[ https://issues.apache.org/jira/browse/AMBARI-14627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivér Szabó updated AMBARI-14627: ---------------------------------- Description: Currently the ambari-server setup-security command does not have any options thus it's interactive. This makes it really hard to automate this process. For kerberos 1 option should be enough for setting the master key. Same for setup-ldap and sync-ldap {code:java} 1.) LDAP setup: ambari-server setup-ldap \ --ldap-url="ldap.hortonworks.com:389" \ --ldap-secondary-url="" \ --ldap-ssl="false" \ --ldap-user-class="person" \ --ldap-user-attr="sAMAccountName" \ --ldap-group-class="group" \ --ldap-group-attr="cn" \ --ldap-member-attr="member" \ --ldap-dn="distunguishedName" \ --ldap-base-dn="dc=hdp01,dc=local" \ --ldap-referral="" \ --ldap-bind-anonym=false \ --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \ --ldap-manager-password="myldappassword" \ --ldap-save-settings \ --truststore-type="jks" \ --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \ --truststore-password="mypass" 2.) Ldap sync: ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin --ldap-sync-admin-password=admin 3.) Setup Https: ambari-server setup-security \ --security-option=setup-https \ --api-ssl=true --client-api-ssl-port=8443 \ --import-cert-path=/var/lib/ambari-server/keys/my.crt \ --import-key-path=/var/lib/ambari-server/keys/my.key \ --pem-password=password 4.) Encrypt passwords: ambari-server setup-security --security-option=encrypt-password --master-key=masterkey --master-key-persist=true 5.) Setup Kerberos JAAS: ambari-server setup-security --security-option=setup-kerberos-jaas --jaas-principal="amb...@example.com" --jaas-keytab="/etc/security/keytabs/ambari.keytab" 6.) Setup TrustStore: ambari-server setup-security \ --security-option=setup-truststore \ --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ --truststore-type=pkcs12 \ --truststore-password=password \ --truststore-reconfigure 7.) Import certificate to TrustStore: ambari-server setup-security \ --security-option=import-certificate \ --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ --truststore-type=pkcs12 \ --truststore-password=password \ --import-cert-path=/var/lib/ambari-server/my.crt \ --import-cert-alias=myalias \ --truststore-reconfigure {code} was: Currently the ambari-server setup-security command does not have any options thus it's interactive. This makes it really hard to automate this process. For kerberos 1 option should be enough for setting the master key. Same for setup-ldap and sync-ldap > Ability to automate setup-security and setup-ldap/sync-ldap > ----------------------------------------------------------- > > Key: AMBARI-14627 > URL: https://issues.apache.org/jira/browse/AMBARI-14627 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.2.1 > Reporter: Krisztian Horvath > Assignee: Olivér Szabó > Fix For: 2.4.0 > > Attachments: AMBARI-14627_v5.patch > > > Currently the ambari-server setup-security command does not have any options > thus it's interactive. This makes it really hard to automate this process. > For kerberos 1 option should be enough for setting the master key. > Same for setup-ldap and sync-ldap > {code:java} > 1.) LDAP setup: > ambari-server setup-ldap \ > --ldap-url="ldap.hortonworks.com:389" \ > --ldap-secondary-url="" \ > --ldap-ssl="false" \ > --ldap-user-class="person" \ > --ldap-user-attr="sAMAccountName" \ > --ldap-group-class="group" \ > --ldap-group-attr="cn" \ > --ldap-member-attr="member" \ > --ldap-dn="distunguishedName" \ > --ldap-base-dn="dc=hdp01,dc=local" \ > --ldap-referral="" \ > --ldap-bind-anonym=false \ > --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \ > --ldap-manager-password="myldappassword" \ > --ldap-save-settings \ > --truststore-type="jks" \ > --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \ > --truststore-password="mypass" > 2.) Ldap sync: > ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin > --ldap-sync-admin-password=admin > 3.) Setup Https: > ambari-server setup-security \ > --security-option=setup-https \ > --api-ssl=true --client-api-ssl-port=8443 \ > --import-cert-path=/var/lib/ambari-server/keys/my.crt \ > --import-key-path=/var/lib/ambari-server/keys/my.key \ > --pem-password=password > 4.) Encrypt passwords: > ambari-server setup-security --security-option=encrypt-password > --master-key=masterkey --master-key-persist=true > 5.) Setup Kerberos JAAS: > ambari-server setup-security --security-option=setup-kerberos-jaas > --jaas-principal="amb...@example.com" > --jaas-keytab="/etc/security/keytabs/ambari.keytab" > 6.) Setup TrustStore: > ambari-server setup-security \ > --security-option=setup-truststore \ > --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ > --truststore-type=pkcs12 \ > --truststore-password=password \ > --truststore-reconfigure > 7.) Import certificate to TrustStore: > ambari-server setup-security \ > --security-option=import-certificate \ > --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ > --truststore-type=pkcs12 \ > --truststore-password=password \ > --import-cert-path=/var/lib/ambari-server/my.crt \ > --import-cert-alias=myalias \ > --truststore-reconfigure > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)