You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2018/06/29 17:41:00 UTC
[jira] [Updated] (AMBARI-24225) Ambari Server Secure LDAP (LDAPS)
setup fails with internal error
[ https://issues.apache.org/jira/browse/AMBARI-24225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Onischuk updated AMBARI-24225:
-------------------------------------
Status: Patch Available (was: Open)
> Ambari Server Secure LDAP (LDAPS) setup fails with internal error
> -----------------------------------------------------------------
>
> Key: AMBARI-24225
> URL: https://issues.apache.org/jira/browse/AMBARI-24225
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Priority: Major
> Fix For: 2.7.0
>
> Attachments: AMBARI-24225.patch
>
>
> perform ambari-server setup-ldap
> At use SSL* prompt choose true to setup secure ldap
> Send value on rest of the prompts as seen below. trusttore is already created
> before this setup.
> At the end this fails with a 500 internal server error.
>
>
> [root@ctr-e138-1518143905142-384562-01-000008 init.d]# ambari-server setup-ldap
> Using python /usr/bin/python
> Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site
> Primary URL Port* : 636
> Secondary URL Host :
> Secondary URL Port :
> Use SSL* [true/false] (false): true
> User object class* (person):
> User name attribute* (uid):
> Group object class* (ou=groups,dc=ambari,dc=apache,dc=org):
> Group name attribute* (cn):
> Group member attribute* (memberUid):
> Distinguished name attribute* (dn):
> Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] :
> Bind anonymously* [true/false] (false):
> Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):
> Force lower-case user names [true/false] :true
> Results from LDAP are paginated when requested [true/false] :true
> Manager DN* : uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Manager Password* :
> Re-enter password:
> Do you want to provide custom TrustStore for Ambari [y/n] (n)?y
> TrustStore type [jks/jceks/pkcs12] (jks):jks
> Path to TrustStore file :/root/keystore.jks
> Password for TrustStore:
> Re-enter password:
> ====================
> Review Settings
> ====================
> Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site
> Primary URL Port* : 636
> Use SSL* [true/false] (false): true
> User object class* (person): person
> User name attribute* (uid): uid
> Group object class* (ou=groups,dc=ambari,dc=apache,dc=org): ou=groups,dc=ambari,dc=apache,dc=org
> Group name attribute* (cn): cn
> Group member attribute* (memberUid): memberUid
> Distinguished name attribute* (dn): dn
> Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Bind anonymously* [true/false] (false): false
> Handling behavior for username collisions [convert/skip] for LDAP sync* (convert): convert
> Force lower-case user names [true/false] : true
> Results from LDAP are paginated when requested [true/false] : true
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *****
> ssl.trustStore.type: jks
> ssl.trustStore.path: /root/keystore.jks
> ssl.trustStore.password: *****
> Save settings [y/n] (y)? y
> Saving LDAP properties...
> Enter Ambari Admin login: admin
> Enter Ambari Admin password:
> ERROR: Unexpected HTTPError: HTTP Error 500: Internal Server Error
> For more info run ambari-server with -v or --verbose option
>
> Found following in ambari-audit logs
>
>
> [root@ctr-e138-1518143905142-384562-01-000008 ambari-server]# tail -1000f ambari-audit.log
> 2018-06-29T02:34:58.425Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles(
> ), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER)
> 2018-06-29T02:34:58.482Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles(
> Ambari: Ambari Administrator
> ), Status(Success)
> 2018-06-29T02:34:58.638Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(200 OK)
> 2018-06-29T06:01:46.430Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles(
> ), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER)
> 2018-06-29T06:01:46.510Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles(
> Ambari: Ambari Administrator
> ), Status(Success)
> 2018-06-29T06:01:46.642Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(500 Internal Server Error), Reason(org.apache.ambari.server.controller.spi.SystemException: Invalid Ambari server configuration key: ldap-configuration:ssl.trustStore.path)
> ^C
> [root@ctr-e138-1518143905142-384562-01-000008 ambari-server]#
>
> Could you please help take a look to identofy the issue
> Cluster where this is reproduced :
>
>
> 172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site
> 172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site ctr-e138-1518143905142-384562-01-000008
> 172.27.76.128 ctr-e138-1518143905142-384562-01-000004.hwx.site ctr-e138-1518143905142-384562-01-000004
> 172.27.57.11 ctr-e138-1518143905142-384562-01-000003.hwx.site ctr-e138-1518143905142-384562-01-000003
> 172.27.79.80 ctr-e138-1518143905142-384562-01-000005.hwx.site ctr-e138-1518143905142-384562-01-000005
> 172.27.57.3 ctr-e138-1518143905142-384562-01-000009.hwx.site ctr-e138-1518143905142-384562-01-000009
> 172.27.79.82 ctr-e138-1518143905142-384562-01-000010.hwx.site ctr-e138-1518143905142-384562-01-000010
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)