subject:"Re\: Review Request 43832\: AMBARI\-14627\: Ability to automate setup\-security and setup\-ldap\/sync\-ldap"

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

2016-04-01 Thread Oliver Szabo


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/
---

(Updated April 1, 2016, 2:36 p.m.)


Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, 
Sumit Mohanty, and Sebastian Toader.


Changes
---

- exit in case of validation error during interactive mode


Bugs: AMBARI-14627
https://issues.apache.org/jira/browse/AMBARI-14627


Repository: ambari


Description (updated)
---

Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses 
'--' flags in order to replace user inputs. (if one of the flag is missing, 
ambari will ask for user input)
Example usage: 

1.) LDAP setup: 
  ambari-server setup-ldap \
  --ldap-url="ldap.hortonworks.com:389" \
  --ldap-secondary-url="" \
  --ldap-ssl="false" \
  --ldap-user-class="person" \
  --ldap-user-attr="sAMAccountName" \
  --ldap-group-class="group" \
  --ldap-group-attr="cn" \
  --ldap-member-attr="member" \
  --ldap-dn="distunguishedName" \
  --ldap-base-dn="dc=hdp01,dc=local" \
  --ldap-referral="" \
  --ldap-bind-anonym=false \
  --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
  --ldap-manager-password="myldappassword" \
  --ldap-save-settings \
  --truststore-type="jks" \
  --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
  --truststore-password="mypass"

2.) Ldap sync:
ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
--ldap-sync-admin-password=admin

3.) Setup Https:
  ambari-server setup-security \ 
--security-option=setup-https \
--api-ssl=true --client-api-ssl-port=8443 \ 
--import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
--import-key-path=/var/lib/ambari-server/keys/my.key \
--pem-password=password
4.) Encrypt passwords:
  ambari-server setup-security --security-option=encrypt-password 
--master-key=masterkey --master-key-persist=true

5.) Setup Kerberos JAAS:
  ambari-server setup-security --security-option=setup-kerberos-jaas 
--jaas-principal="amb...@example.com" 
--jaas-keytab="/etc/security/keytabs/ambari.keytab"

6.) Setup TrustStore:
ambari-server setup-security \
  --security-option=setup-truststore \ 
  --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
  --truststore-type=pkcs12 \ 
  --truststore-password=password \
  --truststore-reconfigure
7.) Import certificate to TrustStore:
ambari-server setup-security \ 
  --security-option=import-certificate \ 
  --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
  --truststore-type=pkcs12 \ 
  --truststore-password=password \ 
  --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
  --import-cert-alias=myalias \ 
  --truststore-reconfigure


Diffs (updated)
-

  ambari-server/src/main/python/ambari-server.py e0ce37e 
  ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
  ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85 
  ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 
96cd823 
  ambari-server/src/main/python/ambari_server/serverConfiguration.py a259a1f 
  ambari-server/src/main/python/ambari_server/serverSetup.py cbb96d9 
  ambari-server/src/main/python/ambari_server/setupHttps.py ce676d2 
  ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491 
  ambari-server/src/main/python/ambari_server/userInput.py 247ebec 
  ambari-server/src/test/python/TestAmbariServer.py 1356dac 

Diff: https://reviews.apache.org/r/43832/diff/


Testing
---

Total run:902
Total errors:0
Total failures:0
OK


FT: manually tested on branch-2.2, on trunk its in progress


Thanks,

Oliver Szabo

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

2016-03-22 Thread Sebastian Toader


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review124742
---


Ship it!




Fix what Daniel raised and ship it.

