[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jayush Luniya updated AMBARI-24646: --- Fix Version/s: (was: 2.7.2) 2.7.3 > 'ambari-server setup-ldap' fails with AttributeError when master_key is not > persisted > - > > Key: AMBARI-24646 > URL: https://issues.apache.org/jira/browse/AMBARI-24646 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.7.0 >Reporter: Dmitry Lysnichenko >Assignee: Dmitry Lysnichenko >Priority: Blocker > Labels: pull-request-available > Fix For: 2.7.3 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > *STR* > Installed ambari-server and configured password encryption, but chose not to > persist master key > {code} > [root@ctr ~]# ambari-server setup-security > Using python /usr/bin/python > Security setup options... > === > Choose one of the following options: > [1] Enable HTTPS for Ambari server. > [2] Encrypt passwords stored in ambari.properties file. > [3] Setup Ambari kerberos JAAS configuration. > [4] Setup truststore. > [5] Import certificate to truststore. > === > Enter choice, (1-5): 2 > Password encryption is enabled. > Do you want to reset Master Key? [y/n] (n): y > Master Key not persisted. > Enter current Master Key: > Enter new Master Key: > Re-enter master key: > Do you want to persist master key. If you choose not to persist, you need to > provide the Master Key while starting the ambari server as an env variable > named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. > Persist [y/n] (y)? n > Adjusting ambari-server permissions and ownership... > Ambari Server 'setup-security' completed successfully. > {code} > Then export environment variable > export AMBARI_SECURITY_MASTER_KEY=hadoop > Thereafter ran the following: > *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, > instead of asking for master key > {code} > [root@ctr ~]# ambari-server setup-ldap -v > Using python /usr/bin/python > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: about to run command: ps -p 5596 > INFO: > process_pid=12677 > Please select the type of LDAP you want to use (AD, IPA, Generic > LDAP):Generic LDAP > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): > Secondary LDAP Host : > Secondary LDAP Port : > Use SSL [true/false] (false): > User object class (posixUser): > User ID attribute (uid): > Group object class (posixGroup): > Group name attribute (cn): > Group member attribute (memberUid): > Distinguished name attribute (dn): > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): > Bind anonymously [true/false] (false): > Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): > uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > Enter Bind DN Password: > Confirm Bind DN Password: > Handling behavior for username collisions [convert/skip] for LDAP sync (skip): > Force lower-case user names [true/false]: > Results from LDAP are paginated when requested [true/false]: > > Review Settings > > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): 389 > Use SSL [true/false] (false): false > User object class (posixUser): posixUser > User ID attribute (uid): uid > Group object class (posixGroup): posixGroup > Group name attribute (cn): cn > Group member attribute (memberUid): memberUid > Distinguished name attribute (dn): dn > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): follow > Bind anonymously [true/false] (false): false > Handling behavior for username collisions [convert/skip] for LDAP sync > (skip): skip > ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > ambari.ldap.connectivity.bind_password: * > Save settings [y/n] (y)? y > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > Traceback (most recent call last): > File "/usr/sbin/ambari-server.py", line 1060, in > mainBody() > File "/usr/sbin/ambari-server.py", line 1030, in mainBody > main(options, args, parser) > File "/usr/sbin/ambari-server.py", line 980, in main > action_obj.execute() > File "/usr/sbin/ambari-server.py", line 79, in execute > self.fn(*self.args, **self.kwargs) > File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, > in setup_ldap > encrypte
[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated AMBARI-24646: Labels: pull-request-available (was: ) > 'ambari-server setup-ldap' fails with AttributeError when master_key is not > persisted > - > > Key: AMBARI-24646 > URL: https://issues.apache.org/jira/browse/AMBARI-24646 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.7.0 >Reporter: Dmitry Lysnichenko >Assignee: Dmitry Lysnichenko >Priority: Blocker > Labels: pull-request-available > Fix For: 2.7.2 > > > *STR* > Installed ambari-server and configured password encryption, but chose not to > persist master key > {code} > [root@ctr ~]# ambari-server setup-security > Using python /usr/bin/python > Security setup options... > === > Choose one of the following options: > [1] Enable HTTPS for Ambari server. > [2] Encrypt passwords stored in ambari.properties file. > [3] Setup Ambari kerberos JAAS configuration. > [4] Setup truststore. > [5] Import certificate