You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/12/03 09:28:00 UTC
[jira] [Created] (AMBARI-24986) Use Ambari CLI to enable and
disable trusted proxy support in Ambari
Sandor Molnar created AMBARI-24986:
--------------------------------------
Summary: Use Ambari CLI to enable and disable trusted proxy support in Ambari
Key: AMBARI-24986
URL: https://issues.apache.org/jira/browse/AMBARI-24986
Project: Ambari
Issue Type: Documentation
Components: ambari-server
Affects Versions: 2.8.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.8.0
Use Ambari CLI to enable and disable trusted proxy support in Ambari.
Information needed to be collected:
* Enable/Disable trusted proxy support
** {{ambari.tproxy.authentication.enabled}} : "true"|"false"
* Trusted proxy user (the authenticated user allowed to declare a proxied user) details - One or more may be specified
** hosts from which the proxy user can connect
*** {{ambari.tproxy.proxyuser.PROXY_USER.hosts}} : * or a comma-delimited list of hostname, ip address, CIDR Notation (intermixed is ok)
** users allowed to be specified as proxied users by the proxy user
*** {{ambari.tproxy.proxyuser.PROXY_USER.users}} : *, or a comma-delimited list of usernames
** group for which users to be proxied are members
*** {{ambari.tproxy.proxyuser.PROXY_USER.groups}} : *, or a comma-delimited list of group names
{noformat}
[root@c7402 ~]# ambari-server setup-tproxy
Using python /usr/bin/python
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Fetching Trusted Proxy configuration from DB.
Trusted Proxy support is currently disabled
Do you want to configure Trusted Proxy support [y/n] (y)? y
The proxy user's (local) username? knox
Allowed hosts for knox (*)? knox.ambari.apache.org
Allowed users for knox (*)? *
Allowed groups for knox (*)? users
Add another proxy user [y/n]? y
The proxy user's (local) username? admin
Allowed hosts for admin (*)? 192.168.74.0/24
Allowed users for admin (*)? tom, sam, admin
Allowed groups for admin (*)? admin_users
Add another proxy user [y/n]? n
Save settings [y/n] (y)? y
Saving Trusted Proxy configuration...
Saving Trusted Proxy configuration finished
Ambari Server 'setup-tproxy' completed successfully.
{noformat}
The REST API calls to get and set the trusted proxy configurations are
{noformat:title=GET request}
GET /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration
{noformat}
{noformat:title=GET example response}
{
"href" : "http://c7401.ambari.apache.org:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/tproxy-configuration",
"Configuration" : {
"category" : "tproxy-configuration",
"component_name" : "AMBARI_SERVER",
"service_name" : "AMBARI",
"properties" : {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.admin.groups" : "admin_users",
"ambari.tproxy.proxyuser.admin.hosts" : "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users" : "sam, tom, admin",
"ambari.tproxy.proxyuser.knox.groups" : "users",
"ambari.tproxy.proxyuser.knox.hosts" : "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users" : "*"
},
"property_types" : {
"ambari.tproxy.authentication.enabled" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.admin.users" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.groups" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.hosts" : "PLAINTEXT",
"ambari.tproxy.proxyuser.knox.users" : "PLAINTEXT"
}
}
}
{noformat}
{noformat:title=POST request}
POST /api/v1/services/AMBARI/components/AMBARI_SERVER/configurations
{
"Configuration": {
"category" : "tproxy-configuration",
"properties": {
"ambari.tproxy.authentication.enabled" : "true",
"ambari.tproxy.proxyuser.knox.hosts": "c7401.ambari.apache.org",
"ambari.tproxy.proxyuser.knox.users": "*",
"ambari.tproxy.proxyuser.knox.groups": "users",
"ambari.tproxy.proxyuser.admin.hosts": "192.168.74.0/24",
"ambari.tproxy.proxyuser.admin.users": "sam, tom, admin",
"ambari.tproxy.proxyuser.admin.groups": "admin_users"
}
}
}{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)