You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2016/04/04 11:12:16 UTC
[1/2] ambari git commit: AMBARI-14627. Ability to automate
setup-security and setup-ldap/sync-ldap (oleewere)
Repository: ambari
Updated Branches:
refs/heads/trunk 62f1982b7 -> 79175d033
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 1356dac..091869f 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -294,6 +294,7 @@ class TestAmbariServer(TestCase):
args = ["setup-security"]
opm.parse_args.return_value = (options, args)
options.dbms = None
+ options.security_option = "setup-security"
options.sid_or_sname = "sid"
setup_security_method.return_value = None
@@ -315,7 +316,7 @@ class TestAmbariServer(TestCase):
setup_truststore_mock, setup_master_key_mock,
setup_ambari_krb5_jaas_mock):
- args = {}
+ args = self._create_empty_options_mock()
get_validated_string_input_mock.return_value = '1'
_ambari_server_.setup_security(args)
self.assertTrue(setup_https_mock.called)
@@ -352,7 +353,7 @@ class TestAmbariServer(TestCase):
# Negative case
try:
- setup_ambari_krb5_jaas()
+ setup_ambari_krb5_jaas(self._create_empty_options_mock())
self.fail("Should throw exception")
except NonFatalException as fe:
# Expected
@@ -367,7 +368,7 @@ class TestAmbariServer(TestCase):
fileinput_mock.return_value = [ 'keyTab=xyz', 'principal=xyz' ]
- setup_ambari_krb5_jaas()
+ setup_ambari_krb5_jaas(self._create_empty_options_mock())
self.assertTrue(fileinput_mock.called)
self.assertTrue(re_sub_mock.called)
@@ -385,7 +386,7 @@ class TestAmbariServer(TestCase):
def test_main_test_setup(self, OptionParserMock, reset_method, stop_method,
start_method, setup_method, exit_mock):
opm = OptionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["setup"]
opm.parse_args.return_value = (options, args)
@@ -407,7 +408,7 @@ class TestAmbariServer(TestCase):
reset_method.reset_mock()
exit_mock.reset_mock()
args = ["setup", "-v"]
- options = MagicMock()
+ options = self._create_empty_options_mock()
opm.parse_args.return_value = (options, args)
options.dbms = None
options.sid_or_sname = "sid"
@@ -428,7 +429,7 @@ class TestAmbariServer(TestCase):
reset_method.reset_mock()
exit_mock.reset_mock()
args = ["setup"]
- options = MagicMock()
+ options = self._create_empty_options_mock()
opm.parse_args.return_value = (options, args)
options.dbms = None
options.sid_or_sname = "sid"
@@ -449,7 +450,7 @@ class TestAmbariServer(TestCase):
@patch("optparse.OptionParser")
def test_main_with_preset_dbms(self, optionParserMock, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["setup"]
opm.parse_args.return_value = (options, args)
@@ -467,7 +468,7 @@ class TestAmbariServer(TestCase):
@patch("optparse.OptionParser")
def test_fix_database_options_called(self, optionParserMock, fixDBOptionsMock, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["setup"]
opm.parse_args.return_value = (options, args)
@@ -487,7 +488,7 @@ class TestAmbariServer(TestCase):
def test_main_test_start(self, optionParserMock, reset_method, stop_method,
start_method, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["setup"]
opm.parse_args.return_value = (options, args)
@@ -617,7 +618,7 @@ class TestAmbariServer(TestCase):
def test_main_test_backup(self, optionParserMock, restore_mock, backup_mock, reset_method, stop_method,
start_method, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["backup"]
opm.parse_args.return_value = (options, args)
@@ -649,7 +650,7 @@ class TestAmbariServer(TestCase):
def test_main_test_restore(self, optionParserMock, restore_mock, backup_mock, reset_method, stop_method,
start_method, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["restore"]
opm.parse_args.return_value = (options, args)
@@ -678,7 +679,7 @@ class TestAmbariServer(TestCase):
def test_main_test_stop(self, optionParserMock, reset_method, is_server_runing_method,
start_method, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
del options.exit_message
args = ["stop"]
@@ -743,7 +744,7 @@ class TestAmbariServer(TestCase):
start_method, setup_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
args = ["reset"]
opm.parse_args.return_value = (options, args)
options.dbms = None
@@ -1462,7 +1463,7 @@ class TestAmbariServer(TestCase):
@patch("ambari_server.serverSetup.run_os_command")
def test_create_custom_user(self, run_os_command_mock, print_warning_msg_mock,
print_info_msg_mock, get_validated_string_input_mock):
- options = MagicMock()
+ options = self._create_empty_options_mock()
user = "dummy-user"
get_validated_string_input_mock.return_value = user
@@ -1607,8 +1608,7 @@ class TestAmbariServer(TestCase):
adjust_directory_permissions_mock.reset_mock()
pass
-
- options = MagicMock()
+ options = self._create_empty_options_mock()
run_os_command_mock.return_value = (0, "", "")
@@ -1951,9 +1951,10 @@ class TestAmbariServer(TestCase):
command = "command"
property = "use_ssl"
alias = "alias"
+ options = self._create_empty_options_mock()
#Silent mode
set_silent(True)
- setup_truststore()
+ setup_truststore(options)
self.assertEqual('setup-security is not enabled in silent mode.\n', out.getvalue())
sys.stdout = sys.__stdout__
#Verbouse mode and jdk_path is None
@@ -1962,14 +1963,14 @@ class TestAmbariServer(TestCase):
# Dont disable ssl
get_YN_input_mock.side_effect = [False]
get_validated_string_input_mock.return_value = "alias"
- setup_truststore()
+ setup_truststore(options)
self.assertTrue(get_YN_input_mock.called)
p.get_property.reset_mock()
get_YN_input_mock.reset_mock()
# Cant find jdk
find_jdk_mock.return_value = None
try:
- setup_truststore()
+ setup_truststore(options)
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -1983,7 +1984,7 @@ class TestAmbariServer(TestCase):
get_and_persist_truststore_path_mock.return_value = "/truststore_path"
get_and_persist_truststore_password_mock.return_value = "/truststore_password"
get_delete_cert_command_mock.return_value = "rm -f"
- setup_truststore(True)
+ setup_truststore(options, True)
self.assertTrue(get_and_persist_truststore_path_mock.called)
self.assertTrue(get_and_persist_truststore_password_mock.called)
@@ -2003,7 +2004,7 @@ class TestAmbariServer(TestCase):
#Verbouse mode and jdk_path is not None (use_https = false) and import cert
p.get_property.side_effect = ["false"]
get_YN_input_mock.side_effect = [True,True]
- setup_truststore(True)
+ setup_truststore(options, True)
self.assertTrue(get_and_persist_truststore_type_mock.called)
self.assertTrue(get_and_persist_truststore_path_mock.called)
@@ -2069,11 +2070,12 @@ class TestAmbariServer(TestCase):
#Test preconditions
get_silent_mock.return_value = False
find_jdk_mock.return_value = "/path"
+ options = self._create_empty_options_mock()
#Reconfiguration allowed by the user
reset_mocks()
get_YN_input_mock.side_effect = [True, True, True]
- setup_truststore()
+ setup_truststore(options)
self.assertTrue(get_and_persist_truststore_type_mock.called)
self.assertTrue(get_and_persist_truststore_path_mock.called)
self.assertTrue(get_and_persist_truststore_password_mock.called)
@@ -2081,7 +2083,7 @@ class TestAmbariServer(TestCase):
#Reconfiguration disallowed by the user
reset_mocks()
get_YN_input_mock.side_effect = [True, False]
- setup_truststore()
+ setup_truststore(options)
self.assertTrue(get_and_persist_truststore_type_mock.called)
self.assertTrue(get_and_persist_truststore_path_mock.called)
self.assertTrue(get_and_persist_truststore_password_mock.called)
@@ -2089,7 +2091,7 @@ class TestAmbariServer(TestCase):
#Reconfiguration should be disabled when 'import_cert' flag is 'True'
reset_mocks()
get_YN_input_mock.side_effect = [True, True]
- setup_truststore(True)
+ setup_truststore(options, True)
self.assertTrue(get_and_persist_truststore_type_mock.called)
self.assertTrue(get_and_persist_truststore_path_mock.called)
self.assertTrue(get_and_persist_truststore_password_mock.called)
@@ -2118,10 +2120,15 @@ class TestAmbariServer(TestCase):
is_valid_cert_exp_mock.return_value = True
is_valid_cert_host_mock.return_value = True
- args = MagicMock()
open_Mock.return_value = file
p = get_ambari_properties_mock.return_value
+ args = MagicMock()
+ args.api_ssl_port = None
+ args.api_ssl = None
+ args.import_cert_path = None
+ args.import_key_path = None
+ args.pem_password = None
# Testing call under root
is_root_mock.return_value = True
read_ambari_user_method.return_value = "user"
@@ -2276,7 +2283,8 @@ class TestAmbariServer(TestCase):
expect_process_pair = "[call('client.api.ssl.cert_name', 'https.crt'),\n" + \
