You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/12/05 07:14:00 UTC

[jira] [Commented] (AMBARI-24986) Use Ambari CLI to enable and disable trusted proxy support in Ambari

    [ https://issues.apache.org/jira/browse/AMBARI-24986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16709679#comment-16709679 ] 

Hudson commented on AMBARI-24986:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #10357 (See [https://builds.apache.org/job/Ambari-trunk-Commit/10357/])
AMBARI-24986. Using Ambari server's CLI to enable/disable Trusted Proxy (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=02e7b56aff1acee1f1acb5647be48f7566bd89d0])
* (edit) ambari-server/src/main/python/ambari-server.py
* (edit) ambari-server/sbin/ambari-server
* (add) ambari-server/src/test/python/TestSetupTrustedProxy.py
* (add) ambari-server/src/main/python/ambari_server/setupTrustedProxy.py
* (edit) ambari-server/src/main/python/ambari_server/setupActions.py


> Use Ambari CLI to enable and disable trusted proxy support in Ambari
> --------------------------------------------------------------------
>
>                 Key: AMBARI-24986
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24986
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.8.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.8.0
>
>          Time Spent: 4.5h
>  Remaining Estimate: 0h
>
> Use Ambari CLI to enable and disable trusted proxy support in Ambari.
> Information needed to be collected:
>  * Enable/Disable trusted proxy support
>  ** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
>  * Trusted proxy user (the authenticated user allowed to declare a proxied user) details - One or more may be specified
>  ** hosts from which the proxy user can connect
>  *** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited list of hostname, ip address, CIDR Notation (intermixed is ok)
>  ** users allowed to be specified as proxied users by the proxy user
>  *** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited list of usernames
>  ** group for which users to be proxied are members
>  *** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited list of group names
> {noformat}
> [root@c7402 ~]# ambari-server  setup-trusted-proxy
> Using python  /usr/bin/python
> Enter Ambari Admin login: admin
> Enter Ambari Admin password:
> Fetching Trusted Proxy configuration from DB.
> Trusted Proxy support is currently disabled
> Do you want to configure Trusted Proxy support [y/n] (y)?  y
> The proxy user's (local) username? knox  
> Allowed hosts for knox (*)? knox.ambari.apache.org
> Allowed users for knox (*)? *
> Allowed groups for knox (*)? users
> Add another proxy user [y/n]?  y
> The proxy user's (local) username? admin  
> Allowed hosts for admin (*)? 192.168.74.0/24 
> Allowed users for admin (*)? tom, sam, admin
> Allowed groups for admin (*)? admin_users
> Add another proxy user [y/n]?  n
> Save settings [y/n] (y)? y
> Saving Trusted Proxy configuration...
> Saving Trusted Proxy configuration finished
> Ambari Server ' setup-trusted-proxy' completed successfully.
> {noformat}
> The REST API calls to get and set the trusted proxy configurations are
> {noformat:title=GET request}
> GET /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
> {noformat}
> {noformat:title=GET example response}
> {
>   "href" : "http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration",
>   "Configuration" : {
>     "category" : "tproxy-configuration",
>     "component_name" : "AMBARI_SERVER",
>     "service_name" : "AMBARI",
>     "properties" : {
>       "ambari.tproxy.authentication.enabled" : "true",
>       "ambari.tproxy.proxyuser.admin.groups" : "admin_users",
>       "ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
>       "ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
>       "ambari.tproxy.proxyuser.knox.groups" : "users",
>       "ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
>       "ambari.tproxy.proxyuser.knox.users" : "*"
>     },
>     "property_types" : {
>       "ambari.tproxy.authentication.enabled" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
>       "ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
>     }
>   }
> }
> {noformat}
> {noformat:title=POST request}
> POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
> {
>   "Configuration": {    
>     "category" : "tproxy-configuration",
>     "properties": {
>       "ambari.tproxy.authentication.enabled" : "true",
>       "ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
>       "ambari.tproxy.proxyuser.knox.users": "*",
>       "ambari.tproxy.proxyuser.knox.groups": "users",
>       "ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
>       "ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
>       "ambari.tproxy.proxyuser.admin.groups": "admin_users"
>     }
>   }
> }{noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)