to truststore. > === > Enter choice, (1-5): 2 > Password encryption is enabled. > Do you want to reset Master Key? [y/n] (n): y > Master Key not persisted. > Enter current Master Key: > Enter new Master Key: > Re-enter master key: > Do you want to persist master key. If you choose not to persist, you need to > provide the Master Key while starting the ambari server as an env variable > named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. > Persist [y/n] (y)? n > Adjusting ambari-server permissions and ownership... > Ambari Server 'setup-security' completed successfully. > {code} > Then export environment variable > export AMBARI_SECURITY_MASTER_KEY=hadoop > Thereafter ran the following: > *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, > instead of asking for master key > {code} > [root@ctr ~]# ambari-server setup-ldap -v > Using python /usr/bin/python > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: about to run command: ps -p 5596 > INFO: > process_pid=12677 > Please select the type of LDAP you want to use (AD, IPA, Generic > LDAP):Generic LDAP > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): > Secondary LDAP Host : > Secondary LDAP Port : > Use SSL [true/false] (false): > User object class (posixUser): > User ID attribute (uid): > Group object class (posixGroup): > Group name attribute (cn): > Group member attribute (memberUid): > Distinguished name attribute (dn): > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): > Bind anonymously [true/false] (false): > Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): > uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > Enter Bind DN Password: > Confirm Bind DN Password: > Handling behavior for username collisions [convert/skip] for LDAP sync (skip): > Force lower-case user names [true/false]: > Results from LDAP are paginated when requested [true/false]: > > Review Settings > > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): 389 > Use SSL [true/false] (false): false > User object class (posixUser): posixUser > User ID attribute (uid): uid > Group object class (posixGroup): posixGroup > Group name attribute (cn): cn > Group member attribute (memberUid): memberUid > Distinguished name attribute (dn): dn > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): follow > Bind anonymously [true/false] (false): false > Handling behavior for username collisions [convert/skip] for LDAP sync > (skip): skip > ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > ambari.ldap.connectivity.bind_password: * > Save settings [y/n] (y)? y > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > Traceback (most recent call last): > File "/usr/sbin/ambari-server.py", line 1060, in > mainBody() > File "/usr/sbin/ambari-server.py", line 1030, in mainBody > main(options, args, parser) > File "/usr/sbin/ambari-server.py", line 980, in main > action_obj.execute() > File "/usr/sbin/ambari-server.py", line 79, in execute > self.fn(*self.args, **self.kwargs) > File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, > in setup_ldap > encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, > o
[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dmitry Lysnichenko updated AMBARI-24646: Description: *STR* Installed ambari-server and configured password encryption, but chose not to persist master key {code} [root@ctr ~]# ambari-server setup-security Using python /usr/bin/python Security setup options... === Choose one of the following options: [1] Enable HTTPS for Ambari server. [2] Encrypt passwords stored in ambari.properties file. [3] Setup Ambari kerberos JAAS configuration. [4] Setup truststore. [5] Import certificate to truststore. === Enter choice, (1-5): 2 Password encryption is enabled. Do you want to reset Master Key? [y/n] (n): y Master Key not persisted. Enter current Master Key: Enter new Master Key: Re-enter master key: Do you want to persist master key. If you choose not to persist, you need to provide the Master Key while starting the ambari server as an env variable named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. Persist [y/n] (y)? n Adjusting ambari-server permissions and ownership... Ambari Server 'setup-security' completed successfully. {code} Then export environment variable export AMBARI_SECURITY_MASTER_KEY=hadoop Thereafter ran the following: *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, instead of asking for master key {code} [root@ctr ~]# ambari-server setup-ldap -v Using python /usr/bin/python INFO: Loading properties from /etc/ambari-server/conf/ambari.properties INFO: Loading properties from /etc/ambari-server/conf/ambari.properties INFO: about to run command: ps -p 5596 INFO: process_pid=12677 Please select the type of LDAP you want to use (AD, IPA, Generic LDAP):Generic LDAP Primary LDAP Host (ldap.ambari.apache.org): ctr Primary LDAP Port (389): Secondary LDAP Host : Secondary LDAP Port : Use SSL [true/false] (false): User object class (posixUser): User ID attribute (uid): Group object class (posixGroup): Group name attribute (cn): Group member attribute (memberUid): Distinguished name attribute (dn): Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org Referral method [follow/ignore] (follow): Bind anonymously [true/false] (false): Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): uid=hdfs,ou=people,ou=dev,dc=apache,dc=org Enter Bind DN Password: Confirm Bind DN Password: Handling behavior for username collisions [convert/skip] for LDAP sync (skip): Force lower-case user names [true/false]: Results from LDAP are paginated when requested [true/false]: Review Settings Primary LDAP Host (ldap.ambari.apache.org): ctr Primary LDAP Port (389): 389 Use SSL [true/false] (false): false User object class (posixUser): posixUser User ID attribute (uid): uid Group object class (posixGroup): posixGroup Group name attribute (cn): cn Group member attribute (memberUid): memberUid Distinguished name attribute (dn): dn Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org Referral method [follow/ignore] (follow): follow Bind anonymously [true/false] (false): false Handling behavior for username collisions [convert/skip] for LDAP sync (skip): skip ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org ambari.ldap.connectivity.bind_password: * Save settings [y/n] (y)? y INFO: Loading properties from /etc/ambari-server/conf/ambari.properties Traceback (most recent call last): File "/usr/sbin/ambari-server.py", line 1060, in mainBody() File "/usr/sbin/ambari-server.py", line 1030, in mainBody main(options, args, parser) File "/usr/sbin/ambari-server.py", line 980, in main action_obj.execute() File "/usr/sbin/ambari-server.py", line 79, in execute self.fn(*self.args, **self.kwargs) File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, in setup_ldap encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, options) File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 858, in encrypt_password return get_encrypted_password(alias, password, properties, options) File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 867, in get_encrypted_password masterKey = get_original_master_key(properties, options) File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 1022, in get_original_master_key if options is not None and options.master_key is not None and options.master_key: AttributeError: Values instance has no attribute 'master_key' [root@ctr ~]# {code} *Issue #2* - Kept asking for Master key on the prompt, despite giving correct values {code} [root@ctr ~]# ambari-server setup Using python /usr/bin/python Setup ambari-server Checking SELinux... WAR
[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dmitry Lysnichenko updated AMBARI-24646: Component/s: ambari-server > 'ambari-server setup-ldap' fails with AttributeError when master_key is not > persisted > - > > Key: AMBARI-24646 > URL: https://issues.apache.org/jira/browse/AMBARI-24646 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.7.0 >Reporter: Dmitry Lysnichenko >Assignee: Dmitry Lysnichenko >Priority: Blocker > Fix For: 2.7.2 > > > *STR* > Installed ambari-server and configured password encryption, but chose not to > persist master key > {code} > [root@ctr ~]# ambari-server setup-security > Using python /usr/bin/python > Security setup options... > === > Choose one of the following options: > [1] Enable HTTPS for Ambari server. > [2] Encrypt passwords stored in ambari.properties file. > [3] Setup Ambari kerberos JAAS configuration. > [4] Setup truststore. > [5] Import certificate to truststore. > === > Enter choice, (1-5): 2 > Password encryption is enabled. > Do you want to reset Master Key? [y/n] (n): y > Master Key not persisted. > Enter current Master Key: > Enter new Master Key: > Re-enter master key: > Do you want to persist master key. If you choose not to persist, you need to > provide the Master Key while starting the ambari server as an env variable > named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. > Persist [y/n] (y)? n > Adjusting ambari-server permissions and ownership... > Ambari Server 'setup-security' completed successfully. > {code} > Then export environment variable > export AMBARI_SECURITY_MASTER_KEY=hadoop > Thereafter ran the following: > *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, > instead of asking for master key > {code} > [root@ctr ~]# ambari-server setup-ldap -v > Using python /usr/bin/python > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: about to run command: ps -p 5596 > INFO: > process_pid=12677 > Please select the type of LDAP you want to use (AD, IPA, Generic > LDAP):Generic LDAP > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): > Secondary LDAP Host : > Secondary LDAP Port : > Use SSL [true/false] (false): > User object class (posixUser): > User ID attribute (uid): > Group object class (posixGroup): > Group name attribute (cn): > Group member attribute (memberUid): > Distinguished name attribute (dn): > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): > Bind