" call('client.api.ssl.key_name', 'https.key'),\n" + \
" call('api.ssl', 'true')]"
- import_cert_and_key_action("key_dir", properties)
+ options = self._create_empty_options_mock()
+ import_cert_and_key_action("key_dir", properties, options)
self.assertEqual(str(properties.process_pair.call_args_list), \
expect_process_pair)
@@ -2295,7 +2303,7 @@ class TestAmbariServer(TestCase):
@patch("ambari_server.setupHttps.get_validated_string_input")
@patch("ambari_server.setupHttps.is_valid_cert_host")
@patch("ambari_server.setupHttps.is_valid_cert_exp")
- def test_import_cert_and_key(self, is_valid_cert_exp_mock, \
+ def test_ambariServerSetupWithCustomDbName(self, is_valid_cert_exp_mock, \
is_valid_cert_host_mock, \
get_validated_string_input_mock, \
raw_input_mock, \
@@ -2325,8 +2333,8 @@ class TestAmbariServer(TestCase):
" 'keystore_cert_file_path'),\n" + \
" call('key_file_path'," + \
" 'keystore_cert_key_file_path')]"
-
- import_cert_and_key("key_dir")
+ options = self._create_empty_options_mock()
+ import_cert_and_key("key_dir", options)
self.assertTrue(raw_input_mock.call_count == 2)
self.assertTrue(get_validated_string_input_mock.called)
self.assertEqual(os_path_join_mock.call_count, 8)
@@ -2376,8 +2384,8 @@ class TestAmbariServer(TestCase):
" 'keystore_cert_file_path'),\n" + \
" call('key_file_path.secured'," + \
" 'keystore_cert_key_file_path')]"
-
- import_cert_and_key("key_dir")
+ options = self._create_empty_options_mock()
+ import_cert_and_key("key_dir", options)
self.assertEquals(get_validated_filepath_input_mock.call_count, 2)
self.assertTrue(get_validated_string_input_mock.called)
self.assertEquals(os_path_join_mock.call_count, 8)
@@ -2414,13 +2422,13 @@ class TestAmbariServer(TestCase):
os_path_join_mock.return_value = ''
is_root_mock.return_value = True
-
+ options = self._create_empty_options_mock()
#provided password doesn't match, openssl command returns an error
run_os_command_mock.return_value = (1, "", "Some error message")
- self.assertFalse(import_cert_and_key_action(*["key_dir", None]))
- self.assertFalse(import_cert_and_key("key_dir"))
+ self.assertFalse(import_cert_and_key_action(*["key_dir", None, options]))
+ self.assertFalse(import_cert_and_key("key_dir", options))
pass
def test_is_valid_cert_exp(self):
@@ -3152,7 +3160,7 @@ class TestAmbariServer(TestCase):
self.assertEqual(dbmsConfig.database_password, "bigdata")
self.assertEqual(dbmsConfig.sid_or_sname, "sid")
- dbmsConfig.configure_database(props)
+ dbmsConfig.configure_database(props, args)
self.assertEqual(dbmsConfig.database_username, "ambari-server")
self.assertEqual(dbmsConfig.sid_or_sname, "sname")
@@ -3222,7 +3230,7 @@ class TestAmbariServer(TestCase):
isdir_mock.return_value = False
- dbmsConfig.configure_database(props)
+ dbmsConfig.configure_database(props, args)
self.assertEqual(dbmsConfig.database_username, "ambari-server")
self.assertEqual(dbmsConfig.database_password, "password")
@@ -3290,7 +3298,7 @@ class TestAmbariServer(TestCase):
self.assertEqual(dbmsConfig.database_username, "ambari")
self.assertEqual(dbmsConfig.database_password, "bigdata")
- dbmsConfig.configure_database(props)
+ dbmsConfig.configure_database(props, args)
self.assertEqual(dbmsConfig.database_username, "ambari-server")
self.assertEqual(dbmsConfig.database_password, "password")
@@ -3375,9 +3383,9 @@ class TestAmbariServer(TestCase):
dbConfig._prompt_db_properties()
if dbConfig._is_local_database():
- dbConfig._setup_local_server(properties)
+ dbConfig._setup_local_server(properties, None)
else:
- dbConfig._setup_remote_server(properties)
+ dbConfig._setup_remote_server(properties, None)
if i == 0:
# Postgres Embedded
@@ -5728,7 +5736,7 @@ class TestAmbariServer(TestCase):
get_YN_input("prompt", "default")
self.assertTrue(get_choice_string_input_mock.called)
- self.assertEqual(4, len(get_choice_string_input_mock.call_args_list[0][0]))
+ self.assertEqual(5, len(get_choice_string_input_mock.call_args_list[0][0]))
pass
@not_for_platform(PLATFORM_WINDOWS)
@@ -6218,7 +6226,7 @@ class TestAmbariServer(TestCase):
factory = DBMSConfigFactory()
dbConfig = factory.create(args, properties0)
- dbConfig._store_remote_properties(properties)
+ dbConfig._store_remote_properties(properties, None)
found = False
for n in properties.propertyNames():
@@ -6239,7 +6247,7 @@ class TestAmbariServer(TestCase):
factory = DBMSConfigFactory()
dbConfig = factory.create(args, properties0)
- dbConfig._store_remote_properties(properties)
+ dbConfig._store_remote_properties(properties, args)
# verify MySQL properties
self.assertEquals("c3p0", properties.get_property(JDBC_CONNECTION_POOL_TYPE))
@@ -6730,7 +6738,8 @@ class TestAmbariServer(TestCase):
get_is_secure_method.return_value = False
exists_mock.return_value = False
- setup_master_key(MagicMock())
+ options = self._create_empty_options_mock()
+ setup_master_key(options)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
@@ -6796,7 +6805,8 @@ class TestAmbariServer(TestCase):
exists_mock.return_value = False
save_passwd_for_alias_method.return_value = 0
- setup_master_key(MagicMock())
+ options = self._create_empty_options_mock()
+ setup_master_key(options)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
@@ -6858,7 +6868,9 @@ class TestAmbariServer(TestCase):
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
- setup_master_key(MagicMock())
+
+ options = self._create_empty_options_mock()
+ setup_master_key(options)
self.assertTrue(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
@@ -6964,7 +6976,8 @@ class TestAmbariServer(TestCase):
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (True, "filePath")
- setup_master_key(MagicMock())
+ options = self._create_empty_options_mock()
+ setup_master_key(options)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
@@ -7097,7 +7110,8 @@ class TestAmbariServer(TestCase):
set_silent(False)
get_YN_input_method.return_value = True
- setup_ldap()
+ options = self._create_empty_options_mock()
+ setup_ldap(options)
ldap_properties_map = TestAmbariServer._init_test_ldap_properties_map_invalid_input_1()
@@ -7111,7 +7125,7 @@ class TestAmbariServer(TestCase):
raw_input_mock.reset_mock()
raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'follow', 'true']
- setup_ldap()
+ setup_ldap(options)
ldap_properties_map = TestAmbariServer._init_test_ldap_properties_map_invalid_input_2()
@@ -7190,11 +7204,11 @@ class TestAmbariServer(TestCase):
out = StringIO.StringIO()
sys.stdout = out
-
+ options = self._create_empty_options_mock()
# Testing call under non-root
is_root_method.return_value = False
try:
- setup_ldap()
+ setup_ldap(options)
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -7234,7 +7248,7 @@ class TestAmbariServer(TestCase):
get_validated_string_input_method.side_effect = valid_input_side_effect
- setup_ldap()
+ setup_ldap(options)
ldap_properties_map = TestAmbariServer._init_test_ldap_properties_map()
@@ -7282,7 +7296,9 @@ class TestAmbariServer(TestCase):
get_YN_input_method.side_effect = [True, True]
update_properties_method.reset_mock()
- setup_ldap()
+ options.ldap_url = None
+ options.ldap_member_attr = None
+ setup_ldap(options)
self.assertTrue(read_password_method.called)
@@ -7334,11 +7350,9 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
- options.ldap_sync_users = None
- options.ldap_sync_groups = None
sync_ldap(options)
@@ -7382,7 +7396,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = False
options.ldap_sync_existing = False
options.ldap_sync_users = 'users.txt'
@@ -7428,7 +7442,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = False
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7470,7 +7484,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7510,7 +7524,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = False
options.ldap_sync_existing = True
options.ldap_sync_users = None
@@ -7545,7 +7559,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
del options.ldap_sync_all
del options.ldap_sync_existing
del options.ldap_sync_users
@@ -7580,7 +7594,7 @@ class TestAmbariServer(TestCase):
urlopen_mock.return_value = response
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = False
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7604,7 +7618,7 @@ class TestAmbariServer(TestCase):
is_server_runing_method, is_root_method,
encodestring_method, request_constructor, urlopen_method):
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7664,7 +7678,7 @@ class TestAmbariServer(TestCase):
