[jira] [Updated] (AMBARI-24581) Enable Oozie SSL config setup with hidden password

Fri, 31 Aug 2018 09:48:20 -0700 


     [ 
https://issues.apache.org/jira/browse/AMBARI-24581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated AMBARI-24581:
------------------------------------
    Labels: pull-request-available  (was: )

> Enable Oozie SSL config setup with hidden password
> --------------------------------------------------
>
>                 Key: AMBARI-24581
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24581
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.6.2
>         Environment: Ambari 2.6.2.2
> HDP 2.6.5.0
>            Reporter: Christian Danner
>            Priority: Minor
>              Labels: pull-request-available
>
> Currently it is not possible to enable Oozie SSL with all parameters being 
> entered in Ambari without showing the password for the keystore in clear text 
> in the oozie-env file.
> Since non admin users should be able to get on Ambari to use e.g. Ambari 
> Views, users are able to see the configuration. With the keystore password in 
> clear text in the oozie-env file this is no desired approach.
> Therefore I suggest three new variables in the oozie-site.xml.
> {code:java}
> <property>
> <name>oozie.https.port</name>
> <value>11443</value>
> <display-name>Oozie HTTPS Port</display-name>
> <description>Oozie HTTPS Port</description>
> <on-ambari-upgrade add="false"/>
> </property>
> <property>
> <name>oozie.https.keystore.file</name>
> <value/>
> <display-name>Oozie HTTPS Keystore</display-name>
> <description>Keystore to be used for SSL</description>
> <on-ambari-upgrade add="false"/>
> </property>
> <property>
> <name>oozie.https.keystore.pass</name>
> <value/>
> <display-name>Oozie HTTPS Keystore Passphrase</display-name>
> <property-type>PASSWORD</property-type>
> <description>Passphrase to be used for the provided keystore</description>
> <on-ambari-upgrade add="false"/>
> </property>
> {code}
> The params_linux.py should be able to read those variables in.
> {code:java}
> oozie_https_port = config['configurations']['oozie-site']['oozie.https.port']
> oozie_https_keystore_file = 
> config['configurations']['oozie-site']['oozie.https.keystore.file']
> oozie_https_keystore_pass = 
> config['configurations']['oozie-site']['oozie.https.keystore.pass']
> {code}
> After all the oozie-env.sh should have an extension in case all three 
> varables are set in oozie-site.xml that the environment variables are being 
> set. 
> {code:java}
> {% if oozie_https_port and oozie_https_keystore_file and 
> oozie_https_keystore_pass%}
> # Export SSL Config
> export OOZIE_HTTPS_PORT={{oozie_https_port}}
> export OOZIE_HTTPS_KEYSTORE_FILE={{oozie_https_keystore_file}}
> export OOZIE_HTTPS_KEYSTORE_PASS='{{oozie_https_keystore_pass}}'
> {% endif %}
> {code}
> With this approach it is possible to hide the password within the UI of 
> Ambari and also use Oozie with HTTPS enabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to