-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/
-----------------------------------------------------------

(Updated April 1, 2016, 2:36 p.m.)


Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, 
Sumit Mohanty, and Sebastian Toader.


Changes
-------

- exit in case of validation error during interactive mode


Bugs: AMBARI-14627
    https://issues.apache.org/jira/browse/AMBARI-14627


Repository: ambari


Description (updated)
-------

Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses 
'--' flags in order to replace user inputs. (if one of the flag is missing, 
ambari will ask for user input)
Example usage: 

1.) LDAP setup: 
  ambari-server setup-ldap \
  --ldap-url="ldap.hortonworks.com:389" \
  --ldap-secondary-url="" \
  --ldap-ssl="false" \
  --ldap-user-class="person" \
  --ldap-user-attr="sAMAccountName" \
  --ldap-group-class="group" \
  --ldap-group-attr="cn" \
  --ldap-member-attr="member" \
  --ldap-dn="distunguishedName" \
  --ldap-base-dn="dc=hdp01,dc=local" \
  --ldap-referral="" \
  --ldap-bind-anonym=false \
  --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
  --ldap-manager-password="myldappassword" \
  --ldap-save-settings \
  --truststore-type="jks" \
  --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
  --truststore-password="mypass"

2.) Ldap sync:
    ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
--ldap-sync-admin-password=admin

3.) Setup Https:
  ambari-server setup-security \ 
    --security-option=setup-https \
    --api-ssl=true --client-api-ssl-port=8443 \ 
    --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
    --import-key-path=/var/lib/ambari-server/keys/my.key \
    --pem-password=password
4.) Encrypt passwords:
  ambari-server setup-security --security-option=encrypt-password 
--master-key=masterkey --master-key-persist=true

5.) Setup Kerberos JAAS:
  ambari-server setup-security --security-option=setup-kerberos-jaas 
--jaas-principal="amb...@example.com" 
--jaas-keytab="/etc/security/keytabs/ambari.keytab"

6.) Setup TrustStore:
    ambari-server setup-security \
      --security-option=setup-truststore \ 
      --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
      --truststore-type=pkcs12 \ 
      --truststore-password=password \
      --truststore-reconfigure
7.) Import certificate to TrustStore:
    ambari-server setup-security \ 
      --security-option=import-certificate \ 
      --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
      --truststore-type=pkcs12 \ 
      --truststore-password=password \ 
      --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
      --import-cert-alias=myalias \ 
      --truststore-reconfigure


Diffs (updated)
-----

  ambari-server/src/main/python/ambari-server.py e0ce37e 
  ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
  ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85 
  ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 
96cd823 
  ambari-server/src/main/python/ambari_server/serverConfiguration.py a259a1f 
  ambari-server/src/main/python/ambari_server/serverSetup.py cbb96d9 
  ambari-server/src/main/python/ambari_server/setupHttps.py ce676d2 
  ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491 
  ambari-server/src/main/python/ambari_server/userInput.py 247ebec 
  ambari-server/src/test/python/TestAmbariServer.py 1356dac 

Diff: https://reviews.apache.org/r/43832/diff/


Testing
-------

Total run:902
Total errors:0
Total failures:0
OK


FT: manually tested on branch-2.2, on trunk its in progress


Thanks,

Oliver Szabo

Reply via email to