def test_sync_ldap_ambari_stopped(self, is_root_method):
is_root_method.return_value = False
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7685,7 +7699,7 @@ class TestAmbariServer(TestCase):
is_root_method.return_value = True
is_server_runing_method.return_value = (None, None)
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
options.ldap_sync_users = None
@@ -7712,7 +7726,7 @@ class TestAmbariServer(TestCase):
configs.get_property.return_value = None
get_ambari_properties_method.return_value = configs
- options = MagicMock()
+ options = self._create_empty_options_mock()
options.ldap_sync_all = True
del options.ldap_sync_existing
del options.ldap_sync_users
@@ -7753,8 +7767,8 @@ class TestAmbariServer(TestCase):
out = StringIO.StringIO()
sys.stdout = out
read_password_method.return_value = "blah"
-
- configure_ldap_password()
+ options = self._create_empty_options_mock()
+ configure_ldap_password(options)
self.assertTrue(read_password_method.called)
@@ -8151,6 +8165,25 @@ class TestAmbariServer(TestCase):
self.assertFalse(is_valid_filepath(''))
pass
+ @patch("ambari_server.setupSecurity.search_file")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ def test_setup_ambari_krb5_jaas_with_options(self, get_validated_string_input_mock,
+ search_file_mock):
+ options = self._create_empty_options_mock()
+ options.jaas_keytab = '/kerberos/admin.keytab'
+
+ temp_file = tempfile.NamedTemporaryFile(mode='r')
+ search_file_mock.return_value = temp_file.name
+ get_validated_string_input_mock.side_effect = ['adm@EXAMPLE.COM', temp_file]
+
+ self.assertEqual(None, setup_ambari_krb5_jaas(options))
+ self.assertTrue(get_validated_string_input_mock.called)
+ self.assertEqual(get_validated_string_input_mock.call_count, 2)
+ get_validated_string_input_mock.assert_called_with("Enter keytab path for ambari server's kerberos principal: ",
+ '/etc/security/keytabs/ambari.keytab', '.*', False, False,
+ validatorFunction = is_valid_filepath, answer='/kerberos/admin.keytab')
+ pass
+
@patch("os.listdir")
@patch("os.path.exists")
@patch("ambari_server.serverUpgrade.load_stack_values")
@@ -8385,7 +8418,7 @@ class TestAmbariServer(TestCase):
@patch("optparse.OptionParser")
def test_main_test_status_running(self, optionParserMock, is_server_runing_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
del options.exit_message
args = ["status"]
@@ -8411,7 +8444,7 @@ class TestAmbariServer(TestCase):
@patch("optparse.OptionParser")
def test_main_test_status_not_running(self, optionParserMock, is_server_runing_method):
opm = optionParserMock.return_value
- options = MagicMock()
+ options = self._create_empty_options_mock()
del options.exit_message
args = ["status"]
@@ -8430,5 +8463,41 @@ class TestAmbariServer(TestCase):
self.assertTrue(is_server_runing_method.called)
pass
+ def _create_empty_options_mock(self):
+ options = MagicMock()
+ options.ldap_url = None
+ options.ldap_secondary_url = None
+ options.ldap_ssl = None
+ options.ldap_user_class = None
+ options.ldap_user_attr = None
+ options.ldap_group_class = None
+ options.ldap_group_attr = None
+ options.ldap_member_attr = None
+ options.ldap_dn = None
+ options.ldap_base_dn = None
+ options.ldap_manager_dn = None
+ options.ldap_manager_password = None
+ options.ldap_save_settings = None
+ options.ldap_referral = None
+ options.ldap_bind_anonym = None
+ options.ldap_sync_admin_name = None
+ options.ldap_sync_admin_password = None
+ options.custom_trust_store = None
+ options.trust_store_type = None
+ options.trust_store_path = None
+ options.trust_store_password = None
+ options.security_option = None
+ options.api_ssl = None
+ options.api_ssl_port = None
+ options.import_cert_path = None
+ options.import_cert_alias = None
+ options.pem_password = None
+ options.import_key_path = None
+ options.master_key = None
+ options.master_key_persist = None
+ options.jaas_principal = None
+ options.jaas_keytab = None
+ return options
+
[2/2] ambari git commit: AMBARI-14627. Ability to automate
setup-security and setup-ldap/sync-ldap (oleewere)
Posted by ol...@apache.org.
AMBARI-14627. Ability to automate setup-security and setup-ldap/sync-ldap (oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/79175d03
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/79175d03
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/79175d03
Branch: refs/heads/trunk
Commit: 79175d03373486b9d50dac745f7d1c8e31e1980f
Parents: 62f1982
Author: oleewere <ol...@gmail.com>
Authored: Mon Apr 4 11:10:33 2016 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Mon Apr 4 11:10:33 2016 +0200
----------------------------------------------------------------------
ambari-server/src/main/python/ambari-server.py | 99 ++++++---
.../python/ambari_server/dbConfiguration.py | 14 +-
.../ambari_server/dbConfiguration_linux.py | 36 ++--
.../ambari_server/dbConfiguration_windows.py | 14 +-
.../python/ambari_server/serverConfiguration.py | 31 +--
.../main/python/ambari_server/serverSetup.py | 2 +-
.../src/main/python/ambari_server/setupHttps.py | 91 ++++----
.../main/python/ambari_server/setupSecurity.py | 145 +++++++------
.../src/main/python/ambari_server/userInput.py | 53 +++--
.../src/test/python/TestAmbariServer.py | 207 ++++++++++++-------
10 files changed, 429 insertions(+), 263 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index e0ce37e..e34467c 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -203,49 +203,55 @@ def refresh_stack_hash_action():
@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
def create_setup_security_actions(args):
action_list = [
- ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
- ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
- ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
- ['Setup truststore.', UserActionRestart(setup_truststore)],
- ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
+ ['setup-https', 'Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+ ['encrypt-passwords', 'Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
+ ['setup-kerberos-jaas', 'Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas, args)],
+ ['setup-truststore', 'Setup truststore.', UserActionRestart(setup_truststore, args)],
+ ['import-certificate', 'Import certificate to truststore.', UserActionRestart(setup_truststore, True, args)],
]
return action_list
@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
def create_setup_security_actions(args):
action_list = [
- ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
- ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
- ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
- ['Setup truststore.', UserActionRestart(setup_truststore)],
- ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
+ ['setup-https', 'Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+ ['encrypt-passwords', 'Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key, args)],
+ ['setup-kerberos-jaas', 'Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas, args)],
+ ['setup-truststore', 'Setup truststore.', UserActionRestart(setup_truststore, args)],
+ ['import-certificate', 'Import certificate to truststore.', UserActionRestart(setup_truststore, args, True)],
]
return action_list
def setup_security(args):
actions = create_setup_security_actions(args)
-
- #Print menu options
- print '=' * 75
- print 'Choose one of the following options: '
-
- iAction = 0
- for actionDesc in actions:
- iAction += 1
- print ' [{0}] {1}'.format(iAction, actionDesc[0])
- print '=' * 75
-
- choice_prompt = 'Enter choice, (1-{0}): '.format(iAction)
- choice_re = '[1-{0}]'.format(iAction)
- choice = get_validated_string_input(choice_prompt, '0', choice_re,
- 'Invalid choice', False, False)
+ choice = None
+ if args.security_option is not None:
+ optionCounter = 0
+ for actionDesc in actions:
+ optionCounter += 1
+ if actionDesc[0] == args.security_option:
+ choice = optionCounter
+ if choice is None:
+ # Print menu options
+ print '=' * 75
+ print 'Choose one of the following options: '
+ iAction = 0
+ for actionDesc in actions:
+ iAction += 1
+ print ' [{0}] {1}'.format(iAction, actionDesc[1])
+ print '=' * 75
+
+ choice_prompt = 'Enter choice, (1-{0}): '.format(iAction)
+ choice_re = '[1-{0}]'.format(iAction)
+ choice = get_validated_string_input(choice_prompt, '0', choice_re,
+ 'Invalid choice', False, False)
try:
actionDesc = actions[int(choice) - 1]
except IndexError:
raise FatalException(1, 'Unknown option for setup-security command.')
