Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Content-Type: multipart/alternative;
 boundary="===============7023088821724369332=="
MIME-Version: 1.0
Subject: Review Request 44203: Ambari overrides trustore when executing
 "ambari-server setup-ldap"
From: Daniel Gergely <dgergely@hortonworks.com>
To: Sebastian Toader <stoader@hortonworks.com>,
 Oliver Szabo <oszabo@hortonworks.com>,
 Laszlo Puskas <lpuskas@hortonworks.com>
Cc: Ambari <dev@ambari.apache.org>, Daniel Gergely <dgergely@hortonworks.com>
Date: Tue, 01 Mar 2016 09:36:02 -0000
Message-ID: <20160301093602.26941.50791@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: Daniel Gergely <noreply@reviews.apache.org>
Reply-To: Daniel Gergely <dgergely@hortonworks.com>

--===============7023088821724369332==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44203/
-----------------------------------------------------------

Review request for Ambari, Laszlo Puskas, Oliver Szabo, and Sebastian Toader.


Bugs: AMBARI-15242
    https://issues.apache.org/jira/browse/AMBARI-15242


Repository: ambari


Description
-------

TrustStore type, path and password properties were removed from ambari.properties file if custom TrustStore is not provided during setup-ldap.

Now I added a confirmation whether the user wants to reconfigure the already set TrustStore. If custom TrustStore is provided then no question is asked.


Diffs
-----

  ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9 

Diff: https://reviews.apache.org/r/44203/diff/


Testing
-------

I did manual testing to confirm that properties are not removed if user says no for reconfiguration.

**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=password**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**

[root@c6401 /]# ambari-server setup-ldap
Using python  /usr/bin/python
Setting up LDAP properties...
Primary URL {host:port} (172.22.70.141:636): 
Secondary URL {host:port} : 
Use SSL [true/false] (true): 
User object class (user): 
User name attribute (sAMAccountName): 
Group object class (group): 
Group name attribute (cn): 
Group member attribute (member): 
Distinguished name attribute (distinguishedName): 
Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
Referral method [follow/ignore] (ignore): 
Bind anonymously [true/false] (false): 
Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
Enter Manager Password : 
Re-enter password: 
**Do you want to provide custom TrustStore for Ambari [y/n] (y)?n**
**The TrustStore is already configured. Do you want to re-configure the TrustStore [y/n] (y)? n**
====================
Review Settings
====================
authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
authentication.ldap.managerPassword: ****
Save settings [y/n] (y)? 
Saving...done
Ambari Server 'setup-ldap' completed successfully.

**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=password**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**

[root@c6401 /]# ambari-server setup-ldap
Using python  /usr/bin/python
Setting up LDAP properties...
Primary URL {host:port} (172.22.70.141:636): 
Secondary URL {host:port} : 
Use SSL [true/false] (true): 
User object class (user): 
User name attribute (sAMAccountName): 
Group object class (group): 
Group name attribute (cn): 
Group member attribute (member): 
Distinguished name attribute (distinguishedName): 
Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
Referral method [follow/ignore] (ignore): 
Bind anonymously [true/false] (false): 
Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
Enter Manager Password : 
Password cannot be blank.
Enter Manager Password : 
Re-enter password: 
**Do you want to provide custom TrustStore for Ambari [y/n] (y)?y**
TrustStore type [jks/jceks/pkcs12] (jks):
Path to TrustStore file (/tmp):
Password for TrustStore:
Re-enter password: 
====================
Review Settings
====================
authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
authentication.ldap.managerPassword: ****
ssl.trustStore.type: jks
ssl.trustStore.path: /tmp
ssl.trustStore.password: ****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.

**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=p**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**

[root@c6401 /]# ambari-server restart
Using python  /usr/bin/python
Restarting ambari-server
Using python  /usr/bin/python
Stopping ambari-server
Ambari Server stopped
Using python  /usr/bin/python
Starting ambari-server
Ambari Server running with administrator privileges.
Organizing resource files at //var/lib/ambari-server/resources...
Server PID at: /var/run/ambari-server/ambari-server.pid
Server out at: /var/log/ambari-server/ambari-server.out
Server log at: /var/log/ambari-server/ambari-server.log
Waiting for server start....................
Ambari Server 'start' completed successfully.

**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=p**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**


Thanks,

Daniel Gergely


--===============7023088821724369332==--