anonymously [true/false] (false): > Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): > uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > Enter Bind DN Password: > Confirm Bind DN Password: > Handling behavior for username collisions [convert/skip] for LDAP sync (skip): > Force lower-case user names [true/false]: > Results from LDAP are paginated when requested [true/false]: > > Review Settings > > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): 389 > Use SSL [true/false] (false): false > User object class (posixUser): posixUser > User ID attribute (uid): uid > Group object class (posixGroup): posixGroup > Group name attribute (cn): cn > Group member attribute (memberUid): memberUid > Distinguished name attribute (dn): dn > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): follow > Bind anonymously [true/false] (false): false > Handling behavior for username collisions [convert/skip] for LDAP sync > (skip): skip > ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > ambari.ldap.connectivity.bind_password: * > Save settings [y/n] (y)? y > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > Traceback (most recent call last): > File "/usr/sbin/ambari-server.py", line 1060, in > mainBody() > File "/usr/sbin/ambari-server.py", line 1030, in mainBody > main(options, args, parser) > File "/usr/sbin/ambari-server.py", line 980, in main > action_obj.execute() > File "/usr/sbin/ambari-server.py", line 79, in execute > self.fn(*self.args, **self.kwargs) > File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, > in setup_ldap > encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, > options) > File "/usr/lib/ambari-server/lib/ambari_s
[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dmitry Lysnichenko updated AMBARI-24646: Fix Version/s: 2.7.2 > 'ambari-server setup-ldap' fails with AttributeError when master_key is not > persisted > - > > Key: AMBARI-24646 > URL: https://issues.apache.org/jira/browse/AMBARI-24646 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.7.0 >Reporter: Dmitry Lysnichenko >Assignee: Dmitry Lysnichenko >Priority: Blocker > Fix For: 2.7.2 > > > *STR* > Installed ambari-server and configured password encryption, but chose not to > persist master key > {code} > [root@ctr ~]# ambari-server setup-security > Using python /usr/bin/python > Security setup options... > === > Choose one of the following options: > [1] Enable HTTPS for Ambari server. > [2] Encrypt passwords stored in ambari.properties file. > [3] Setup Ambari kerberos JAAS configuration. > [4] Setup truststore. > [5] Import certificate to truststore. > === > Enter choice, (1-5): 2 > Password encryption is enabled. > Do you want to reset Master Key? [y/n] (n): y > Master Key not persisted. > Enter current Master Key: > Enter new Master Key: > Re-enter master key: > Do you want to persist master key. If you choose not to persist, you need to > provide the Master Key while starting the ambari server as an env variable > named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. > Persist [y/n] (y)? n > Adjusting ambari-server permissions and ownership... > Ambari Server 'setup-security' completed successfully. > {code} > Then export environment variable > export AMBARI_SECURITY_MASTER_KEY=hadoop > Thereafter ran the following: > *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, > instead of asking for master key > {code} > [root@ctr ~]# ambari-server setup-ldap -v > Using python /usr/bin/python > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: about to run command: ps -p 5596 > INFO: > process_pid=12677 > Please select the type of LDAP you want to use (AD, IPA, Generic > LDAP):Generic LDAP > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): > Secondary LDAP Host : > Secondary LDAP Port : > Use SSL [true/false] (false): > User object class (posixUser): > User ID attribute (uid): > Group object class (posixGroup): > Group name attribute (cn): > Group member attribute (memberUid): > Distinguished name attribute (dn): > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): > Bind anonymously [true/false] (false): > Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): > uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > Enter Bind DN Password: > Confirm Bind DN Password: > Handling behavior for username collisions [convert/skip] for LDAP sync (skip): > Force lower-case user names [true/false]: > Results from LDAP are paginated when requested [true/false]: > > Review Settings > > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): 389 > Use SSL [true/false] (false): false > User object class (posixUser): posixUser > User ID attribute (uid): uid > Group object class (posixGroup): posixGroup > Group name attribute (cn): cn > Group member attribute (memberUid): memberUid > Distinguished name attribute (dn): dn > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): follow > Bind anonymously [true/false] (false): false > Handling behavior for username collisions [convert/skip] for LDAP