- action = actionDesc[1]
+ action = actionDesc[2]
action.execute()
return action.need_restart
@@ -407,6 +413,43 @@ def init_parser_options(parser):
dest="purge")
parser.add_option('--force', action="store_true", default=False, help="Force install management pack", dest="force")
+ parser.add_option('--ldap-url', default=None, help="Primary url for LDAP", dest="ldap_url")
+ parser.add_option('--ldap-secondary-url', default=None, help="Secondary url for LDAP", dest="ldap_secondary_url")
+ parser.add_option('--ldap-ssl', default=None, help="Use SSL [true/false] for LDAP", dest="ldap_ssl")
+ parser.add_option('--ldap-user-class', default=None, help="User Attribute Object Class for LDAP", dest="ldap_user_class")
+ parser.add_option('--ldap-user-attr', default=None, help="User Attribute Name for LDAP", dest="ldap_user_attr")
+ parser.add_option('--ldap-group-class', default=None, help="Group Attribute Object Class for LDAP", dest="ldap_group_class")
+ parser.add_option('--ldap-group-attr', default=None, help="Group Attribute Name for LDAP", dest="ldap_group_attr")
+ parser.add_option('--ldap-member-attr', default=None, help="Group Membership Attribute Name for LDAP", dest="ldap_member_attr")
+ parser.add_option('--ldap-dn', default=None, help="Distinguished name attribute for LDAP", dest="ldap_dn")
+ parser.add_option('--ldap-base-dn', default=None, help="Base DN for LDAP", dest="ldap_base_dn")
+ parser.add_option('--ldap-manager-dn', default=None, help="Manager DN for LDAP", dest="ldap_manager_dn")
+ parser.add_option('--ldap-manager-password', default=None, help="Manager Password For LDAP", dest="ldap_manager_password")
+ parser.add_option('--ldap-save-settings', action="store_true", default=None, help="Save without review for LDAP", dest="ldap_save_settings")
+ parser.add_option('--ldap-referral', default=None, help="Referral method [follow/ignore] for LDAP", dest="ldap_referral")
+ parser.add_option('--ldap-bind-anonym', default=None, help="Bind anonymously [true/false] for LDAP", dest="ldap_bind_anonym")
+ parser.add_option('--ldap-sync-admin-name', default=None, help="Username for LDAP sync", dest="ldap_sync_admin_name")
+ parser.add_option('--ldap-sync-admin-password', default=None, help="Password for LDAP sync", dest="ldap_sync_admin_password")
+
+ parser.add_option('--truststore-type', default=None, help="Type of TrustStore (jks|jceks|pkcs12)", dest="trust_store_type")
+ parser.add_option('--truststore-path', default=None, help="Path of TrustStore", dest="trust_store_path")
+ parser.add_option('--truststore-password', default=None, help="Password for TrustStore", dest="trust_store_password")
+ parser.add_option('--truststore-reconfigure', action="store_true", default=None, help="Force to reconfigure TrustStore if exits", dest="trust_store_reconfigure")
+
+ parser.add_option('--security-option', default=None,
+ help="Setup security option (setup-https|encrypt-password|setup-kerberos-jaas|setup-truststore|import-certificate)",
+ dest="security_option")
+ parser.add_option('--api-ssl', default=None, help="Enable SSL for Ambari API [true/false]", dest="api_ssl")
+ parser.add_option('--api-ssl-port', default=None, help="Client API SSL port", dest="api_ssl_port")
+ parser.add_option('--import-cert-path', default=None, help="Path to Certificate (import)", dest="import_cert_path")
+ parser.add_option('--import-cert-alias', default=None, help="Alias for the imported certificate", dest="import_cert_alias")
+ parser.add_option('--import-key-path', default=None, help="Path to Private Key (import)", dest="import_key_path")
+ parser.add_option('--pem-password', default=None, help="Password for Private Key", dest="pem_password")
+ parser.add_option('--master-key', default=None, help="Master key for encrypting passwords", dest="master_key")
+ parser.add_option('--master-key-persist', default=None, help="Persist master key [true/false]", dest="master_key_persist")
+ parser.add_option('--jaas-principal', default=None, help="Kerberos principal for ambari server", dest="jaas_principal")
+ parser.add_option('--jaas-keytab', default=None, help="Keytab path for Kerberos principal", dest="jaas_keytab")
+
@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
def are_cmd_line_db_args_blank(options):
if (options.database_host is None \
@@ -532,7 +575,7 @@ def create_user_action_map(args, options):
RESET_ACTION: UserAction(reset, options),
STATUS_ACTION: UserAction(status, options),
UPGRADE_ACTION: UserAction(upgrade, options),
- LDAP_SETUP_ACTION: UserAction(setup_ldap),
+ LDAP_SETUP_ACTION: UserAction(setup_ldap, options),
SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),
REFRESH_STACK_HASH_ACTION: UserAction(refresh_stack_hash_action),
SETUP_SSO_ACTION: UserActionRestart(setup_sso, options),
@@ -552,7 +595,7 @@ def create_user_action_map(args, options):
STATUS_ACTION: UserAction(status, options),
UPGRADE_ACTION: UserAction(upgrade, options),
UPGRADE_STACK_ACTION: UserActionPossibleArgs(upgrade_stack, [2, 4], args),
- LDAP_SETUP_ACTION: UserAction(setup_ldap),
+ LDAP_SETUP_ACTION: UserAction(setup_ldap, options),
LDAP_SYNC_ACTION: UserAction(sync_ldap, options),
SET_CURRENT_ACTION: UserAction(set_current, options),
SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration.py b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
index 5519a3d..caff519 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
@@ -118,17 +118,17 @@ class DBMSConfig(object):
#
# Main method. Configures the database according to the options and the existing properties.
#
- def configure_database(self, properties):
+ def configure_database(self, properties, options):
result = self._prompt_db_properties()
if result:
#DB setup should be done last after doing any setup.
if self._is_local_database():
- self._setup_local_server(properties)
+ self._setup_local_server(properties, options)
# this issue appears only for Suse. Postgres need /var/run/postgresql dir but do not create it
if OSCheck.is_suse_family():
self._create_postgres_lock_directory()
else:
- self._setup_remote_server(properties)
+ self._setup_remote_server(properties, options)
return result
def setup_database(self):
@@ -169,12 +169,12 @@ class DBMSConfig(object):
#
@staticmethod
- def _read_password_from_properties(properties):
+ def _read_password_from_properties(properties, options):
database_password = DEFAULT_PASSWORD
password_file = get_value_from_properties(properties, JDBC_PASSWORD_PROPERTY, "")
if password_file:
if is_alias_string(password_file):
- database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS)
+ database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS, options)
else:
if os.path.isabs(password_file) and os.path.exists(password_file):
with open(password_file, 'r') as file:
@@ -218,7 +218,7 @@ class DBMSConfig(object):
def _create_postgres_lock_directory(self):
pass
- def _setup_local_server(self, properties):
+ def _setup_local_server(self, properties, options):
pass
def _setup_local_database(self):
@@ -227,7 +227,7 @@ class DBMSConfig(object):
def _reset_local_database(self):
pass
- def _setup_remote_server(self, properties):
+ def _setup_remote_server(self, properties, options):
pass
def _setup_remote_database(self):
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
index 59c5d85..754873f 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
@@ -77,7 +77,7 @@ class LinuxDBMSConfig(DBMSConfig):
properties, JDBC_USER_NAME_PROPERTY, DEFAULT_USERNAME)
self.database_password = getattr(options, "database_password", "")
if not self.database_password:
- self.database_password = DBMSConfig._read_password_from_properties(properties)
+ self.database_password = DBMSConfig._read_password_from_properties(properties, options)
self.database_url_pattern = ""
self.database_url_pattern_alt = ""
@@ -128,8 +128,8 @@ class LinuxDBMSConfig(DBMSConfig):
