[jira] [Updated] (AMBARI-14627) Ability to automate setup-security and setup-ldap/sync-ldap

Fri, 01 Apr 2016 16:19:00 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-14627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Olivér Szabó updated AMBARI-14627:
----------------------------------
    Status: Open  (was: Patch Available)

> Ability to automate setup-security and setup-ldap/sync-ldap
> -----------------------------------------------------------
>
>                 Key: AMBARI-14627
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14627
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.1
>            Reporter: Krisztian Horvath
>            Assignee: Olivér Szabó
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-14627_v5.patch
>
>
> Currently the ambari-server setup-security command does not have any options 
> thus it's interactive. This makes it really hard to automate this process. 
> For kerberos 1 option should be enough for setting the master key.
> Same for setup-ldap and sync-ldap
> Example usage: 
> {code:java}
> 1.) LDAP setup: 
>   ambari-server setup-ldap \
>   --ldap-url="ldap.apache.org389" \
>   --ldap-secondary-url="" \
>   --ldap-ssl="false" \
>   --ldap-user-class="person" \
>   --ldap-user-attr="sAMAccountName" \
>   --ldap-group-class="group" \
>   --ldap-group-attr="cn" \
>   --ldap-member-attr="member" \
>   --ldap-dn="distunguishedName" \
>   --ldap-base-dn="dc=ambari01,dc=local" \
>   --ldap-referral="" \
>   --ldap-bind-anonym=false \
>   --ldap-manager-dn="cn=hdfs,ou=ambari,dc=ambari01,dc=local" \
>   --ldap-manager-password="myldappassword" \
>   --ldap-save-settings \
>   --truststore-type="jks" \
>   --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
>   --truststore-password="mypass"
> 2.) Ldap sync:
>     ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
> --ldap-sync-admin-password=admin
> 3.) Setup Https:
>   ambari-server setup-security \ 
>     --security-option=setup-https \
>     --api-ssl=true --client-api-ssl-port=8443 \ 
>     --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
>     --import-key-path=/var/lib/ambari-server/keys/my.key \
>     --pem-password=password
> 4.) Encrypt passwords:
>   ambari-server setup-security --security-option=encrypt-password 
> --master-key=masterkey --master-key-persist=true
> 5.) Setup Kerberos JAAS:
>   ambari-server setup-security --security-option=setup-kerberos-jaas 
> --jaas-principal="amb...@example.com" 
> --jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 6.) Setup TrustStore:
>     ambari-server setup-security \
>       --security-option=setup-truststore \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \
>       --truststore-reconfigure
> 7.) Import certificate to TrustStore:
>     ambari-server setup-security \ 
>       --security-option=import-certificate \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \ 
>       --import-cert-path=/var/lib/ambari-server/my.crt \ 
>       --import-cert-alias=myalias \ 
>       --truststore-reconfigure
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to