You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Daniel Gergely <dg...@hortonworks.com> on 2016/03/01 10:36:02 UTC
Review Request 44203: Ambari overrides trustore when executing
"ambari-server setup-ldap"
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44203/
-----------------------------------------------------------
Review request for Ambari, Laszlo Puskas, Oliver Szabo, and Sebastian Toader.
Bugs: AMBARI-15242
https://issues.apache.org/jira/browse/AMBARI-15242
Repository: ambari
Description
-------
TrustStore type, path and password properties were removed from ambari.properties file if custom TrustStore is not provided during setup-ldap.
Now I added a confirmation whether the user wants to reconfigure the already set TrustStore. If custom TrustStore is provided then no question is asked.
Diffs
-----
ambari-server/src/main/python/ambari_server/setupSecurity.py 36f6fa9
Diff: https://reviews.apache.org/r/44203/diff/
Testing
-------
I did manual testing to confirm that properties are not removed if user says no for reconfiguration.
**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=password**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**
[root@c6401 /]# ambari-server setup-ldap
Using python /usr/bin/python
Setting up LDAP properties...
Primary URL {host:port} (172.22.70.141:636):
Secondary URL {host:port} :
Use SSL [true/false] (true):
User object class (user):
User name attribute (sAMAccountName):
Group object class (group):
Group name attribute (cn):
Group member attribute (member):
Distinguished name attribute (distinguishedName):
Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com):
Referral method [follow/ignore] (ignore):
Bind anonymously [true/false] (false):
Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com):
Enter Manager Password :
Re-enter password:
**Do you want to provide custom TrustStore for Ambari [y/n] (y)?n**
**The TrustStore is already configured. Do you want to re-configure the TrustStore [y/n] (y)? n**
====================
Review Settings
====================
authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
authentication.ldap.managerPassword: ****
Save settings [y/n] (y)?
Saving...done
Ambari Server 'setup-ldap' completed successfully.
**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=password**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**
[root@c6401 /]# ambari-server setup-ldap
Using python /usr/bin/python
Setting up LDAP properties...
Primary URL {host:port} (172.22.70.141:636):
Secondary URL {host:port} :
Use SSL [true/false] (true):
User object class (user):
User name attribute (sAMAccountName):
Group object class (group):
Group name attribute (cn):
Group member attribute (member):
Distinguished name attribute (distinguishedName):
Base DN (CN=Users,DC=hwqe,DC=hortonworks,DC=com):
Referral method [follow/ignore] (ignore):
Bind anonymously [true/false] (false):
Manager DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com):
Enter Manager Password :
Password cannot be blank.
Enter Manager Password :
Re-enter password:
**Do you want to provide custom TrustStore for Ambari [y/n] (y)?y**
TrustStore type [jks/jceks/pkcs12] (jks):
Path to TrustStore file (/tmp):
Password for TrustStore:
Re-enter password:
====================
Review Settings
====================
authentication.ldap.managerDn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
authentication.ldap.managerPassword: ****
ssl.trustStore.type: jks
ssl.trustStore.path: /tmp
ssl.trustStore.password: ****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.
**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=p**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**
[root@c6401 /]# ambari-server restart
Using python /usr/bin/python
Restarting ambari-server
Using python /usr/bin/python
Stopping ambari-server
Ambari Server stopped
Using python /usr/bin/python
Starting ambari-server
Ambari Server running with administrator privileges.
Organizing resource files at //var/lib/ambari-server/resources...
Server PID at: /var/run/ambari-server/ambari-server.pid
Server out at: /var/log/ambari-server/ambari-server.out
Server log at: /var/log/ambari-server/ambari-server.log
Waiting for server start....................
Ambari Server 'start' completed successfully.
**[root@c6401 /]# cat /etc/ambari-server/conf/ambari.properties | grep trustStore**
**ssl.trustStore.password=p**
**ssl.trustStore.path=/tmp**
**ssl.trustStore.type=jks**
Thanks,
Daniel Gergely