, "authentication.ldap.groupMembershipAttr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
-    LdapPropTemplate(properties, "authentication.ldap.dnAttribute", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
-    LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
-    LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
-    LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+    LdapPropTemplate(properties, options.ldap_url, LDAP_PRIMARY_URL_PROPERTY, "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+    LdapPropTemplate(properties, options.ldap_secondary_url, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+    LdapPropTemplate(properties, options.ldap_ssl, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+    LdapPropTemplate(properties, options.ldap_user_class, "authentication.ldap.userObjectClass", "User object class* {0}: ", REGEX_ANYTHING, False, "posixAccount"),
+    LdapPropTemplate(properties, options.ldap_user_attr, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+    LdapPropTemplate(properties, options.ldap_group_class, "authentication.ldap.groupObjectClass", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
+    LdapPropTemplate(properties, options.ldap_group_attr, "authentication.ldap.groupNamingAttr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
+    LdapPropTemplate(properties, options.ldap_member_attr, "authentication.ldap.groupMembershipAttr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
+    LdapPropTemplate(properties, options.ldap_dn, "authentication.ldap.dnAttribute", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
+    LdapPropTemplate(properties, options.ldap_base_dn, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+    LdapPropTemplate(properties, options.ldap_referral, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
+    LdapPropTemplate(properties, options.ldap_bind_anonym, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
   ]
   return ldap_properties
 
-def setup_ldap():
+def setup_ldap(options):
   if not is_root():
     err = 'Ambari-server setup-ldap should be run with ' \
           'root-level privileges'
@@ -597,7 +610,7 @@ def setup_ldap():
   properties = get_ambari_properties()
   isSecure = get_is_secure(properties)
 
-  ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)
+  ldap_property_list_reqd = init_ldap_properties_list_reqd(properties, options)
 
   ldap_property_list_opt = ["authentication.ldap.managerDn",
                             LDAP_MGR_PASSWORD_PROPERTY,
@@ -617,11 +630,11 @@ def setup_ldap():
   SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
   SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
 
-
   ldap_property_value_map = {}
   for ldap_prop in ldap_property_list_reqd:
     input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
-                                       "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
+                                       "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt,
+                                       answer = ldap_prop.option)
     if input is not None and input != "":
       ldap_property_value_map[ldap_prop.prop_name] = input
 
@@ -631,10 +644,10 @@ def setup_ldap():
   # Ask for manager credentials only if bindAnonymously is false
   if not anonymous:
     username = get_validated_string_input("Manager DN* {0}: ".format(
-      get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
-                                          "Invalid characters in the input!", False, False)
+     get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
+      "Invalid characters in the input!", False, False, answer = options.ldap_manager_dn)
     ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
-    mgr_password = configure_ldap_password()
+    mgr_password = configure_ldap_password(options)
     ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
 
   useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
@@ -646,26 +659,26 @@ def setup_ldap():
     truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
     if truststore_set:
       truststore_default = "y"
-    custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
+    custom_trust_store = True if options.trust_store_path is not None and options.trust_store_path else False
+    if not custom_trust_store:
+      custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
                                       format(truststore_default),
                                       truststore_set)
     if custom_trust_store:
-      ts_type = get_validated_string_input(
-        "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
-        SSL_TRUSTSTORE_TYPE_DEFAULT,
-        "^(jks|jceks|pkcs12)?$", "Wrong type", False)
+      ts_type = get_validated_string_input("TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
+        SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer=options.trust_store_type)
       ts_path = None
       while True:
-        ts_path = get_validated_string_input(
-          "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
-          SSL_TRUSTSTORE_PATH_DEFAULT,
-          ".*", False, False)
+        ts_path = get_validated_string_input("Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
+          SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
         if os.path.exists(ts_path):
           break
         else:
           print 'File not found.'
+          hasAnswer = options.trust_store_path is not None and options.trust_store_path
+          quit_if_has_answer(hasAnswer)
 
-      ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
+      ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password", options.trust_store_password)
 
       ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
       ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
@@ -676,7 +689,7 @@ def setup_ldap():
       print '  ' + SSL_TRUSTSTORE_TYPE_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
       print '  ' + SSL_TRUSTSTORE_PATH_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
       print '  ' + SSL_TRUSTSTORE_PASSWORD_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
-      if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True):
+      if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True, options.trust_store_reconfigure):
         properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
         properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
         properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
@@ -697,18 +710,18 @@ def setup_ldap():
       else:
         print("%s: %s" % (property, BLIND_PASSWORD))
 
