[
https://issues.apache.org/jira/browse/AMBARI-24986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-24986:
----------------------------------
Description:
Use Ambari CLI to enable and disable trusted proxy support in Ambari.
Information needed to be collected:
* Enable/Disable trusted proxy support
** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
* Trusted proxy user (the authenticated user allowed to declare a proxied
user) details - One or more may be specified
** hosts from which the proxy user can connect
*** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited list
of hostname, ip address, CIDR Notation (intermixed is ok)
** users allowed to be specified as proxied users by the proxy user
*** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited
list of usernames
** group for which users to be proxied are members
*** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited
list of group names
{noformat}
[root@c7402 ~]# ambari-server setup-trusted-proxy
Using python /usr/bin/python
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Fetching Trusted Proxy configuration from DB.
Trusted Proxy support is currently disabled
Do you want to configure Trusted Proxy support [y/n] (y)? y
The proxy user's (local) username? knox
Allowed hosts for knox (*)? knox.ambari.apache.org
Allowed users for knox (*)? *
Allowed groups for knox (*)? users
Add another proxy user [y/n]? y
The proxy user's (local) username? admin
Allowed hosts for admin (*)? 192.168.74.0/24
Allowed users for admin (*)? tom, sam, admin
Allowed groups for admin (*)? admin_users
Add another proxy user [y/n]? n
Save settings [y/n] (y)? y
Saving Trusted Proxy configuration...
Saving Trusted Proxy configuration finished
Ambari Server ' setup-trusted-proxy' completed successfully.
{noformat}
The REST API calls to get and set the trusted proxy configurations are
{noformat:title=GET request}
GET
/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
{noformat}
{noformat:title=GET example response}
{
"href" :
"http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration";,
"Configuration" : {
"category" : "tproxy-configuration",
"component_name" : "AMBARI_SERVER",
"service_name" : "AMBARI",
"properties" : {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.admin.groups" : "admin_users",
"ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
"ambari.tproxy.proxyuser.knox.groups" : "users",
"ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users" : "*"
},
"property_types" : {
"ambari.tproxy.authentication.enabled" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
}
}
}
{noformat}
{noformat:title=POST request}
POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
{
"Configuration": {
"category" : "tproxy-configuration",
"properties": {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users": "*",
"ambari.tproxy.proxyuser.knox.groups": "users",
"ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
"ambari.tproxy.proxyuser.admin.groups": "admin_users"
}
}
}{noformat}
was:
Use Ambari CLI to enable and disable trusted proxy support in Ambari.
Information needed to be collected:
* Enable/Disable trusted proxy support
** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
* Trusted proxy user (the authenticated user allowed to declare a proxied
user) details - One or more may be specified
** hosts from which the proxy user can connect
*** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited list
of hostname, ip address, CIDR Notation (intermixed is ok)
** users allowed to be specified as proxied users by the proxy user
*** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited
list of usernames
** group for which users to be proxied are members
*** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited
list of group names
{noformat}
[root@c7402 ~]# ambari-server setup-tproxy
Using python /usr/bin/python
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Fetching Trusted Proxy configuration from DB.
Trusted Proxy support is currently disabled
Do you want to configure Trusted Proxy support [y/n] (y)? y
The proxy user's (local) username? knox
Allowed hosts for knox (*)? knox.ambari.apache.org
Allowed users for knox (*)? *
Allowed groups for knox (*)? users
Add another proxy user [y/n]? y
The proxy user's (local) username? admin
Allowed hosts for admin (*)? 192.168.74.0/24
Allowed users for admin (*)? tom, sam, admin
Allowed groups for admin (*)? admin_users
Add another proxy user [y/n]? n
Save settings [y/n] (y)? y
Saving Trusted Proxy configuration...
Saving Trusted Proxy configuration finished
Ambari Server 'setup-tproxy' completed successfully.