sync > (skip): skip > ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > ambari.ldap.connectivity.bind_password: * > Save settings [y/n] (y)? y > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > Traceback (most recent call last): > File "/usr/sbin/ambari-server.py", line 1060, in > mainBody() > File "/usr/sbin/ambari-server.py", line 1030, in mainBody > main(options, args, parser) > File "/usr/sbin/ambari-server.py", line 980, in main > action_obj.execute() > File "/usr/sbin/ambari-server.py", line 79, in execute > self.fn(*self.args, **self.kwargs) > File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, > in setup_ldap > encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, > options) > File "/usr/lib/ambari-server/lib/ambari_server/
[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted
[ https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dmitry Lysnichenko updated AMBARI-24646: Affects Version/s: 2.7.0 > 'ambari-server setup-ldap' fails with AttributeError when master_key is not > persisted > - > > Key: AMBARI-24646 > URL: https://issues.apache.org/jira/browse/AMBARI-24646 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.7.0 >Reporter: Dmitry Lysnichenko >Assignee: Dmitry Lysnichenko >Priority: Blocker > Fix For: 2.7.2 > > > *STR* > Installed ambari-server and configured password encryption, but chose not to > persist master key > {code} > [root@ctr ~]# ambari-server setup-security > Using python /usr/bin/python > Security setup options... > === > Choose one of the following options: > [1] Enable HTTPS for Ambari server. > [2] Encrypt passwords stored in ambari.properties file. > [3] Setup Ambari kerberos JAAS configuration. > [4] Setup truststore. > [5] Import certificate to truststore. > === > Enter choice, (1-5): 2 > Password encryption is enabled. > Do you want to reset Master Key? [y/n] (n): y > Master Key not persisted. > Enter current Master Key: > Enter new Master Key: > Re-enter master key: > Do you want to persist master key. If you choose not to persist, you need to > provide the Master Key while starting the ambari server as an env variable > named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. > Persist [y/n] (y)? n > Adjusting ambari-server permissions and ownership... > Ambari Server 'setup-security' completed successfully. > {code} > Then export environment variable > export AMBARI_SECURITY_MASTER_KEY=hadoop > Thereafter ran the following: > *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, > instead of asking for master key > {code} > [root@ctr ~]# ambari-server setup-ldap -v > Using python /usr/bin/python > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > INFO: about to run command: ps -p 5596 > INFO: > process_pid=12677 > Please select the type of LDAP you want to use (AD, IPA, Generic > LDAP):Generic LDAP > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): > Secondary LDAP Host : > Secondary LDAP Port : > Use SSL [true/false] (false): > User object class (posixUser): > User ID attribute (uid): > Group object class (posixGroup): > Group name attribute (cn): > Group member attribute (memberUid): > Distinguished name attribute (dn): > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): > Bind anonymously [true/false] (false): > Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): > uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > Enter Bind DN Password: > Confirm Bind DN Password: > Handling behavior for username collisions [convert/skip] for LDAP sync (skip): > Force lower-case user names [true/false]: > Results from LDAP are paginated when requested [true/false]: > > Review Settings > > Primary LDAP Host (ldap.ambari.apache.org): ctr > Primary LDAP Port (389): 389 > Use SSL [true/false] (false): false > User object class (posixUser): posixUser > User ID attribute (uid): uid > Group object class (posixGroup): posixGroup > Group name attribute (cn): cn > Group member attribute (memberUid): memberUid > Distinguished name attribute (dn): dn > Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org > Referral method [follow/ignore] (follow): follow > Bind anonymously [true/false] (false): false > Handling behavior for username collisions [convert/skip] for LDAP sync > (skip): skip > ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org > ambari.ldap.connectivity.bind_password: * > Save settings [y/n] (y)? y > INFO: Loading properties from /etc/ambari-server/conf/ambari.properties > Traceback (most recent call last): > File "/usr/sbin/ambari-server.py", line 1060, in > mainBody() > File "/usr/sbin/ambari-server.py", line 1030, in mainBody > main(options, args, parser) > File "/usr/sbin/ambari-server.py", line 980, in main > action_obj.execute() > File "/usr/sbin/ambari-server.py", line 79, in execute > self.fn(*self.args, **self.kwargs) > File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, > in setup_ldap > encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, > options) > File "/usr/lib/ambari-server/lib/ambari_ser