return True
# Supporting remote server for all the DB types. Supporting local server only for PostgreSQL.
- def _setup_remote_server(self, args):
- self._store_remote_properties(args)
+ def _setup_remote_server(self, args, options):
+ self._store_remote_properties(args, options)
def _setup_remote_database(self):
properties = get_ambari_properties()
@@ -257,11 +257,11 @@ class LinuxDBMSConfig(DBMSConfig):
return retCode
- def _store_password_property(self, properties, property_name):
+ def _store_password_property(self, properties, property_name, options):
properties.process_pair(property_name,
store_password_file(self.database_password, JDBC_PASSWORD_FILENAME))
if self.isSecure:
- encrypted_password = encrypt_password(JDBC_RCA_PASSWORD_ALIAS, self.database_password)
+ encrypted_password = encrypt_password(JDBC_RCA_PASSWORD_ALIAS, self.database_password, options)
if encrypted_password != self.database_password:
properties.process_pair(property_name, encrypted_password)
@@ -282,7 +282,7 @@ class LinuxDBMSConfig(DBMSConfig):
return connectionStringFormat.format(jdbc_hostname, self.database_port, self.database_name)
# Store set of properties for remote database connection
- def _store_remote_properties(self, properties):
+ def _store_remote_properties(self, properties, options):
properties.process_pair(PERSISTENCE_TYPE_PROPERTY, self.persistence_type)
properties.process_pair(JDBC_DATABASE_PROPERTY, self.dbms)
@@ -296,7 +296,7 @@ class LinuxDBMSConfig(DBMSConfig):
properties.process_pair(JDBC_URL_PROPERTY, connection_string)
properties.process_pair(JDBC_USER_NAME_PROPERTY, self.database_username)
- self._store_password_property(properties, JDBC_PASSWORD_PROPERTY)
+ self._store_password_property(properties, JDBC_PASSWORD_PROPERTY, options)
# save any other defined properties to pass to JDBC
for pair in self.jdbc_extra_params:
@@ -306,7 +306,7 @@ class LinuxDBMSConfig(DBMSConfig):
properties.process_pair(JDBC_RCA_URL_PROPERTY, connection_string)
properties.process_pair(JDBC_RCA_USER_NAME_PROPERTY, self.database_username)
- self._store_password_property(properties, JDBC_RCA_PASSWORD_FILE_PROPERTY)
+ self._store_password_property(properties, JDBC_RCA_PASSWORD_FILE_PROPERTY, options)
# connection pooling (internal JPA by default)
properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "internal")
@@ -413,11 +413,11 @@ class PGConfig(LinuxDBMSConfig):
# Private implementation
#
# Supporting remote server for all the DB types. Supporting local server only for PostgreSQL.
- def _setup_local_server(self, properties):
+ def _setup_local_server(self, properties, options):
# check if jdbc user is changed
self._is_user_changed = PGConfig._is_jdbc_user_changed(self.database_username)
print 'Default properties detected. Using built-in database.'
- self._store_local_properties(properties)
+ self._store_local_properties(properties, options)
def _create_postgres_lock_directory(self):
postgres_user_uid = None
@@ -550,7 +550,7 @@ class PGConfig(LinuxDBMSConfig):
return None
# Store local database connection properties
- def _store_local_properties(self, properties):
+ def _store_local_properties(self, properties, options):
properties.removeOldProp(JDBC_DATABASE_PROPERTY)
properties.removeOldProp(JDBC_DATABASE_NAME_PROPERTY)
properties.removeOldProp(JDBC_POSTGRES_SCHEMA_PROPERTY)
@@ -571,7 +571,7 @@ class PGConfig(LinuxDBMSConfig):
# connection pooling (internal JPA by default)
properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "internal")
- self._store_password_property(properties, JDBC_PASSWORD_PROPERTY)
+ self._store_password_property(properties, JDBC_PASSWORD_PROPERTY, options)
@staticmethod
@@ -730,8 +730,8 @@ class PGConfig(LinuxDBMSConfig):
return retcode, out, err
return 0, "", ""
- def _store_remote_properties(self, properties):
- super(PGConfig, self)._store_remote_properties(properties)
+ def _store_remote_properties(self, properties, options):
+ super(PGConfig, self)._store_remote_properties(properties, options)
properties.process_pair(JDBC_POSTGRES_SCHEMA_PROPERTY, self.postgres_schema)
@@ -934,13 +934,13 @@ class MySQLConfig(LinuxDBMSConfig):
scriptFile
)
- def _store_remote_properties(self, properties):
+ def _store_remote_properties(self, properties, options):
"""
Override the remote properties written for MySQL, inheriting those from the parent first.
:param properties: the properties object to set MySQL specific properties on
:return:
"""
- super(MySQLConfig, self)._store_remote_properties(properties)
+ super(MySQLConfig, self)._store_remote_properties(properties, options)
# connection pooling (c3p0 used by MySQL by default)
properties.process_pair(JDBC_CONNECTION_POOL_TYPE, "c3p0")
@@ -1074,13 +1074,13 @@ class SQLAConfig(LinuxDBMSConfig):
def _get_remote_script_line(self, scriptFile):
return "stub script line" #TODO not used anymore, investigate if it can be removed
- def _store_remote_properties(self, properties):
+ def _store_remote_properties(self, properties, options):
"""
Override the remote properties written for MySQL, inheriting those from the parent first.
:param properties: the properties object to set MySQL specific properties on
:return:
"""
- super(SQLAConfig, self)._store_remote_properties(properties)
+ super(SQLAConfig, self)._store_remote_properties(properties, options)
properties.process_pair(JDBC_SQLA_SERVER_NAME, self.server_name)
def _extract_client_tarball(self, properties):
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
index 96cd823..eca46cc 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
@@ -85,7 +85,7 @@ class MSSQLConfig(DBMSConfig):
properties, self.dbAuthKeys.user_name_key, DEFAULT_USERNAME)
self.database_password = DBMSConfig._init_member_with_default(options, "database_password", "")
if not self.database_password:
- self.database_password = DBMSConfig._read_password_from_properties(properties)
+ self.database_password = DBMSConfig._read_password_from_properties(properties, options)
self.database_url = self._build_sql_server_connection_string()
@@ -148,7 +148,7 @@ class MSSQLConfig(DBMSConfig):
return True
- def _setup_remote_server(self, properties):
+ def _setup_remote_server(self, properties, options):
if self.ensure_jdbc_driver_installed(properties):
properties.removeOldProp(self.dbPropKeys.port_key)
properties.removeOldProp(self.dbAuthKeys.integrated_auth_key)
@@ -164,7 +164,7 @@ class MSSQLConfig(DBMSConfig):
properties.process_pair(self.dbPropKeys.port_key, self.database_port)
properties.process_pair(self.dbPropKeys.db_name_key, self.database_name)
- self._store_db_auth_config(properties, self.dbAuthKeys)
+ self._store_db_auth_config(properties, self.dbAuthKeys, options)
properties.process_pair(self.dbPropKeys.db_url_key, self.database_url)
pass
@@ -262,7 +262,7 @@ class MSSQLConfig(DBMSConfig):
#No need to append the username and password, the Ambari server adds them by itself when connecting to the database
return databaseUrl
- def _store_db_auth_config(self, properties, keys):
+ def _store_db_auth_config(self, properties, keys, options):
if (self.use_windows_authentication):
properties.process_pair(keys.integrated_auth_key, "True")
properties.removeProp(keys.password_key)
@@ -272,7 +272,7 @@ class MSSQLConfig(DBMSConfig):
properties.process_pair(keys.user_name_key, self.database_username)
if self.isSecure:
- encrypted_password = encrypt_password(keys.password_alias, self.database_password)
+ encrypted_password = encrypt_password(keys.password_alias, self.database_password, options)
if self.database_password != encrypted_password:
properties.process_pair(keys.password_key, encrypted_password)
else:
@@ -338,8 +338,8 @@ class MSSQLAmbariDBConfig(MSSQLConfig):
self.drop_tables_script_file = compress_backslashes(DBMSConfig._init_member_with_default(options, "cleanup_db_script_file",
"resources" + os.path.sep + "Ambari-DDL-SQLServer-DROP.sql"))
- def _setup_remote_server(self, properties):
- super(MSSQLAmbariDBConfig, self)._setup_remote_server(properties)
+ def _setup_remote_server(self, properties, options):
+ super(MSSQLAmbariDBConfig, self)._setup_remote_server(properties, options)
properties.process_pair(JDBC_RCA_DRIVER_PROPERTY, self.driver_class_name)
properties.process_pair(JDBC_RCA_HOSTNAME_PROPERTY, ensure_double_backslashes(self.database_host))
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/serverConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverConfiguration.py b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
index a259a1f..54db372 100644
--- a/ambari-server/src/main/python/ambari_server/serverConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
@@ -755,20 +755,20 @@ def update_database_name_property(upgrade=False):
raise FatalException(-1, err)
-def encrypt_password(alias, password):
+def encrypt_password(alias, password, options):
properties = get_ambari_properties()
if properties == -1:
raise FatalException(1, None)
- return get_encrypted_password(alias, password, properties)
+ return get_encrypted_password(alias, password, properties, options)
-def get_encrypted_password(alias, password, properties):
+def get_encrypted_password(alias, password, properties, options):
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
if isSecure:
masterKey = None
if not masterKeyFile:
# Encryption enabled but no master key file found
- masterKey = get_original_master_key(properties)
+ masterKey = get_original_master_key(properties, options)
retCode = save_passwd_for_alias(alias, password, masterKey)
if retCode != 0:
@@ -795,7 +795,7 @@ def get_alias_string(alias):
def get_alias_from_alias_string(aliasStr):
return aliasStr[8:-1]
-def read_passwd_for_alias(alias, masterKey=""):
+def read_passwd_for_alias(alias, masterKey="", options=None):
if alias:
jdk_path = find_jdk()
if jdk_path is None:
@@ -812,6 +812,8 @@ def read_passwd_for_alias(alias, masterKey=""):
with open(tempFilePath, 'w+'):
os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
+ if options is not None and options.master_key is not None and options.master_key:
+ masterKey = options.master_key
if masterKey is None or masterKey == "":
masterKey = "None"
@@ -832,16 +834,15 @@ def read_passwd_for_alias(alias, masterKey=""):
else:
print_error_msg("Alias is unreadable.")