{noformat}
The REST API calls to get and set the trusted proxy configurations are
{noformat:title=GET request}
GET
/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
{noformat}
{noformat:title=GET example response}
{
"href" :
"http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration";,
"Configuration" : {
"category" : "tproxy-configuration",
"component_name" : "AMBARI_SERVER",
"service_name" : "AMBARI",
"properties" : {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.admin.groups" : "admin_users",
"ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
"ambari.tproxy.proxyuser.knox.groups" : "users",
"ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users" : "*"
},
"property_types" : {
"ambari.tproxy.authentication.enabled" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
}
}
}
{noformat}
{noformat:title=POST request}
POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
{
"Configuration": {
"category" : "tproxy-configuration",
"properties": {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users": "*",
"ambari.tproxy.proxyuser.knox.groups": "users",
"ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
"ambari.tproxy.proxyuser.admin.groups": "admin_users"
}
}
}{noformat}
> Use Ambari CLI to enable and disable trusted proxy support in Ambari
> --------------------------------------------------------------------
>
> Key: AMBARI-24986
> URL: https://issues.apache.org/jira/browse/AMBARI-24986
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.8.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Use Ambari CLI to enable and disable trusted proxy support in Ambari.
> Information needed to be collected:
> * Enable/Disable trusted proxy support
> ** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
> * Trusted proxy user (the authenticated user allowed to declare a proxied
> user) details - One or more may be specified
> ** hosts from which the proxy user can connect
> *** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited
> list of hostname, ip address, CIDR Notation (intermixed is ok)
> ** users allowed to be specified as proxied users by the proxy user
> *** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited
> list of usernames
> ** group for which users to be proxied are members
> *** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited
> list of group names
> {noformat}
> [root@c7402 ~]# ambari-server setup-trusted-proxy
> Using python /usr/bin/python
> Enter Ambari Admin login: admin
> Enter Ambari Admin password:
> Fetching Trusted Proxy configuration from DB.
> Trusted Proxy support is currently disabled
> Do you want to configure Trusted Proxy support [y/n] (y)? y
> The proxy user's (local) username? knox
> Allowed hosts for knox (*)? knox.ambari.apache.org
> Allowed users for knox (*)? *
> Allowed groups for knox (*)? users
> Add another proxy user [y/n]? y
> The proxy user's (local) username? admin
> Allowed hosts for admin (*)? 192.168.74.0/24
> Allowed users for admin (*)? tom, sam, admin
> Allowed groups for admin (*)? admin_users
> Add another proxy user [y/n]? n
> Save settings [y/n] (y)? y
> Saving Trusted Proxy configuration...
> Saving Trusted Proxy configuration finished
> Ambari Server ' setup-trusted-proxy' completed successfully.
> {noformat}
> The REST API calls to get and set the trusted proxy configurations are
> {noformat:title=GET request}
> GET
> /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
> {noformat}
> {noformat:title=GET example response}
> {
> "href" :
> "http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration";,
> "Configuration" : {
> "category" : "tproxy-configuration",
> "component_name" : "AMBARI_SERVER",
> "service_name" : "AMBARI",
> "properties" : {
> "ambari.tproxy.authentication.enabled" : "true",
> "ambari.tproxy.proxyuser.admin.groups" : "admin_users",
> "ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
> "ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
> "ambari.tproxy.proxyuser.knox.groups" : "users",
> "ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
> "ambari.tproxy.proxyuser.knox.users" : "*"
> },
> "property_types" : {
> "ambari.tproxy.authentication.enabled" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
> }
> }
> }
> {noformat}
> {noformat:title=POST request}
> POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
> {
> "Configuration": {
> "category" : "tproxy-configuration",
> "properties": {
> "ambari.tproxy.authentication.enabled" : "true",
> "ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
> "ambari.tproxy.proxyuser.knox.users": "*",
> "ambari.tproxy.proxyuser.knox.groups": "users",
> "ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
> "ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
> "ambari.tproxy.proxyuser.admin.groups": "admin_users"
> }
> }
> }{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