-  save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
+  save_settings = True if options.ldap_save_settings is not None else get_YN_input("Save settings [y/n] (y)? ", True)
 
   if save_settings:
     ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
     if isSecure:
       if mgr_password:
-        encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
+        encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, options)
         if mgr_password != encrypted_passwd:
           ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
       pass
       if ts_password:
-        encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
+        encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password, options)
         if ts_password != encrypted_passwd:
           ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
       pass

http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/userInput.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/userInput.py b/ambari-server/src/main/python/ambari_server/userInput.py
index 247ebec..1f31152 100644
--- a/ambari-server/src/main/python/ambari_server/userInput.py
+++ b/ambari-server/src/main/python/ambari_server/userInput.py
@@ -31,21 +31,28 @@ from ambari_commons.os_utils import get_password
 #
 # return True if 'y' or False if 'n'
 #
-def get_YN_input(prompt, default):
+def get_YN_input(prompt, default, answer = None):
   yes = set(['yes', 'ye', 'y'])
   no = set(['no', 'n'])
-  return get_choice_string_input(prompt, default, yes, no)
+  if answer is not None and answer:
+    yes.update(['True', 'true'])
+    no.update(['False', 'false'])
 
+  return get_choice_string_input(prompt, default, yes, no, answer)
 
-def get_choice_string_input(prompt, default, firstChoice, secondChoice):
+
+def get_choice_string_input(prompt, default, firstChoice, secondChoice, answer = None):
   if get_silent():
     print(prompt)
     return default
+  hasAnswer = answer is not None and answer
+  if hasAnswer:
+    print(prompt)
 
   input = True
   result = default
   while input:
-    choice = raw_input(prompt).lower()
+    choice = str(answer) if hasAnswer else raw_input(prompt).lower()
     if choice in firstChoice:
       result = True
       input = False
@@ -57,21 +64,26 @@ def get_choice_string_input(prompt, default, firstChoice, secondChoice):
       input = False
     else:
       print "input not recognized, please try again: "
+      quit_if_has_answer(hasAnswer)
 
   return result
 
 
 def get_validated_string_input(prompt, default, pattern, description,
-                               is_pass, allowEmpty=True, validatorFunction=None):
+                               is_pass, allowEmpty=True, validatorFunction=None, answer = None):
   input = ""
+  hasAnswer = answer is not None and (answer or allowEmpty)
+  if hasAnswer:
+    print (prompt)
+
   while not input:
     if get_silent():
       print (prompt)
       input = default
     elif is_pass:
-      input = get_password(prompt)
+      input = str(answer) if hasAnswer else get_password(prompt)
     else:
-      input = raw_input(prompt)
+      input = str(answer) if hasAnswer else raw_input(prompt)
     if not input.strip():
       # Empty input - if default available use default
       if not allowEmpty and not default:
@@ -79,39 +91,45 @@ def get_validated_string_input(prompt, default, pattern, description,
         msg += ' cannot be blank.'
         print msg
         input = ""
+        quit_if_has_answer(hasAnswer)
         continue
       else:
         input = default
         if validatorFunction:
           if not validatorFunction(input):
             input = ""
+            quit_if_has_answer(hasAnswer)
             continue
         break  # done here and picking up default
     else:
       if not pattern == None and not re.search(pattern, input.strip()):
         print description
         input = ""
+        quit_if_has_answer(hasAnswer)
 
       if validatorFunction:
         if not validatorFunction(input):
           input = ""
+          quit_if_has_answer(hasAnswer)
           continue
   return input
 
-def get_validated_filepath_input(prompt, description, default=None):
+def get_validated_filepath_input(prompt, description, default = None, answer = None):
   input = False
+  hasAnswer = answer is not None and answer
   while not input:
     if get_silent():
       print (prompt)
       return default
     else:
-      input = raw_input(prompt)
+      input = str(answer) if hasAnswer else raw_input(prompt)
       if not input == None:
         input = input.strip()
       if not input == None and not "" == input and os.path.isfile(input):
         return input
       else:
         print description
+        quit_if_has_answer(hasAnswer)
         input = False
 
 
@@ -142,7 +160,8 @@ def get_prompt_default(defaultStr=None):
 def read_password(passwordDefault,
                   passwordPattern,
                   passwordPrompt=None,
-                  passwordDescr=None):
+                  passwordDescr=None,
+                  answer=None):
 
   input = True
   while(input):
@@ -155,18 +174,24 @@ def read_password(passwordDefault,
                       "_ or - characters"
 
     password = get_validated_string_input(passwordPrompt, passwordDefault,
-                                          passwordPattern, passwordDescr, True)
+                                          passwordPattern, passwordDescr, True, answer = answer)
     if not password:
       print 'Password cannot be blank.'
       continue
 
     if password != passwordDefault:
-      password1 = get_validated_string_input("Re-enter password: ",
-                                             passwordDefault, passwordPattern, passwordDescr, True)
+      password1 = get_validated_string_input("Re-enter password: ", passwordDefault, passwordPattern,
+                                             passwordDescr, True, answer = answer)
       if password != password1:
         print "Passwords do not match"
         continue
 
     input = False
 
-  return password
\ No newline at end of file
+  return password
+
+# quits from the application only if the input is provided with a flag ('--customInput=')
+def quit_if_has_answer(hasAnswer):
+  if hasAnswer:
+    print "Validation has failed for the last input. Operation has interrupted."
+    exit(1)
\ No newline at end of file


Mime
View raw message