-def decrypt_password_for_alias(properties, alias):
+def decrypt_password_for_alias(properties, alias, options=None):
isSecure = get_is_secure(properties)
if isSecure:
masterKey = None
(isPersisted, masterKeyFile) = get_is_persisted(properties)
if not masterKeyFile:
# Encryption enabled but no master key file found
- masterKey = get_original_master_key(properties)
-
- return read_passwd_for_alias(alias, masterKey)
+ masterKey = get_original_master_key(properties, options)
+ return read_passwd_for_alias(alias, masterKey, options)
else:
return alias
@@ -899,12 +900,16 @@ def remove_password_file(filename):
return 0
-def get_original_master_key(properties):
+def get_original_master_key(properties, options = None):
input = True
+ masterKey = None
while(input):
try:
- masterKey = get_validated_string_input('Enter current Master Key: ',
- "", ".*", "", True, False)
+ if options is not None and options.master_key is not None and options.master_key:
+ masterKey = options.master_key
+ if masterKey is None:
+ masterKey = get_validated_string_input('Enter current Master Key: ',
+ "", ".*", "", True, False)
except KeyboardInterrupt:
print 'Exiting...'
sys.exit(1)
@@ -927,7 +932,7 @@ def get_original_master_key(properties):
# Decrypt alias with master to validate it, if no master return
if alias and masterKey:
- password = read_passwd_for_alias(alias, masterKey)
+ password = read_passwd_for_alias(alias, masterKey, options)
if not password:
print "ERROR: Master key does not match."
continue
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index cbb96d9..217d988 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -915,7 +915,7 @@ def _setup_database(options):
factory = DBMSConfigFactory()
dbmsAmbari = factory.create(options, properties, "Ambari")
- resultA = dbmsAmbari.configure_database(properties)
+ resultA = dbmsAmbari.configure_database(properties, options)
# Now save the properties file
if resultA:
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/setupHttps.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupHttps.py b/ambari-server/src/main/python/ambari_server/setupHttps.py
index ce676d2..824fe04 100644
--- a/ambari-server/src/main/python/ambari_server/setupHttps.py
+++ b/ambari-server/src/main/python/ambari_server/setupHttps.py
@@ -82,7 +82,7 @@ SRVR_ONE_WAY_SSL_PORT = "8440"
GANGLIA_HTTPS = 'ganglia.https'
-def get_and_persist_truststore_path(properties):
+def get_and_persist_truststore_path(properties, options):
truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
if not truststore_path:
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
@@ -90,39 +90,37 @@ def get_and_persist_truststore_path(properties):
while not truststore_path:
truststore_path = get_validated_string_input(
"Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT,
- ".*", False, False)
+ SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
if truststore_path:
properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path)
return truststore_path
-def get_and_persist_truststore_type(properties):
+def get_and_persist_truststore_type(properties, options):
truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
if not truststore_type:
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
-
truststore_type = get_validated_string_input(
"TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT,
- "^(jks|jceks|pkcs12)?$", "Wrong type", False)
+ SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer = options.trust_store_type)
if truststore_type:
properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type)
return truststore_type
-def get_and_persist_truststore_password(properties):
+def get_and_persist_truststore_password(properties, options):
truststore_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
isSecure = get_is_secure(properties)
if truststore_password:
if isSecure:
- truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS)
+ truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS, options)
else:
- truststore_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
+ truststore_password = read_password("", ".*", "Password for TrustStore:",
+ "Invalid characters in password", options.trust_store_password)
if truststore_password:
- encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties)
+ encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties, options)
properties.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, encrypted_password)
return truststore_password
@@ -143,13 +141,13 @@ def get_delete_cert_command(jdk_path, alias, truststore_path, truststore_passwor
return cmd
-def import_cert_and_key(security_server_keys_dir):
+def import_cert_and_key(security_server_keys_dir, options):
import_cert_path = get_validated_filepath_input( \
- "Enter path to Certificate: ", \
- "Certificate not found")
- import_key_path = get_validated_filepath_input( \
- "Enter path to Private Key: ", "Private Key not found")
- pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
+ "Enter path to Certificate: ", "Certificate not found", answer = options.import_cert_path)
+ import_key_path = get_validated_filepath_input( \
+ "Enter path to Private Key: ", "Private Key not found", answer = options.import_key_path)
+ pem_password = get_validated_string_input("Please enter password for Private Key: ", "",
+ None, None, True, answer = options.pem_password)
certInfoDict = get_cert_info(import_cert_path)
@@ -378,8 +376,8 @@ def is_valid_https_port(port):
return True
-def import_cert_and_key_action(security_server_keys_dir, properties):
- if import_cert_and_key(security_server_keys_dir):
+def import_cert_and_key_action(security_server_keys_dir, properties, options):
+ if import_cert_and_key(security_server_keys_dir, options):
properties.process_pair(SSL_SERVER_CERT_NAME, SSL_CERT_FILE_NAME)
properties.process_pair(SSL_SERVER_KEY_NAME, SSL_KEY_FILE_NAME)
properties.process_pair(SSL_API, "true")
@@ -395,12 +393,12 @@ def run_component_https_cmd(cmd):
raise FatalException(1, err)
-def setup_https(args):
+def setup_https(options):
if not is_root():
warn = 'ambari-server setup-https is run as ' \
'non-root user, some sudo privileges might be required'
print warn
- args.exit_message = None
+ options.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
@@ -412,8 +410,13 @@ def setup_https(args):
api_ssl_old_value = properties.get_property(SSL_API)
cert_was_imported = False
cert_must_import = True
+
+ disable_https = options.api_ssl in ['false'] if options.api_ssl is not None else None
+ configure_https = options.api_ssl in ['true'] if options.api_ssl is not None else None
+
if api_ssl:
- if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
+ disable_https = disable_https if disable_https is not None else get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False)
+ if disable_https:
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
@@ -421,14 +424,17 @@ def setup_https(args):
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
- "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port, \
+ answer = options.api_ssl_port))
+ cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties, options)
else:
- if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
+ if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True, configure_https):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
- str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.",
+ False, validatorFunction = is_valid_https_port,
+ answer = options.api_ssl_port))
+ cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties, options)
else:
return False
@@ -457,7 +463,7 @@ def setup_https(args):
raise NonFatalException(warning)
-def setup_truststore(import_cert=False):
+def setup_truststore(options, import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
@@ -468,32 +474,37 @@ def setup_truststore(import_cert=False):
properties = get_ambari_properties()
- if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
+ truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False
+ truststore_reconfigure = True if options.trust_store_reconfigure is not None else False
+
+ if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
#Re-configuration enabled only for option "Setup truststore"
if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\
- and get_YN_input(
+ and (truststore_reconfigure or get_YN_input(
"The truststore is already configured. Do you want to re-configure "
- "the truststore [y/n] (y)? ", True):
+ "the truststore [y/n] (y)? ", True)):
properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- truststore_type = get_and_persist_truststore_type(properties)
- truststore_path = get_and_persist_truststore_path(properties)
- truststore_password = get_and_persist_truststore_password(properties)
+ truststore_type = get_and_persist_truststore_type(properties, options)
+ truststore_path = get_and_persist_truststore_path(properties, options)
+ truststore_password = get_and_persist_truststore_password(properties, options)
if import_cert:
- if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
-
- alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
+ import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True)
+ if import_cert_confirm:
+ aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None
+ alias = aliasOption if aliasOption is not None \
+ else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
- import_cert_path = get_validated_filepath_input( \
- "Enter path to certificate: ", \
- "Certificate not found")
+ import_cert_path = get_validated_filepath_input("Enter path to certificate: ",
+ "Certificate not found",
+ answer=options.import_cert_path)
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index b0ea491..69579cd 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -51,7 +51,7 @@ from ambari_server.serverConfiguration import configDefaults, \
get_resources_location, SECURITY_MASTER_KEY_LOCATION, SETUP_OR_UPGRADE_MSG, CHECK_AMBARI_KRB_JAAS_CONFIGURATION_PROPERTY
from ambari_server.serverUtils import is_server_runing, get_ambari_server_api_base
from ambari_server.setupActions import SETUP_ACTION, LDAP_SETUP_ACTION
-from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input
+from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input, quit_if_has_answer
from ambari_server.serverClassPath import ServerClassPath
@@ -67,7 +67,7 @@ CLIENT_SECURITY_KEY = "client.security"
SERVER_API_LDAP_URL = 'ldap_sync_events'
-def read_master_key(isReset=False):
+def read_master_key(isReset=False, options = None):
passwordPattern = ".*"
passwordPrompt = "Please provide master key for locking the credential store: "
passwordDescr = "Invalid characters in password. Use only alphanumeric or "\
@@ -78,15 +78,15 @@ def read_master_key(isReset=False):
input = True
while(input):
- masterKey = get_validated_string_input(passwordPrompt, passwordDefault,
- passwordPattern, passwordDescr, True, True)
+ masterKey = get_validated_string_input(passwordPrompt, passwordDefault, passwordPattern, passwordDescr,
+ True, True, answer = options.master_key)
if not masterKey:
print "Master Key cannot be empty!"
