[ https://issues.apache.org/jira/browse/AMBARI-24986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar resolved AMBARI-24986. ------------------------------------ Resolution: Fixed > Use Ambari CLI to enable and disable trusted proxy support in Ambari > -------------------------------------------------------------------- > > Key: AMBARI-24986 > URL: https://issues.apache.org/jira/browse/AMBARI-24986 > Project: Ambari > Issue Type: Task > Components: ambari-server > Affects Versions: 2.8.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Major > Labels: pull-request-available > Fix For: 2.8.0 > > Time Spent: 4.5h > Remaining Estimate: 0h > > Use Ambari CLI to enable and disable trusted proxy support in Ambari. > Information needed to be collected: > * Enable/Disable trusted proxy support > ** {{ambari.tproxy.authentication.enabled}} : "true"|"false" > * Trusted proxy user (the authenticated user allowed to declare a proxied > user) details - One or more may be specified > ** hosts from which the proxy user can connect > *** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited > list of hostname, ip address, CIDR Notation (intermixed is ok) > ** users allowed to be specified as proxied users by the proxy user > *** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited > list of usernames > ** group for which users to be proxied are members > *** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited > list of group names > {noformat} > [root@c7402 ~]# ambari-server setup-trusted-proxy > Using python /usr/bin/python > Enter Ambari Admin login: admin > Enter Ambari Admin password: > Fetching Trusted Proxy configuration from DB. > Trusted Proxy support is currently disabled > Do you want to configure Trusted Proxy support [y/n] (y)? y > The proxy user's (local) username? knox > Allowed hosts for knox (*)? knox.ambari.apache.org > Allowed users for knox (*)? * > Allowed groups for knox (*)? users > Add another proxy user [y/n]? y > The proxy user's (local) username? admin > Allowed hosts for admin (*)? 192.168.74.0/24 > Allowed users for admin (*)? tom, sam, admin > Allowed groups for admin (*)? admin_users > Add another proxy user [y/n]? n > Save settings [y/n] (y)? y > Saving Trusted Proxy configuration... > Saving Trusted Proxy configuration finished > Ambari Server ' setup-trusted-proxy' completed successfully. > {noformat} > The REST API calls to get and set the trusted proxy configurations are > {noformat:title=GET request} > GET > /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration > {noformat} > {noformat:title=GET example response} > { > "href" : > "http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration", > "Configuration" : { > "category" : "tproxy-configuration", > "component_name" : "AMBARI_SERVER", > "service_name" : "AMBARI", > "properties" : { > "ambari.tproxy.authentication.enabled" : "true", > "ambari.tproxy.proxyuser.admin.groups" : "admin_users", > "ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24", > "ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin", > "ambari.tproxy.proxyuser.knox.groups" : "users", > "ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org", > "ambari.tproxy.proxyuser.knox.users" : "*" > }, > "property_types" : { > "ambari.tproxy.authentication.enabled" : "PLAINTEXT", > "ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT", > "ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT", > "ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT", > "ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT", > "ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT", > "ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT" > } > } > } > {noformat} > {noformat:title=POST request} > POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations > { > "Configuration": { > "category" : "tproxy-configuration", > "properties": { > "ambari.tproxy.authentication.enabled" : "true", > "ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org", > "ambari.tproxy.proxyuser.knox.users": "*", > "ambari.tproxy.proxyuser.knox.groups": "users", > "ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24", > "ambari.tproxy.proxyuser.admin.users": "sam, tom, admin", > "ambari.tproxy.proxyuser.admin.groups": "admin_users" > } > } > }{noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)