----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43832/#review120172 -----------------------------------------------------------
Ship it! Ship It! - Alejandro Fernandez On Feb. 22, 2016, 2:40 p.m., Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/43832/ > ----------------------------------------------------------- > > (Updated Feb. 22, 2016, 2:40 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert > Levas, Sumit Mohanty, and Sebastian Toader. > > > Bugs: AMBARI-14627 > https://issues.apache.org/jira/browse/AMBARI-14627 > > > Repository: ambari > > > Description > ------- > > Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari > uses '--' flags in order to replace user inputs. (if one of the flag is > missing, ambari will ask for user input) > Example usage: > > 1.) LDAP setup: > ambari-server setup-ldap \ > --ldap-url="ldap.hortonworks.com:389" \ > --ldap-secondary-url="" \ > --ldap-ssl="false" \ > --ldap-user-class="person" \ > --ldap-user-attr="sAMAccountName" \ > --ldap-group-class="group" \ > --ldap-group-attr="cn" \ > --ldap-member-attr="member" \ > --ldap-dn="distunguishedName" \ > --ldap-base-dn="dc=hdp01,dc=local" \ > --ldap-referral="" \ > --ldap-bind-anonym=false \ > --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \ > --ldap-manager-password="myldappassword" \ > --ldap-save-settings \ > --truststore-type="jks" \ > --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \ > --truststore-password="mypass" > > 2.) Ldap sync: > ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin > --ldap-sync-admin-password=admin > > 3.) Setup Https: > ambari-server setup-security \ > --security-option=setup-https \ > --security_keys_dir=/var/lib/ambari-server/keys \ > --api-ssl=true --client-api-ssl-port=8443 \ > --import-cert-path=/var/lib/ambari-server/keys/my.crt \ > --import-key-path=/var/lib/ambari-server/keys/my.key \ > --pem-password=password > 4.) Encrypt passwords: > ambari-server setup-security --security-option=encrypt-password > --master-key=masterkey --master-key-persist=true > > 5.) Setup Kerberos JAAS: > ambari-server setup-security --security-option=setup-kerberos-jaas > --jaas-principal="[email protected]" > --jaas-keytab="/etc/security/keytabs/ambari.keytab" > > 6.) Setup TrustStore: > ambari-server setup-security \ > --security-option=setup-truststore \ > --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ > --truststore-type=pkcs12 \ > --truststore-password=password \ > --truststore-reconfigure // not needed if not configured - also, this > option is not available on branch-2.2 > 7.) Import certificate to TrustStore: > ambari-server setup-security \ > --security-option=import-certificate \ > --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ > --truststore-type=pkcs12 \ > --truststore-password=password \ > --import-cert-path=/var/lib/ambari-server/oleewere.crt \ > --import-cert-alias=myalias \ > --truststore-reconfigure // not needed if not configured - also, this > option is not available on branch-2.2 > > > Diffs > ----- > > ambari-server/src/main/python/ambari-server.py cb7a6cf > ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d > ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py > 3ebebae > ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py > 96cd823 > ambari-server/src/main/python/ambari_server/serverConfiguration.py 3df1663 > ambari-server/src/main/python/ambari_server/serverSetup.py 643aebd > ambari-server/src/main/python/ambari_server/setupHttps.py 4e95999 > ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9 > ambari-server/src/test/python/TestAmbariServer.py c47cc67 > > Diff: https://reviews.apache.org/r/43832/diff/ > > > Testing > ------- > > Total run:902 > Total errors:0 > Total failures:0 > OK > > > FT: manually tested on branch-2.2, on trunk its in progress > > > Thanks, > > Oliver Szabo > >