continue
- masterKey2 = get_validated_string_input("Re-enter master key: ",
- passwordDefault, passwordPattern, passwordDescr, True, True)
+ masterKey2 = get_validated_string_input("Re-enter master key: ", passwordDefault, passwordPattern, passwordDescr,
+ True, True, answer = options.master_key)
if masterKey != masterKey2:
print "Master key did not match!"
@@ -192,14 +192,12 @@ def adjust_directory_permissions(ambari_user):
print_info_msg("Changing ownership: {0} {1} {2}".format(path, user, recursive))
change_owner(path, user, recursive)
-def configure_ldap_password():
+def configure_ldap_password(options):
passwordDefault = ""
passwordPrompt = 'Enter Manager Password* : '
passwordPattern = ".*"
passwordDescr = "Invalid characters in password."
-
- password = read_password(passwordDefault, passwordPattern, passwordPrompt,
- passwordDescr)
+ password = read_password(passwordDefault, passwordPattern, passwordPrompt, passwordDescr, options.ldap_manager_password)
return password
@@ -246,6 +244,16 @@ class LdapSyncOptions:
except AttributeError:
self.ldap_sync_groups = None
+ try:
+ self.ldap_sync_admin_name = options.ldap_sync_admin_name
+ except AttributeError:
+ self.ldap_sync_admin_name = None
+
+ try:
+ self.ldap_sync_admin_password = options.ldap_sync_admin_password
+ except AttributeError:
+ self.ldap_sync_admin_password = None
+
def no_ldap_sync_options_set(self):
return not self.ldap_sync_all and not self.ldap_sync_existing and self.ldap_sync_users is None and self.ldap_sync_groups is None
@@ -280,10 +288,14 @@ def sync_ldap(options):
err = 'Must specify a sync option (all, existing, users or groups). Please invoke ambari-server.py --help to print the options.'
raise FatalException(1, err)
- admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
+ admin_login = ldap_sync_options.ldap_sync_admin_name\
+ if ldap_sync_options.ldap_sync_admin_name is not None and ldap_sync_options.ldap_sync_admin_name \
+ else get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
pattern=None, description=None,
is_pass=False, allowEmpty=False)
- admin_password = get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
+ admin_password = ldap_sync_options.ldap_sync_admin_password \
+ if ldap_sync_options.ldap_sync_admin_password is not None and ldap_sync_options.ldap_sync_admin_password \
+ else get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
pattern=None, description=None,
is_pass=True, allowEmpty=False)
@@ -414,20 +426,20 @@ def setup_master_key(options):
if isSecure:
print "Password encryption is enabled."
- resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
+ resetKey = True if options.security_option is not None else get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
# For encrypting of only unencrypted passwords without resetting the key ask
# for master key if not persisted.
if isSecure and not isPersisted and not resetKey:
print "Master Key not persisted."
- masterKey = get_original_master_key(properties)
+ masterKey = get_original_master_key(properties, options)
pass
# Make sure both passwords are clear-text if master key is lost
if resetKey:
if not isPersisted:
print "Master Key not persisted."
- masterKey = get_original_master_key(properties)
+ masterKey = get_original_master_key(properties, options)
# Unable get the right master key or skipped question <enter>
if not masterKey:
print "To disable encryption, do the following:"
@@ -456,13 +468,13 @@ def setup_master_key(options):
ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
# Read master key, if non-secure or reset is true
if resetKey or not isSecure:
- masterKey = read_master_key(resetKey)
+ masterKey = read_master_key(resetKey, options)
persist = get_YN_input("Do you want to persist master key. If you choose " \
"not to persist, you need to provide the Master " \
"Key while starting the ambari server as an env " \
"variable named " + SECURITY_KEY_ENV_VAR_NAME + \
" or the start will prompt for the master key."
- " Persist [y/n] (y)? ", True)
+ " Persist [y/n] (y)? ", True, options.master_key_persist)
if persist:
save_master_key(options, masterKey, get_master_key_location(properties) + os.sep +
SECURITY_MASTER_KEY_FILENAME, persist)
@@ -524,18 +536,18 @@ def setup_master_key(options):
return 0
-def setup_ambari_krb5_jaas():
+def setup_ambari_krb5_jaas(options):
jaas_conf_file = search_file(SECURITY_KERBEROS_JASS_FILENAME, get_conf_dir())
if os.path.exists(jaas_conf_file):
print 'Setting up Ambari kerberos JAAS configuration to access ' + \
'secured Hadoop daemons...'
principal = get_validated_string_input('Enter ambari server\'s kerberos '
- 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
- False)
+ 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
+ False, answer = options.jaas_principal)
keytab = get_validated_string_input('Enter keytab path for ambari '
- 'server\'s kerberos principal: ',
- '/etc/security/keytabs/ambari.keytab', '.*', False, False,
- validatorFunction=is_valid_filepath)
+ 'server\'s kerberos principal: ',
+ '/etc/security/keytabs/ambari.keytab', '.*', False, False,
+ validatorFunction=is_valid_filepath, answer = options.jaas_keytab)
for line in fileinput.FileInput(jaas_conf_file, inplace=1):
line = re.sub('keyTab=.*$', 'keyTab="' + keytab + '"', line)
@@ -549,46 +561,47 @@ def setup_ambari_krb5_jaas():
class LdapPropTemplate:
- def __init__(self, properties, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
+ def __init__(self, properties, i_option, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
self.prop_name = i_prop_name
+ self.option = i_option
self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default)
self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name))
self.prompt_regex = i_prompt_regex
self.allow_empty_prompt = i_allow_empty_prompt
@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
-def init_ldap_properties_list_reqd(properties):
+def init_ldap_properties_list_reqd(properties, options):
# python2.x dict is not ordered
ldap_properties = [
- LdapPropTemplate(properties, "authentication.ldap.primaryUrl", "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
- LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
- LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
- LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
- LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
- LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
- LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+ LdapPropTemplate(properties, options.ldap_url, "authentication.ldap.primaryUrl", "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+ LdapPropTemplate(properties, options.ldap_secondary_url, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+ LdapPropTemplate(properties, options.ldap_ssl, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+ LdapPropTemplate(properties, options.ldap_user_attr, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+ LdapPropTemplate(properties, options.ldap_base_dn, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+ LdapPropTemplate(properties, options.ldap_referral, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
+ LdapPropTemplate(properties, options.ldap_bind_anonym, "authentication.ldap.bindAnonymously" "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
]
return ldap_properties
@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
-def init_ldap_properties_list_reqd(properties):
+def init_ldap_properties_list_reqd(properties, options):
ldap_properties = [
- LdapPropTemplate(properties, LDAP_PRIMARY_URL_PROPERTY, "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
- LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
- LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
- LdapPropTemplate(properties, "authentication.ldap.userObjectClass", "User object class* {0}: ", REGEX_ANYTHING, False, "posixAccount"),
- LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
- LdapPropTemplate(properties, "authentication.ldap.groupObjectClass", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
- LdapPropTemplate(properties, "authentication.ldap.groupNamingAttr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
- LdapPropTemplate(properties, "authentication.ldap.groupMembershipAttr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
- LdapPropTemplate(properties, "authentication.ldap.dnAttribute", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
- LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
- LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
- LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+ LdapPropTemplate(properties, options.ldap_url, LDAP_PRIMARY_URL_PROPERTY, "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+ LdapPropTemplate(properties, options.ldap_secondary_url, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+ LdapPropTemplate(properties, options.ldap_ssl, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+ LdapPropTemplate(properties, options.ldap_user_class, "authentication.ldap.userObjectClass", "User object class* {0}: ", REGEX_ANYTHING, False, "posixAccount"),
+ LdapPropTemplate(properties, options.ldap_user_attr, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+ LdapPropTemplate(properties, options.ldap_group_class, "authentication.ldap.groupObjectClass", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
+ LdapPropTemplate(properties, options.ldap_group_attr, "authentication.ldap.groupNamingAttr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
+ LdapPropTemplate(properties, options.ldap_member_attr, "authentication.ldap.groupMembershipAttr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
