Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 92F661914D for ; Tue, 1 Mar 2016 22:10:20 +0000 (UTC) Received: (qmail 40678 invoked by uid 500); 1 Mar 2016 22:10:20 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 40646 invoked by uid 500); 1 Mar 2016 22:10:20 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 40627 invoked by uid 99); 1 Mar 2016 22:10:20 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Mar 2016 22:10:20 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id 4BEB32E74FA; Tue, 1 Mar 2016 22:10:19 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============4192862834229674131==" MIME-Version: 1.0 Subject: Re: Review Request 44203: Ambari overrides trustore when executing "ambari-server setup-ldap" From: Yusaku Sako To: Oliver Szabo , Sebastian Toader , Yusaku Sako , Florian Barca , Laszlo Puskas Cc: Ambari , Daniel Gergely Date: Tue, 01 Mar 2016 22:10:19 -0000 Message-ID: <20160301221019.26940.95296@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Yusaku Sako X-ReviewGroup: Ambari X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/44203/ X-Sender: Yusaku Sako X-ReviewBoard-ShipIt: 1 References: <20160301122627.26941.2101@reviews.apache.org> In-Reply-To: <20160301122627.26941.2101@reviews.apache.org> X-ReviewBoard-ShipIt-Only: 1 Reply-To: Yusaku Sako X-ReviewRequest-Repository: ambari --===============4192862834229674131== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44203/#review121514 ----------------------------------------------------------- Ship it! Ship It! - Yusaku Sako On March 1, 2016, 12:26 p.m., Daniel Gergely wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44203/ > ----------------------------------------------------------- > > (Updated March 1, 2016, 12:26 p.m.) > > > Review request for Ambari, Florian Barca, Laszlo Puskas, Oliver Szabo, Sebastian Toader, and Yusaku Sako. > > > Bugs: AMBARI-15242 > https://issues.apache.org/jira/browse/AMBARI-15242 > > > Repository: ambari > > > Description > ------- > > TrustStore type, path and password properties were removed from ambari.properties file if custom TrustStore is not provided during setup-ldap. > > Now I added a confirmation whether the user wants to reconfigure the already set TrustStore. If custom TrustStore is provided then no question is asked. > > > Diffs > ----- > > ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9 > > Diff: https://reviews.apache.org/r/44203/diff/ > > > Testing > ------- > > I did manual testing to confirm that properties are not removed if user says no for reconfiguration. > > **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore** > **ssl.trustStore.password=password** > **ssl.trustStore.path=/tmp** > **ssl.trustStore.type=jks** > > [root@c6401 /]# ambari-server setup-ldap > Using python /usr/bin/python > Setting up LDAP properties... > Primary URL {host:port} (172.22.70.141:636): > Secondary URL {host:port} : > Use SSL [true/false] (true): > User object class (user): > User name attribute (sAMAccountName): > Group object class (group): > Group name attribute (cn): > Group member attribute (member): > Distinguished name attribute (distinguishedName): > Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): > Referral method [follow/ignore] (ignore): > Bind anonymously [true/false] (false): > Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): > Enter Manager Password : > Re-enter password: > **Do you want to provide custom TrustStore for Ambari [y/n] (y)?n** > **The TrustStore is already configured. Do you want to re-configure the TrustStore [y/n] (y)? n** > ==================== > Review Settings > ==================== > authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com > authentication.ldap.managerPassword: **** > Save settings [y/n] (y)? > Saving...done > Ambari Server 'setup-ldap' completed successfully. > > **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore** > **ssl.trustStore.password=password** > **ssl.trustStore.path=/tmp** > **ssl.trustStore.type=jks** > > [root@c6401 /]# ambari-server setup-ldap > Using python /usr/bin/python > Setting up LDAP properties... > Primary URL {host:port} (172.22.70.141:636): > Secondary URL {host:port} : > Use SSL [true/false] (true): > User object class (user): > User name attribute (sAMAccountName): > Group object class (group): > Group name attribute (cn): > Group member attribute (member): > Distinguished name attribute (distinguishedName): > Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com): > Referral method [follow/ignore] (ignore): > Bind anonymously [true/false] (false): > Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): > Enter Manager Password : > Password cannot be blank. > Enter Manager Password : > Re-enter password: > **Do you want to provide custom TrustStore for Ambari [y/n] (y)?y** > TrustStore type [jks/jceks/pkcs12] (jks): > Path to TrustStore file (/tmp): > Password for TrustStore: > Re-enter password: > ==================== > Review Settings > ==================== > authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com > authentication.ldap.managerPassword: **** > ssl.trustStore.type: jks > ssl.trustStore.path: /tmp > ssl.trustStore.password: **** > Save settings [y/n] (y)? y > Saving...done > Ambari Server 'setup-ldap' completed successfully. > > **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore** > **ssl.trustStore.password=p** > **ssl.trustStore.path=/tmp** > **ssl.trustStore.type=jks** > > [root@c6401 /]# ambari-server restart > Using python /usr/bin/python > Restarting ambari-server > Using python /usr/bin/python > Stopping ambari-server > Ambari Server stopped > Using python /usr/bin/python > Starting ambari-server > Ambari Server running with administrator privileges. > Organizing resource files at //var/lib/ambari-server/resources... > Server PID at: /var/run/ambari-server/ambari-server.pid > Server out at: /var/log/ambari-server/ambari-server.out > Server log at: /var/log/ambari-server/ambari-server.log > Waiting for server start.................... > Ambari Server 'start' completed successfully. > > **[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore** > **ssl.trustStore.password=p** > **ssl.trustStore.path=/tmp** > **ssl.trustStore.type=jks** > > > Thanks, > > Daniel Gergely > > --===============4192862834229674131==--