- Sebastian Toader


On March 16, 2016, 6:14 p.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> ---
> 
> (Updated March 16, 2016, 6:14 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert 
> Levas, Sumit Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-14627
> https://issues.apache.org/jira/browse/AMBARI-14627
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari 
> uses '--' flags in order to replace user inputs. (if one of the flag is 
> missing, ambari will ask for user input)
> Example usage: 
> 
> 1.) LDAP setup: 
>   ambari-server setup-ldap \
>   --ldap-url="ldap.hortonworks.com:389" \
>   --ldap-secondary-url="" \
>   --ldap-ssl="false" \
>   --ldap-user-class="person" \
>   --ldap-user-attr="sAMAccountName" \
>   --ldap-group-class="group" \
>   --ldap-group-attr="cn" \
>   --ldap-member-attr="member" \
>   --ldap-dn="distunguishedName" \
>   --ldap-base-dn="dc=hdp01,dc=local" \
>   --ldap-referral="" \
>   --ldap-bind-anonym=false \
>   --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
>   --ldap-manager-password="myldappassword" \
>   --ldap-save-settings \
>   --truststore-type="jks" \
>   --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
>   --truststore-password="mypass"
> 
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
> --ldap-sync-admin-password=admin
> 
> 3.) Setup Https:
>   ambari-server setup-security \ 
> --security-option=setup-https \
> --security-keys_dir=/var/lib/ambari-server/keys \
> --api-ssl=true --client-api-ssl-port=8443 \ 
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
>   ambari-server setup-security --security-option=encrypt-password 
> --master-key=masterkey --master-key-persist=true
> 
> 5.) Setup Kerberos JAAS:
>   ambari-server setup-security --security-option=setup-kerberos-jaas 
> --jaas-principal="amb...@example.com" 
> --jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 
> 6.) Setup TrustStore:
> ambari-server setup-security \
>   --security-option=setup-truststore \ 
>   --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
>   --truststore-type=pkcs12 \ 
>   --truststore-password=password \
>   --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2 
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \ 
>   --security-option=import-certificate \ 
>   --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
>   --truststore-type=pkcs12 \ 
>   --truststore-password=password \ 
>   --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
>   --import-cert-alias=myalias \ 
>   --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2
> 
> 
> Diffs
> -
> 
>   ambari-server/src/main/python/ambari-server.py bc86d32 
>   ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 
> 59c5d85 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 
> 96cd823 
>   ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e 
>   ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3 
>   ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491 
>   ambari-server/src/main/python/ambari_server/userInput.py 247ebec 
>   ambari-server/src/test/python/TestAmbariServer.py 305ad1a 
> 
> Diff: https://reviews.apache.org/r/43832/diff/
> 
> 
> Testing
> ---
> 
> Total run:902
> Total errors:0
> Total failures:0
> OK
> 
> 
> FT: manually tested on branch-2.2, on trunk its in progress
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

2016-03-21 Thread Daniel Gergely


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review124541
---




ambari-server/src/main/python/ambari_server/userInput.py (lines 99 - 102)


As I see when validator fails for a parameter that value is set from an 
argument, it is asked interactively again.
Is this intentional? When using command line parameters I would expect 
non-interactive behaviour. (e.g. the command is assembled and run by a script)
What do you think of terminating execution with an exit code when 
validation fails for a value that is set as an argument.



ambari-server/src/main/python/ambari_server/userInput.py (lines 111 - 114)


See my comment above


- Daniel Gergely


On márc. 16, 2016, 5:14 du, Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> ---
> 
> (Updated márc. 16, 2016, 5:14 du)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert 
> Levas, Sumit Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-14627
> https://issues.apache.org/jira/browse/AMBARI-14627
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari 
> uses '--' flags in order to replace user inputs. (if one of the flag is 
> missing, ambari will ask for user input)
> Example usage: 
> 
> 1.) LDAP setup: 
>   ambari-server setup-ldap \
>   --ldap-url="ldap.hortonworks.com:389" \
>   --ldap-secondary-url="" \
>   --ldap-ssl="false" \
>   --ldap-user-class="person" \
>   --ldap-user-attr="sAMAccountName" \
>   --ldap-group-class="group" \
>   --ldap-group-attr="cn" \
>   --ldap-member-attr="member" \
>   --ldap-dn="distunguishedName" \
>   --ldap-base-dn="dc=hdp01,dc=local" \
>   --ldap-referral="" \
>   --ldap-bind-anonym=false \
>   --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
>   --ldap-manager-password="myldappassword" \
>   --ldap-save-settings \
>   --truststore-type="jks" \
>   --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
>   --truststore-password="mypass"
> 
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
> --ldap-sync-admin-password=admin
> 
> 3.) Setup Https:
>   ambari-server setup-security \ 
> --security-option=setup-https \
> --security-keys_dir=/var/lib/ambari-server/keys \
> --api-ssl=true --client-api-ssl-port=8443 \ 
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
>   ambari-server setup-security --security-option=encrypt-password 
> --master-key=masterkey --master-key-persist=true
> 
> 5.) Setup Kerberos JAAS:
>   ambari-server setup-security --security-option=setup-kerberos-jaas 
> --jaas-principal="amb...@example.com" 
> --jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 
> 6.) Setup TrustStore:
> ambari-server setup-security \
>   --security-option=setup-truststore \ 
>   --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
>   --truststore-type=pkcs12 \ 
>   --truststore-password=password \
>   --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2 
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \ 
>   --security-option=import-certificate \ 
>   --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
>   --truststore-type=pkcs12 \ 
>   --truststore-password=password \ 
>   --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
>   --import-cert-alias=myalias \ 
>   --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2
> 
> 
> Diffs
> -
> 
>   ambari-server/src/main/python/ambari-server.py bc86d32 
>   ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 
> 59c5d85 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 
> 96cd823 
>   ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e 
>   ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3 
>   ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491 
>   ambari-server/src/main/python/ambari_server/userInput.py 247ebec 
>   ambari-server/src/test/python/TestAmbariServer.py 305ad1a 
> 
> Diff: https://reviews.apache.org/r/43832/diff/
> 
> 
>

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

3 matches

Site Navigation

Mail list logo

Footer information