ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Toader <stoa...@hortonworks.com>
Subject Re: Review Request 44203: Ambari overrides trustore when executing "ambari-server setup-ldap"
Date Tue, 01 Mar 2016 12:25:17 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44203/#review121427
-----------------------------------------------------------


Ship it!




Ship It!

- Sebastian Toader


On March 1, 2016, 1:16 p.m., Daniel Gergely wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44203/
> -----------------------------------------------------------
> 
> (Updated March 1, 2016, 1:16 p.m.)
> 
> 
> Review request for Ambari, Florian Barca, Laszlo Puskas, Oliver Szabo, Sebastian Toader,
and Yusaku Sako.
> 
> 
> Bugs: AMBARI-15242
>     https://issues.apache.org/jira/browse/AMBARI-15242
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> TrustStore type, path and password properties were removed from ambari.properties file
if custom TrustStore is not provided during setup-ldap.
> 
> Now I added a confirmation whether the user wants to reconfigure the already set TrustStore.
If custom TrustStore is provided then no question is asked.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9 
> 
> Diff: https://reviews.apache.org/r/44203/diff/
> 
> 
> Testing
> -------
> 
> I did manual testing to confirm that properties are not removed if user says no for reconfiguration.
> 
> **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
> **ssl.trustStore.password=password**
> **ssl.trustStore.path=/tmp**
> **ssl.trustStore.type=jks**
> 
> [root@c6401 /]# ambari-server setup-ldap
> Using python  /usr/bin/python
> Setting up LDAP properties...
> Primary URL {host:port} (172.22.70.141:636): 
> Secondary URL {host:port} : 
> Use SSL [true/false] (true): 
> User object class (user): 
> User name attribute (sAMAccountName): 
> Group object class (group): 
> Group name attribute (cn): 
> Group member attribute (member): 
> Distinguished name attribute (distinguishedName): 
> Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
> Referral method [follow/ignore] (ignore): 
> Bind anonymously [true/false] (false): 
> Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
> Enter Manager Password : 
> Re-enter password: 
> **Do you want to provide custom TrustStore for Ambari [y/n] (y)?n**
> **The TrustStore is already configured. Do you want to re-configure the TrustStore [y/n]
(y)? n**
> ====================
> Review Settings
> ====================
> authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
> authentication.ldap.managerPassword: ****
> Save settings [y/n] (y)? 
> Saving...done
> Ambari Server 'setup-ldap' completed successfully.
> 
> **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
> **ssl.trustStore.password=password**
> **ssl.trustStore.path=/tmp**
> **ssl.trustStore.type=jks**
> 
> [root@c6401 /]# ambari-server setup-ldap
> Using python  /usr/bin/python
> Setting up LDAP properties...
> Primary URL {host:port} (172.22.70.141:636): 
> Secondary URL {host:port} : 
> Use SSL [true/false] (true): 
> User object class (user): 
> User name attribute (sAMAccountName): 
> Group object class (group): 
> Group name attribute (cn): 
> Group member attribute (member): 
> Distinguished name attribute (distinguishedName): 
> Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
> Referral method [follow/ignore] (ignore): 
> Bind anonymously [true/false] (false): 
> Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
> Enter Manager Password : 
> Password cannot be blank.
> Enter Manager Password : 
> Re-enter password: 
> **Do you want to provide custom TrustStore for Ambari [y/n] (y)?y**
> TrustStore type [jks/jceks/pkcs12] (jks):
> Path to TrustStore file (/tmp):
> Password for TrustStore:
> Re-enter password: 
> ====================
> Review Settings
> ====================
> authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
> authentication.ldap.managerPassword: ****
> ssl.trustStore.type: jks
> ssl.trustStore.path: /tmp
> ssl.trustStore.password: ****
> Save settings [y/n] (y)? y
> Saving...done
> Ambari Server 'setup-ldap' completed successfully.
> 
> **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
> **ssl.trustStore.password=p**
> **ssl.trustStore.path=/tmp**
> **ssl.trustStore.type=jks**
> 
> [root@c6401 /]# ambari-server restart
> Using python  /usr/bin/python
> Restarting ambari-server
> Using python  /usr/bin/python
> Stopping ambari-server
> Ambari Server stopped
> Using python  /usr/bin/python
> Starting ambari-server
> Ambari Server running with administrator privileges.
> Organizing resource files at //var/lib/ambari-server/resources...
> Server PID at: /var/run/ambari-server/ambari-server.pid
> Server out at: /var/log/ambari-server/ambari-server.out
> Server log at: /var/log/ambari-server/ambari-server.log
> Waiting for server start....................
> Ambari Server 'start' completed successfully.
> 
> **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
> **ssl.trustStore.password=p**
> **ssl.trustStore.path=/tmp**
> **ssl.trustStore.type=jks**
> 
> 
> Thanks,
> 
> Daniel Gergely
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message