+ LdapPropTemplate(properties, options.ldap_dn, "authentication.ldap.dnAttribute", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
+ LdapPropTemplate(properties, options.ldap_base_dn, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+ LdapPropTemplate(properties, options.ldap_referral, "authentication.ldap.referral", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
+ LdapPropTemplate(properties, options.ldap_bind_anonym, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
]
return ldap_properties
-def setup_ldap():
+def setup_ldap(options):
if not is_root():
err = 'Ambari-server setup-ldap should be run with ' \
'root-level privileges'
@@ -597,7 +610,7 @@ def setup_ldap():
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
- ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)
+ ldap_property_list_reqd = init_ldap_properties_list_reqd(properties, options)
ldap_property_list_opt = ["authentication.ldap.managerDn",
LDAP_MGR_PASSWORD_PROPERTY,
@@ -617,11 +630,11 @@ def setup_ldap():
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
-
ldap_property_value_map = {}
for ldap_prop in ldap_property_list_reqd:
input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
- "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
+ "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt,
+ answer = ldap_prop.option)
if input is not None and input != "":
ldap_property_value_map[ldap_prop.prop_name] = input
@@ -631,10 +644,10 @@ def setup_ldap():
# Ask for manager credentials only if bindAnonymously is false
if not anonymous:
username = get_validated_string_input("Manager DN* {0}: ".format(
- get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
- "Invalid characters in the input!", False, False)
+ get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
+ "Invalid characters in the input!", False, False, answer = options.ldap_manager_dn)
ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
- mgr_password = configure_ldap_password()
+ mgr_password = configure_ldap_password(options)
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
@@ -646,26 +659,26 @@ def setup_ldap():
truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
if truststore_set:
truststore_default = "y"
- custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
+ custom_trust_store = True if options.trust_store_path is not None and options.trust_store_path else False
+ if not custom_trust_store:
+ custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
format(truststore_default),
truststore_set)
if custom_trust_store:
- ts_type = get_validated_string_input(
- "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT,
- "^(jks|jceks|pkcs12)?$", "Wrong type", False)
+ ts_type = get_validated_string_input("TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
+ SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer=options.trust_store_type)
ts_path = None
while True:
- ts_path = get_validated_string_input(
- "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT,
- ".*", False, False)
+ ts_path = get_validated_string_input("Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
+ SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
if os.path.exists(ts_path):
break
else:
print 'File not found.'
+ hasAnswer = options.trust_store_path is not None and options.trust_store_path
+ quit_if_has_answer(hasAnswer)
- ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
+ ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password", options.trust_store_password)
ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
@@ -676,7 +689,7 @@ def setup_ldap():
print ' ' + SSL_TRUSTSTORE_TYPE_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
print ' ' + SSL_TRUSTSTORE_PATH_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
print ' ' + SSL_TRUSTSTORE_PASSWORD_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True):
+ if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True, options.trust_store_reconfigure):
properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
@@ -697,18 +710,18 @@ def setup_ldap():
else:
print("%s: %s" % (property, BLIND_PASSWORD))
- save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
+ save_settings = True if options.ldap_save_settings is not None else get_YN_input("Save settings [y/n] (y)? ", True)
if save_settings:
ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
if isSecure:
if mgr_password:
- encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
+ encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, options)
if mgr_password != encrypted_passwd:
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
pass
if ts_password:
- encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
+ encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password, options)
if ts_password != encrypted_passwd:
ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
pass
http://git-wip-us.apache.org/repos/asf/ambari/blob/79175d03/ambari-server/src/main/python/ambari_server/userInput.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/userInput.py b/ambari-server/src/main/python/ambari_server/userInput.py
index 247ebec..1f31152 100644
--- a/ambari-server/src/main/python/ambari_server/userInput.py
+++ b/ambari-server/src/main/python/ambari_server/userInput.py
@@ -31,21 +31,28 @@ from ambari_commons.os_utils import get_password
#
# return True if 'y' or False if 'n'
#
-def get_YN_input(prompt, default):
+def get_YN_input(prompt, default, answer = None):
yes = set(['yes', 'ye', 'y'])
no = set(['no', 'n'])
- return get_choice_string_input(prompt, default, yes, no)
+ if answer is not None and answer:
+ yes.update(['True', 'true'])
+ no.update(['False', 'false'])
+ return get_choice_string_input(prompt, default, yes, no, answer)
-def get_choice_string_input(prompt, default, firstChoice, secondChoice):
+
+def get_choice_string_input(prompt, default, firstChoice, secondChoice, answer = None):
if get_silent():
print(prompt)
return default
+ hasAnswer = answer is not None and answer
+ if hasAnswer:
+ print(prompt)
input = True
result = default
while input:
- choice = raw_input(prompt).lower()
+ choice = str(answer) if hasAnswer else raw_input(prompt).lower()
if choice in firstChoice:
result = True
input = False
@@ -57,21 +64,26 @@ def get_choice_string_input(prompt, default, firstChoice, secondChoice):
input = False
else:
print "input not recognized, please try again: "
+ quit_if_has_answer(hasAnswer)
return result
def get_validated_string_input(prompt, default, pattern, description,
- is_pass, allowEmpty=True, validatorFunction=None):
+ is_pass, allowEmpty=True, validatorFunction=None, answer = None):
input = ""
+ hasAnswer = answer is not None and (answer or allowEmpty)
+ if hasAnswer:
+ print (prompt)
+
while not input:
if get_silent():
print (prompt)
input = default
elif is_pass:
- input = get_password(prompt)
+ input = str(answer) if hasAnswer else get_password(prompt)
else:
- input = raw_input(prompt)
+ input = str(answer) if hasAnswer else raw_input(prompt)
if not input.strip():
# Empty input - if default available use default
if not allowEmpty and not default:
@@ -79,39 +91,45 @@ def get_validated_string_input(prompt, default, pattern, description,
msg += ' cannot be blank.'
print msg
input = ""
+ quit_if_has_answer(hasAnswer)
continue
else:
input = default
if validatorFunction:
if not validatorFunction(input):
input = ""
+ quit_if_has_answer(hasAnswer)
continue
break # done here and picking up default
else:
if not pattern == None and not re.search(pattern, input.strip()):
print description
input = ""
+ quit_if_has_answer(hasAnswer)
if validatorFunction:
if not validatorFunction(input):
input = ""
+ quit_if_has_answer(hasAnswer)
continue
return input
-def get_validated_filepath_input(prompt, description, default=None):
+def get_validated_filepath_input(prompt, description, default = None, answer = None):
input = False
+ hasAnswer = answer is not None and answer
while not input:
if get_silent():
print (prompt)
return default
else:
- input = raw_input(prompt)
+ input = str(answer) if hasAnswer else raw_input(prompt)
if not input == None:
input = input.strip()
if not input == None and not "" == input and os.path.isfile(input):
return input
else:
print description
+ quit_if_has_answer(hasAnswer)
input = False
@@ -142,7 +160,8 @@ def get_prompt_default(defaultStr=None):
def read_password(passwordDefault,
passwordPattern,
passwordPrompt=None,
- passwordDescr=None):
+ passwordDescr=None,
+ answer=None):
input = True
while(input):
@@ -155,18 +174,24 @@ def read_password(passwordDefault,
"_ or - characters"
password = get_validated_string_input(passwordPrompt, passwordDefault,
- passwordPattern, passwordDescr, True)
+ passwordPattern, passwordDescr, True, answer = answer)
if not password:
print 'Password cannot be blank.'
continue
if password != passwordDefault:
- password1 = get_validated_string_input("Re-enter password: ",
- passwordDefault, passwordPattern, passwordDescr, True)
+ password1 = get_validated_string_input("Re-enter password: ", passwordDefault, passwordPattern,
+ passwordDescr, True, answer = answer)
if password != password1:
print "Passwords do not match"
continue
input = False
- return password
\ No newline at end of file
+ return password
+
+# quits from the application only if the input is provided with a flag ('--customInput=')
+def quit_if_has_answer(hasAnswer):
+ if hasAnswer:
+ print "Validation has failed for the last input. Operation has interrupted."
+ exit(1)
\ No newline at end of file