You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Oliver Szabo <os...@hortonworks.com> on 2016/03/16 18:14:56 UTC
Re: Review Request 43832: AMBARI-14627: Ability to automate
setup-security and setup-ldap/sync-ldap
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/
-----------------------------------------------------------
(Updated March 16, 2016, 5:14 p.m.)
Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit Mohanty, and Sebastian Toader.
Changes
-------
refactor using flags for automation
Bugs: AMBARI-14627
https://issues.apache.org/jira/browse/AMBARI-14627
Repository: ambari
Description (updated)
-------
Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags in order to replace user inputs. (if one of the flag is missing, ambari will ask for user input)
Example usage:
1.) LDAP setup:
ambari-server setup-ldap \
--ldap-url="ldap.hortonworks.com:389" \
--ldap-secondary-url="" \
--ldap-ssl="false" \
--ldap-user-class="person" \
--ldap-user-attr="sAMAccountName" \
--ldap-group-class="group" \
--ldap-group-attr="cn" \
--ldap-member-attr="member" \
--ldap-dn="distunguishedName" \
--ldap-base-dn="dc=hdp01,dc=local" \
--ldap-referral="" \
--ldap-bind-anonym=false \
--ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
--ldap-manager-password="myldappassword" \
--ldap-save-settings \
--truststore-type="jks" \
--truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
--truststore-password="mypass"
2.) Ldap sync:
ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
3.) Setup Https:
ambari-server setup-security \
--security-option=setup-https \
--security-keys_dir=/var/lib/ambari-server/keys \
--api-ssl=true --client-api-ssl-port=8443 \
--import-cert-path=/var/lib/ambari-server/keys/my.crt \
--import-key-path=/var/lib/ambari-server/keys/my.key \
--pem-password=password
4.) Encrypt passwords:
ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true
5.) Setup Kerberos JAAS:
ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
6.) Setup TrustStore:
ambari-server setup-security \
--security-option=setup-truststore \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
7.) Import certificate to TrustStore:
ambari-server setup-security \
--security-option=import-certificate \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--import-cert-path=/var/lib/ambari-server/oleewere.crt \
--import-cert-alias=myalias \
--truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
Diffs (updated)
-----
ambari-server/src/main/python/ambari-server.py bc86d32
ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85
ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823
ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e
ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3
ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb
ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491
ambari-server/src/main/python/ambari_server/userInput.py 247ebec
ambari-server/src/test/python/TestAmbariServer.py 305ad1a
Diff: https://reviews.apache.org/r/43832/diff/
Testing
-------
Total run:902
Total errors:0
Total failures:0
OK
FT: manually tested on branch-2.2, on trunk its in progress
Thanks,
Oliver Szabo
Re: Review Request 43832: AMBARI-14627: Ability to automate
setup-security and setup-ldap/sync-ldap
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review124742
-----------------------------------------------------------
Ship it!
Fix what Daniel raised and ship it.
- Sebastian Toader
On March 16, 2016, 6:14 p.m., Oliver Szabo wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> -----------------------------------------------------------
>
> (Updated March 16, 2016, 6:14 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-14627
> https://issues.apache.org/jira/browse/AMBARI-14627
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags in order to replace user inputs. (if one of the flag is missing, ambari will ask for user input)
> Example usage:
>
> 1.) LDAP setup:
> ambari-server setup-ldap \
> --ldap-url="ldap.hortonworks.com:389" \
> --ldap-secondary-url="" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="sAMAccountName" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distunguishedName" \
> --ldap-base-dn="dc=hdp01,dc=local" \
> --ldap-referral="" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
> --ldap-manager-password="myldappassword" \
> --ldap-save-settings \
> --truststore-type="jks" \
> --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
> --truststore-password="mypass"
>
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
>
> 3.) Setup Https:
> ambari-server setup-security \
> --security-option=setup-https \
> --security-keys_dir=/var/lib/ambari-server/keys \
> --api-ssl=true --client-api-ssl-port=8443 \
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
> ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true
>
> 5.) Setup Kerberos JAAS:
> ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
>
> 6.) Setup TrustStore:
> ambari-server setup-security \
> --security-option=setup-truststore \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \
> --security-option=import-certificate \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --import-cert-path=/var/lib/ambari-server/oleewere.crt \
> --import-cert-alias=myalias \
> --truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
>
>
> Diffs
> -----
>
> ambari-server/src/main/python/ambari-server.py bc86d32
> ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
> ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85
> ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823
> ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e
> ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3
> ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb
> ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491
> ambari-server/src/main/python/ambari_server/userInput.py 247ebec
> ambari-server/src/test/python/TestAmbariServer.py 305ad1a
>
> Diff: https://reviews.apache.org/r/43832/diff/
>
>
> Testing
> -------
>
> Total run:902
> Total errors:0
> Total failures:0
> OK
>
>
> FT: manually tested on branch-2.2, on trunk its in progress
>
>
> Thanks,
>
> Oliver Szabo
>
>
Re: Review Request 43832: AMBARI-14627: Ability to automate
setup-security and setup-ldap/sync-ldap
Posted by Daniel Gergely <dg...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review124541
-----------------------------------------------------------
ambari-server/src/main/python/ambari_server/userInput.py (lines 99 - 102)
<https://reviews.apache.org/r/43832/#comment187155>
As I see when validator fails for a parameter that value is set from an argument, it is asked interactively again.
