[
https://issues.apache.org/jira/browse/AMBARI-14627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15222028#comment-15222028
]
Hadoop QA commented on AMBARI-14627:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12796536/AMBARI-14627_v5.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The test build failed in ambari-server
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/6148//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/6148//console
This message is automatically generated.
> Ability to automate setup-security and setup-ldap/sync-ldap
> -----------------------------------------------------------
>
> Key: AMBARI-14627
> URL: https://issues.apache.org/jira/browse/AMBARI-14627
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.1
> Reporter: Krisztian Horvath
> Assignee: Olivér Szabó
> Fix For: 2.4.0
>
> Attachments: AMBARI-14627_v5.patch
>
>
> Currently the ambari-server setup-security command does not have any options
> thus it's interactive. This makes it really hard to automate this process.
> For kerberos 1 option should be enough for setting the master key.
> Same for setup-ldap and sync-ldap
> Example usage:
> {code:java}
> 1.) LDAP setup:
> ambari-server setup-ldap \
> --ldap-url="ldap.apache.org389" \
> --ldap-secondary-url="" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="sAMAccountName" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distunguishedName" \
> --ldap-base-dn="dc=ambari01,dc=local" \
> --ldap-referral="" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="cn=hdfs,ou=ambari,dc=ambari01,dc=local" \
> --ldap-manager-password="myldappassword" \
> --ldap-save-settings \
> --truststore-type="jks" \
> --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
> --truststore-password="mypass"
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin
> --ldap-sync-admin-password=admin
> 3.) Setup Https:
> ambari-server setup-security \
> --security-option=setup-https \
> --api-ssl=true --client-api-ssl-port=8443 \
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
> ambari-server setup-security --security-option=encrypt-password
> --master-key=masterkey --master-key-persist=true
> 5.) Setup Kerberos JAAS:
> ambari-server setup-security --security-option=setup-kerberos-jaas
> --jaas-principal="[email protected]"
> --jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 6.) Setup TrustStore:
> ambari-server setup-security \
> --security-option=setup-truststore \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --truststore-reconfigure
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \
> --security-option=import-certificate \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --import-cert-path=/var/lib/ambari-server/my.crt \
> --import-cert-alias=myalias \
> --truststore-reconfigure
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
