[
https://issues.apache.org/jira/browse/AMBARI-23628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445820#comment-16445820
]
Hudson commented on AMBARI-23628:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9096 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/9096/])
[AMBARI-23628] Enable Ambari SSO to be enabled without impacting other (rlevas:
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=034199d2d3fc8a838e33091cdae4a338f590bfd0])
* (edit) ambari-server/src/main/python/ambari_server/setupSso.py
* (edit) ambari-server/src/main/python/ambari-server.py
* (edit) ambari-server/src/test/python/TestSetupSso.py
> Enable Ambari SSO to be enabled without impacting other service sso configs
> ---------------------------------------------------------------------------
>
> Key: AMBARI-23628
> URL: https://issues.apache.org/jira/browse/AMBARI-23628
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.0
> Reporter: suja s
> Assignee: Robert Levas
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.7.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> *Scenario*
> Ranger and Atlas are SSO enabled via BP deploys and Ambari is not SSO
> enabled.
> Later Ambari SSO has to be enabled without changing existing configs(so
> restart will not be required) for Atlas and Ranger.
> Now this is not possible with "Enable for the selected services" option.
> This was possible in previous versions but with the latest changes from
> AMBARI-23253, even if SSO was enabled for services earlier we still have to
> opt SSO for Ranger and Atlas in the list. When services are specified in the
> list, this would prompt for service restart.
> So,
> ---If we enable SSO for Ambari and not the other services via the CLI, then
> any previous SSO setting for those services will be cleared
> ---If we enable SSO for Ambari and the other services via the CLI, then any
> previous SSO setting for those services will be potentially updated and this
> cause services to need to restart. But since data is the same no restart
> should be needed for those services
> *Solution*
> Add new prompts to separate Ambari's SSO configuration from the managed
> service's SSO configs so they can be managed separately:
> * Use SSO for Ambari ({{--sso-enabled-ambari}})
> * Manage SSO configurations for eligible services ({{--sso-manage-services}})
> {noformat}
> [root@c7401 ~]# ambari-server setup-sso --help
> Using python /usr/bin/python
> Setting up SSO authentication properties...
> Usage: ambari-server.py action [options]
> Options:
> -h, --help show this help message and exit
> -v, --verbose Print verbose status messages
> -s, --silent Silently accepts default prompt values. For db-cleanup
> command, silent mode will stop ambari server.
> --sso-enabled=SSO_ENABLED
> Indicates whether to enable/disable SSO
> --sso-enabled-ambari=SSO_ENABLED_AMBARI
> Indicates whether to enable/disable SSO authentication
> for Ambari, itself
> --sso-manage-services=SSO_MANAGE_SERVICES
> Indicates whether Ambari should manage the SSO
> configurations for specified services
> --sso-enabled-services=SSO_ENABLED_SERVICES
> A comma separated list of services that are expected
> to be configured for SSO (you are allowed to use '*'
> to indicate ALL services)
> --sso-provider-url=SSO_PROVIDER_URL
> The URL of SSO provider; this must be provided when
> --sso-enabled is set to 'true'
> --sso-public-cert-file=SSO_PUBLIC_CERT_FILE
> The path where the public certificate PEM is located;
> this must be provided when --sso-enabled is set to
> 'true'
> --sso-jwt-cookie-name=SSO_JWT_COOKIE_NAME
> The name of the JWT cookie
> --sso-jwt-audience-list=SSO_JWT_AUDIENCE_LIST
> A comma separated list of JWT audience(s)
> --ambari-admin-username=AMBARI_ADMIN_USERNAME
> Ambari administrator username for accessing Ambari's
> REST API
> --ambari-admin-password=AMBARI_ADMIN_PASSWORD
> Ambari administrator password for accessing Ambari's
> REST API
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
