ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <rle...@hortonworks.com>
Subject Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap
Date Tue, 23 Feb 2016 00:49:19 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review120228
-----------------------------------------------------------


Ship it!




Ship It!

- Robert Levas


On Feb. 22, 2016, 9:40 a.m., Oliver Szabo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2016, 9:40 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit
Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-14627
>     https://issues.apache.org/jira/browse/AMBARI-14627
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags
in order to replace user inputs. (if one of the flag is missing, ambari will ask for user
input)
> Example usage: 
> 
> 1.) LDAP setup: 
>   ambari-server setup-ldap \
>   --ldap-url="ldap.hortonworks.com:389" \
>   --ldap-secondary-url="" \
>   --ldap-ssl="false" \
>   --ldap-user-class="person" \
>   --ldap-user-attr="sAMAccountName" \
>   --ldap-group-class="group" \
>   --ldap-group-attr="cn" \
>   --ldap-member-attr="member" \
>   --ldap-dn="distunguishedName" \
>   --ldap-base-dn="dc=hdp01,dc=local" \
>   --ldap-referral="" \
>   --ldap-bind-anonym=false \
>   --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
>   --ldap-manager-password="myldappassword" \
>   --ldap-save-settings \
>   --truststore-type="jks" \
>   --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
>   --truststore-password="mypass"
> 
> 2.) Ldap sync:
>     ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
> 
> 3.) Setup Https:
>   ambari-server setup-security \ 
>     --security-option=setup-https \
>     --security_keys_dir=/var/lib/ambari-server/keys \
>     --api-ssl=true --client-api-ssl-port=8443 \ 
>     --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
>     --import-key-path=/var/lib/ambari-server/keys/my.key \
>     --pem-password=password
> 4.) Encrypt passwords:
>   ambari-server setup-security --security-option=encrypt-password --master-key=masterkey
--master-key-persist=true
> 
> 5.) Setup Kerberos JAAS:
>   ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM"
--jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 
> 6.) Setup TrustStore:
>     ambari-server setup-security \
>       --security-option=setup-truststore \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \
>       --truststore-reconfigure // not needed if not configured - also, this option is
not available on branch-2.2 
> 7.) Import certificate to TrustStore:
>     ambari-server setup-security \ 
>       --security-option=import-certificate \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \ 
>       --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
>       --import-cert-alias=myalias \ 
>       --truststore-reconfigure // not needed if not configured - also, this option is
not available on branch-2.2
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/python/ambari-server.py cb7a6cf 
>   ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 3ebebae 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823 
>   ambari-server/src/main/python/ambari_server/serverConfiguration.py 3df1663 
>   ambari-server/src/main/python/ambari_server/serverSetup.py 643aebd 
>   ambari-server/src/main/python/ambari_server/setupHttps.py 4e95999 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9 
>   ambari-server/src/test/python/TestAmbariServer.py c47cc67 
> 
> Diff: https://reviews.apache.org/r/43832/diff/
> 
> 
> Testing
> -------
> 
> Total run:902
> Total errors:0
> Total failures:0
> OK
> 
> 
> FT: manually tested on branch-2.2, on trunk its in progress
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message