Is this intentional? When using command line parameters I would expect non-interactive behaviour. (e.g. the command is assembled and run by a script)
What do you think of terminating execution with an exit code when validation fails for a value that is set as an argument.
ambari-server/src/main/python/ambari_server/userInput.py (lines 111 - 114)
<https://reviews.apache.org/r/43832/#comment187156>
See my comment above
- Daniel Gergely
On márc. 16, 2016, 5:14 du, Oliver Szabo wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> -----------------------------------------------------------
>
> (Updated márc. 16, 2016, 5:14 du)
>
>
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-14627
> https://issues.apache.org/jira/browse/AMBARI-14627
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags in order to replace user inputs. (if one of the flag is missing, ambari will ask for user input)
> Example usage:
>
> 1.) LDAP setup:
> ambari-server setup-ldap \
> --ldap-url="ldap.hortonworks.com:389" \
> --ldap-secondary-url="" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="sAMAccountName" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distunguishedName" \
> --ldap-base-dn="dc=hdp01,dc=local" \
> --ldap-referral="" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
> --ldap-manager-password="myldappassword" \
> --ldap-save-settings \
> --truststore-type="jks" \
> --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
> --truststore-password="mypass"
>
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
>
> 3.) Setup Https:
> ambari-server setup-security \
> --security-option=setup-https \
> --security-keys_dir=/var/lib/ambari-server/keys \
> --api-ssl=true --client-api-ssl-port=8443 \
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
> ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true
>
> 5.) Setup Kerberos JAAS:
> ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
>
> 6.) Setup TrustStore:
> ambari-server setup-security \
> --security-option=setup-truststore \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \
> --security-option=import-certificate \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --import-cert-path=/var/lib/ambari-server/oleewere.crt \
> --import-cert-alias=myalias \
> --truststore-reconfigure // not needed if not configured - also, this option is not available on branch-2.2
>
>
> Diffs
> -----
>
> ambari-server/src/main/python/ambari-server.py bc86d32
> ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
> ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85
> ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823
> ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e
> ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3
> ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb
> ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491
> ambari-server/src/main/python/ambari_server/userInput.py 247ebec
> ambari-server/src/test/python/TestAmbariServer.py 305ad1a
>
> Diff: https://reviews.apache.org/r/43832/diff/
>
>
> Testing
> -------
>
> Total run:902
> Total errors:0
> Total failures:0
> OK
>
>
> FT: manually tested on branch-2.2, on trunk its in progress
>
>
> Thanks,
>
> Oliver Szabo
>
>
Re: Review Request 43832: AMBARI-14627: Ability to automate
setup-security and setup-ldap/sync-ldap
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review126805
-----------------------------------------------------------
Ship it!
Ship It!
