-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/
-----------------------------------------------------------
Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas,
Sumit Mohanty, and Sebastian Toader.
Bugs: AMBARI-14627
https://issues.apache.org/jira/browse/AMBARI-14627
Repository: ambari
Description
-------
Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses
'--' flags in order to replace user inputs. (if one of the flag is missing,
ambari will ask for user input)
Example usage:
1.) LDAP setup:
ambari-server setup-ldap \
--ldap-url="ldap.hortonworks.com:389" \
--ldap-secondary-url="" \
--ldap-ssl="false" \
--ldap-user-class="person" \
--ldap-user-attr="sAMAccountName" \
--ldap-group-class="group" \
--ldap-group-attr="cn" \
--ldap-member-attr="member" \
--ldap-dn="distunguishedName" \
--ldap-base-dn="dc=hdp01,dc=local" \
--ldap-referral="" \
--ldap-bind-anonym=false \
--ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
--ldap-manager-password="myldappassword" \
--ldap-save-settings \
--truststore-type="jks" \
--truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
--truststore-password="mypass"
2.) Ldap sync:
ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin
--ldap-sync-admin-password=admin
3.) Setup Https:
ambari-server setup-security \
--security-option=setup-https \
--security_keys_dir=/var/lib/ambari-server/keys \
--api-ssl=true --client-api-ssl-port=8443 \
--import-cert-path=/var/lib/ambari-server/keys/my.crt \
--import-key-path=/var/lib/ambari-server/keys/my.key \
--pem-password=password
4.) Encrypt passwords:
ambari-server setup-security --security-option=encrypt-password
--master-key=masterkey --master-key-persist=true
5.) Setup Kerberos JAAS:
ambari-server setup-security --security-option=setup-kerberos-jaas
--jaas-principal="[email protected]"
--jaas-keytab="/etc/security/keytabs/ambari.keytab"
6.) Setup TrustStore:
ambari-server setup-security \
--security-option=setup-truststore \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--truststore-reconfigure // not needed if not configured - also, this
option is not available on branch-2.2
7.) Import certificate to TrustStore:
ambari-server setup-security \
--security-option=import-certificate \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--import-cert-path=/var/lib/ambari-server/oleewere.crt \
--import-cert-alias=myalias \
--truststore-reconfigure // not needed if not configured - also, this
option is not available on branch-2.2
Diffs
-----
ambari-server/src/main/python/ambari-server.py cb7a6cf
ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 3ebebae
ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
96cd823
ambari-server/src/main/python/ambari_server/serverConfiguration.py 3df1663
ambari-server/src/main/python/ambari_server/serverSetup.py 643aebd
ambari-server/src/main/python/ambari_server/setupHttps.py 4e95999
ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9
ambari-server/src/test/python/TestAmbariServer.py c47cc67
Diff: https://reviews.apache.org/r/43832/diff/
Testing
-------
Total run:902
Total errors:0
Total failures:0
OK
FT: manually tested on branch-2.2, on trunk its in progress
Thanks,
Oliver Szabo
