Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

Daniel Gergely Mon, 21 Mar 2016 06:29:41 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43832/#review124541
-----------------------------------------------------------





ambari-server/src/main/python/ambari_server/userInput.py (lines 99 - 102)
<https://reviews.apache.org/r/43832/#comment187155>

    As I see when validator fails for a parameter that value is set from an 
argument, it is asked interactively again.
    Is this intentional? When using command line parameters I would expect 
non-interactive behaviour. (e.g. the command is assembled and run by a script)
    What do you think of terminating execution with an exit code when 
validation fails for a value that is set as an argument.



ambari-server/src/main/python/ambari_server/userInput.py (lines 111 - 114)
<https://reviews.apache.org/r/43832/#comment187156>

    See my comment above


- Daniel Gergely


On márc. 16, 2016, 5:14 du, Oliver Szabo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43832/
> -----------------------------------------------------------
> 
> (Updated márc. 16, 2016, 5:14 du)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Robert 
> Levas, Sumit Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-14627
>     https://issues.apache.org/jira/browse/AMBARI-14627
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Added ability to automate setup-security/setup-ldap and sync-ldap. Ambari 
> uses '--' flags in order to replace user inputs. (if one of the flag is 
> missing, ambari will ask for user input)
> Example usage: 
> 
> 1.) LDAP setup: 
>   ambari-server setup-ldap \
>   --ldap-url="ldap.hortonworks.com:389" \
>   --ldap-secondary-url="" \
>   --ldap-ssl="false" \
>   --ldap-user-class="person" \
>   --ldap-user-attr="sAMAccountName" \
>   --ldap-group-class="group" \
>   --ldap-group-attr="cn" \
>   --ldap-member-attr="member" \
>   --ldap-dn="distunguishedName" \
>   --ldap-base-dn="dc=hdp01,dc=local" \
>   --ldap-referral="" \
>   --ldap-bind-anonym=false \
>   --ldap-manager-dn="cn=hdfs,ou=hdp,dc=hdp01,dc=local" \
>   --ldap-manager-password="myldappassword" \
>   --ldap-save-settings \
>   --truststore-type="jks" \
>   --truststore-path="/var/lib/ambari-server/keys/jkskeystore.jks" \
>   --truststore-password="mypass"
> 
> 2.) Ldap sync:
>     ambari-server sync-ldap --groups=groups.txt --ldap-sync-admin-name=admin 
> --ldap-sync-admin-password=admin
> 
> 3.) Setup Https:
>   ambari-server setup-security \ 
>     --security-option=setup-https \
>     --security-keys_dir=/var/lib/ambari-server/keys \
>     --api-ssl=true --client-api-ssl-port=8443 \ 
>     --import-cert-path=/var/lib/ambari-server/keys/my.crt \ 
>     --import-key-path=/var/lib/ambari-server/keys/my.key \
>     --pem-password=password
> 4.) Encrypt passwords:
>   ambari-server setup-security --security-option=encrypt-password 
> --master-key=masterkey --master-key-persist=true
> 
> 5.) Setup Kerberos JAAS:
>   ambari-server setup-security --security-option=setup-kerberos-jaas 
> --jaas-principal="amb...@example.com" 
> --jaas-keytab="/etc/security/keytabs/ambari.keytab"
> 
> 6.) Setup TrustStore:
>     ambari-server setup-security \
>       --security-option=setup-truststore \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \
>       --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2 
> 7.) Import certificate to TrustStore:
>     ambari-server setup-security \ 
>       --security-option=import-certificate \ 
>       --truststore-path=/var/lib/ambari-server/keys/keystore.p12 \ 
>       --truststore-type=pkcs12 \ 
>       --truststore-password=password \ 
>       --import-cert-path=/var/lib/ambari-server/oleewere.crt \ 
>       --import-cert-alias=myalias \ 
>       --truststore-reconfigure // not needed if not configured - also, this 
> option is not available on branch-2.2
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/python/ambari-server.py bc86d32 
>   ambari-server/src/main/python/ambari_server/dbConfiguration.py 5519a3d 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py 
> 59c5d85 
>   ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py 
> 96cd823 
>   ambari-server/src/main/python/ambari_server/serverConfiguration.py 0f58c0e 
>   ambari-server/src/main/python/ambari_server/serverSetup.py 7f6a7e3 
>   ambari-server/src/main/python/ambari_server/setupHttps.py 5e293fb 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py b0ea491 
>   ambari-server/src/main/python/ambari_server/userInput.py 247ebec 
>   ambari-server/src/test/python/TestAmbariServer.py 305ad1a 
> 
> Diff: https://reviews.apache.org/r/43832/diff/
> 
> 
> Testing
> -------
> 
> Total run:902
> Total errors:0
> Total failures:0
> OK
> 
> 
> FT: manually tested on branch-2.2, on trunk its in progress
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 43832: AMBARI-14627: Ability to automate setup-security and setup-ldap/sync-ldap

Reply via email to