You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/12/05 07:14:00 UTC
[jira] [Commented] (AMBARI-24986) Use Ambari CLI to enable and
disable trusted proxy support in Ambari
[ https://issues.apache.org/jira/browse/AMBARI-24986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16709679#comment-16709679 ]
Hudson commented on AMBARI-24986:
---------------------------------
FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #10357 (See [https://builds.apache.org/job/Ambari-trunk-Commit/10357/])
AMBARI-24986. Using Ambari server's CLI to enable/disable Trusted Proxy (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=02e7b56aff1acee1f1acb5647be48f7566bd89d0])
* (edit) ambari-server/src/main/python/ambari-server.py
* (edit) ambari-server/sbin/ambari-server
* (add) ambari-server/src/test/python/TestSetupTrustedProxy.py
* (add) ambari-server/src/main/python/ambari_server/setupTrustedProxy.py
* (edit) ambari-server/src/main/python/ambari_server/setupActions.py
> Use Ambari CLI to enable and disable trusted proxy support in Ambari
> --------------------------------------------------------------------
>
> Key: AMBARI-24986
> URL: https://issues.apache.org/jira/browse/AMBARI-24986
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.8.0
>
> Time Spent: 4.5h
> Remaining Estimate: 0h
>
> Use Ambari CLI to enable and disable trusted proxy support in Ambari.
> Information needed to be collected:
> * Enable/Disable trusted proxy support
> ** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
> * Trusted proxy user (the authenticated user allowed to declare a proxied user) details - One or more may be specified
> ** hosts from which the proxy user can connect
> *** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited list of hostname, ip address, CIDR Notation (intermixed is ok)
> ** users allowed to be specified as proxied users by the proxy user
> *** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited list of usernames
> ** group for which users to be proxied are members
> *** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited list of group names
> {noformat}
> [root@c7402 ~]# ambari-server setup-trusted-proxy
> Using python /usr/bin/python
> Enter Ambari Admin login: admin
> Enter Ambari Admin password:
> Fetching Trusted Proxy configuration from DB.
> Trusted Proxy support is currently disabled
> Do you want to configure Trusted Proxy support [y/n] (y)? y
> The proxy user's (local) username? knox
> Allowed hosts for knox (*)? knox.ambari.apache.org
> Allowed users for knox (*)? *
> Allowed groups for knox (*)? users
> Add another proxy user [y/n]? y
> The proxy user's (local) username? admin
> Allowed hosts for admin (*)? 192.168.74.0/24
> Allowed users for admin (*)? tom, sam, admin
> Allowed groups for admin (*)? admin_users
> Add another proxy user [y/n]? n
> Save settings [y/n] (y)? y
> Saving Trusted Proxy configuration...
> Saving Trusted Proxy configuration finished
> Ambari Server ' setup-trusted-proxy' completed successfully.
> {noformat}
> The REST API calls to get and set the trusted proxy configurations are
> {noformat:title=GET request}
> GET /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
> {noformat}
> {noformat:title=GET example response}
> {
> "href" : "http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration",
> "Configuration" : {
> "category" : "tproxy-configuration",
> "component_name" : "AMBARI_SERVER",
> "service_name" : "AMBARI",
> "properties" : {
> "ambari.tproxy.authentication.enabled" : "true",
> "ambari.tproxy.proxyuser.admin.groups" : "admin_users",
> "ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
> "ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
> "ambari.tproxy.proxyuser.knox.groups" : "users",
> "ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
> "ambari.tproxy.proxyuser.knox.users" : "*"
> },
> "property_types" : {
> "ambari.tproxy.authentication.enabled" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
> "ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
> }
> }
> }
> {noformat}
> {noformat:title=POST request}
> POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
> {
> "Configuration": {
> "category" : "tproxy-configuration",
> "properties": {
> "ambari.tproxy.authentication.enabled" : "true",
> "ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
> "ambari.tproxy.proxyuser.knox.users": "*",
> "ambari.tproxy.proxyuser.knox.groups": "users",
> "ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
> "ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
> "ambari.tproxy.proxyuser.admin.groups": "admin_users"
> }
> }
> }{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)