- Sebastian Toader
On April 1, 2016, 4:36 p.m., Oliver Szabo wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> -----------------------------------------------------------
>
> (Updated April 1, 2016, 4:36 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-14627
> https://issues.apache.org/jira/browse/AMBARI-14627
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags in order to replace user inputs. (if one of the flag is missing, ambari will ask for user input)
> Example usage:
>
> 1.) LDAP setup:
> ambari-server setup-ldap \
> --ldap-url="ldap.hortonworks.com:389" \
> --ldap-secondary-url="" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="sAMAccountName" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distunguishedName" \
> --ldap-base-dn="dc=hdp01,dc=local" \
> --ldap-referral="" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
> --ldap-manager-password="myldappassword" \
> --ldap-save-settings \
> --truststore-type="jks" \
> --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
> --truststore-password="mypass"
>
> 2.) Ldap sync:
> ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
>
> 3.) Setup Https:
> ambari-server setup-security \
> --security-option=setup-https \
> --api-ssl=true --client-api-ssl-port=8443 \
> --import-cert-path=/var/lib/ambari-server/keys/my.crt \
> --import-key-path=/var/lib/ambari-server/keys/my.key \
> --pem-password=password
> 4.) Encrypt passwords:
> ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true
>
> 5.) Setup Kerberos JAAS:
> ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
>
> 6.) Setup TrustStore:
> ambari-server setup-security \
> --security-option=setup-truststore \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --truststore-reconfigure
> 7.) Import certificate to TrustStore:
> ambari-server setup-security \
> --security-option=import-certificate \
> --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
> --truststore-type=pkcs12 \
> --truststore-password=password \
> --import-cert-path=/var/lib/ambari-server/oleewere.crt \
> --import-cert-alias=myalias \
> --truststore-reconfigure
>
>
> Diffs
> -----
>
> ambari-server/src/main/python/ambari-server.py e0ce37e
> ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
> ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85
> ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823
> ambari-server/src/main/python/ambari_server/serverConfiguration.py a259a1f
> ambari-server/src/main/python/ambari_server/serverSetup.py cbb96d9
> ambari-server/src/main/python/ambari_server/setupHttps.py ce676d2
> ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491
> ambari-server/src/main/python/ambari_server/userInput.py 247ebec
> ambari-server/src/test/python/TestAmbariServer.py 1356dac
>
> Diff: https://reviews.apache.org/r/43832/diff/
>
>
> Testing
> -------
>
> Total run:902
> Total errors:0
> Total failures:0
> OK
>
>
> FT: manually tested on branch-2.2, on trunk its in progress
>
>
> Thanks,
>
> Oliver Szabo
>
>
Re: Review Request 43832: AMBARI-14627: Ability to automate
setup-security and setup-ldap/sync-ldap
Posted by Oliver Szabo <os...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/
-----------------------------------------------------------
(Updated April 1, 2016, 2:36 p.m.)
Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert Levas, Sumit Mohanty, and Sebastian Toader.
Changes
-------
- exit in case of validation error during interactive mode
Bugs: AMBARI-14627
https://issues.apache.org/jira/browse/AMBARI-14627
Repository: ambari
Description (updated)
-------
Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari uses '--' flags in order to replace user inputs. (if one of the flag is missing, ambari will ask for user input)
Example usage:
1.) LDAP setup:
ambari-server setup-ldap \
--ldap-url="ldap.hortonworks.com:389" \
--ldap-secondary-url="" \
--ldap-ssl="false" \
--ldap-user-class="person" \
--ldap-user-attr="sAMAccountName" \
--ldap-group-class="group" \
--ldap-group-attr="cn" \
--ldap-member-attr="member" \
--ldap-dn="distunguishedName" \
--ldap-base-dn="dc=hdp01,dc=local" \
--ldap-referral="" \
--ldap-bind-anonym=false \
--ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
--ldap-manager-password="myldappassword" \
--ldap-save-settings \
--truststore-type="jks" \
--truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
--truststore-password="mypass"
2.) Ldap sync:
ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin
3.) Setup Https:
ambari-server setup-security \
--security-option=setup-https \
--api-ssl=true --client-api-ssl-port=8443 \
--import-cert-path=/var/lib/ambari-server/keys/my.crt \
--import-key-path=/var/lib/ambari-server/keys/my.key \
--pem-password=password
4.) Encrypt passwords:
ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true
5.) Setup Kerberos JAAS:
ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="ambari@EXAMPLE.COM" --jaas-keytab="/etc/security/keytabs/ambari.keytab"
6.) Setup TrustStore:
ambari-server setup-security \
--security-option=setup-truststore \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--truststore-reconfigure
7.) Import certificate to TrustStore:
ambari-server setup-security \
--security-option=import-certificate \
--truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
--truststore-type=pkcs12 \
--truststore-password=password \
--import-cert-path=/var/lib/ambari-server/oleewere.crt \
--import-cert-alias=myalias \
--truststore-reconfigure
Diffs (updated)
-----
ambari-server/src/main/python/ambari-server.py e0ce37e
ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d
ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 59c5d85
ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 96cd823
ambari-server/src/main/python/ambari_server/serverConfiguration.py a259a1f
ambari-server/src/main/python/ambari_server/serverSetup.py cbb96d9
ambari-server/src/main/python/ambari_server/setupHttps.py ce676d2
ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491
ambari-server/src/main/python/ambari_server/userInput.py 247ebec
ambari-server/src/test/python/TestAmbariServer.py 1356dac
Diff: https://reviews.apache.org/r/43832/diff/
Testing
-------
Total run:902
Total errors:0
Total failures:0
OK
FT: manually tested on branch-2.2, on trunk its in progress
Thanks,
Oliver Szabo