[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[Jayush Luniya (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jayush Luniya updated AMBARI-24646:
---
Fix Version/s: (was: 2.7.2)
   2.7.3

> 'ambari-server setup-ldap' fails with AttributeError when master_key is not 
> persisted
> -
>
> Key: AMBARI-24646
> URL: https://issues.apache.org/jira/browse/AMBARI-24646
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.7.0
>Reporter: Dmitry Lysnichenko
>Assignee: Dmitry Lysnichenko
>Priority: Blocker
>  Labels: pull-request-available
> Fix For: 2.7.3
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> *STR*
> Installed ambari-server and configured password encryption, but chose not to 
> persist master key
> {code}
> [root@ctr ~]# ambari-server setup-security
> Using python  /usr/bin/python
> Security setup options...
> ===
> Choose one of the following options:
> [1] Enable HTTPS for Ambari server.
> [2] Encrypt passwords stored in ambari.properties file.
> [3] Setup Ambari kerberos JAAS configuration.
> [4] Setup truststore.
> [5] Import certificate to truststore.
> ===
> Enter choice, (1-5): 2
> Password encryption is enabled.
> Do you want to reset Master Key? [y/n] (n): y
> Master Key not persisted.
> Enter current Master Key:
> Enter new Master Key:
> Re-enter master key:
> Do you want to persist master key. If you choose not to persist, you need to 
> provide the Master Key while starting the ambari server as an env variable 
> named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
> Persist [y/n] (y)? n
> Adjusting ambari-server permissions and ownership...
> Ambari Server 'setup-security' completed successfully.
> {code}
> Then export environment variable
> export AMBARI_SECURITY_MASTER_KEY=hadoop
> Thereafter ran the following:
> *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
> instead of asking for master key
> {code}
> [root@ctr ~]# ambari-server setup-ldap -v
> Using python  /usr/bin/python
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: about to run command: ps -p 5596
> INFO:
> process_pid=12677
> Please select the type of LDAP you want to use (AD, IPA, Generic 
> LDAP):Generic LDAP
> Primary LDAP Host (ldap.ambari.apache.org): ctr
> Primary LDAP Port (389):
> Secondary LDAP Host :
> Secondary LDAP Port :
> Use SSL [true/false] (false):
> User object class (posixUser):
> User ID attribute (uid):
> Group object class (posixGroup):
> Group name attribute (cn):
> Group member attribute (memberUid):
> Distinguished name attribute (dn):
> Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] (follow):
> Bind anonymously [true/false] (false):
> Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
> uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Bind DN Password:
> Confirm Bind DN Password:
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
> Force lower-case user names [true/false]:
> Results from LDAP are paginated when requested [true/false]:
> 
> Review Settings
> 
> Primary LDAP Host (ldap.ambari.apache.org):  ctr
> Primary LDAP Port (389):  389
> Use SSL [true/false] (false):  false
> User object class (posixUser):  posixUser
> User ID attribute (uid):  uid
> Group object class (posixGroup):  posixGroup
> Group name attribute (cn):  cn
> Group member attribute (memberUid):  memberUid
> Distinguished name attribute (dn):  dn
> Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync 
> (skip):  skip
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *
> Save settings [y/n] (y)? y
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> Traceback (most recent call last):
> File "/usr/sbin/ambari-server.py", line 1060, in 
> mainBody()
> File "/usr/sbin/ambari-server.py", line 1030, in mainBody
> main(options, args, parser)
> File "/usr/sbin/ambari-server.py", line 980, in main
> action_obj.execute()
> File "/usr/sbin/ambari-server.py", line 79, in execute
> self.fn(*self.args, **self.kwargs)
> File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, 
> in setup_ldap
> 

[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[ASF GitHub Bot (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated AMBARI-24646:

Labels: pull-request-available  (was: )

> 'ambari-server setup-ldap' fails with AttributeError when master_key is not 
> persisted
> -
>
> Key: AMBARI-24646
> URL: https://issues.apache.org/jira/browse/AMBARI-24646
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.7.0
>Reporter: Dmitry Lysnichenko
>Assignee: Dmitry Lysnichenko
>Priority: Blocker
>  Labels: pull-request-available
> Fix For: 2.7.2
>
>
> *STR*
> Installed ambari-server and configured password encryption, but chose not to 
> persist master key
> {code}
> [root@ctr ~]# ambari-server setup-security
> Using python  /usr/bin/python
> Security setup options...
> ===
> Choose one of the following options:
> [1] Enable HTTPS for Ambari server.
> [2] Encrypt passwords stored in ambari.properties file.
> [3] Setup Ambari kerberos JAAS configuration.
> [4] Setup truststore.
> [5] Import certificate to truststore.
> ===
> Enter choice, (1-5): 2
> Password encryption is enabled.
> Do you want to reset Master Key? [y/n] (n): y
> Master Key not persisted.
> Enter current Master Key:
> Enter new Master Key:
> Re-enter master key:
> Do you want to persist master key. If you choose not to persist, you need to 
> provide the Master Key while starting the ambari server as an env variable 
> named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
> Persist [y/n] (y)? n
> Adjusting ambari-server permissions and ownership...
> Ambari Server 'setup-security' completed successfully.
> {code}
> Then export environment variable
> export AMBARI_SECURITY_MASTER_KEY=hadoop
> Thereafter ran the following:
> *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
> instead of asking for master key
> {code}
> [root@ctr ~]# ambari-server setup-ldap -v
> Using python  /usr/bin/python
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: about to run command: ps -p 5596
> INFO:
> process_pid=12677
> Please select the type of LDAP you want to use (AD, IPA, Generic 
> LDAP):Generic LDAP
> Primary LDAP Host (ldap.ambari.apache.org): ctr
> Primary LDAP Port (389):
> Secondary LDAP Host :
> Secondary LDAP Port :
> Use SSL [true/false] (false):
> User object class (posixUser):
> User ID attribute (uid):
> Group object class (posixGroup):
> Group name attribute (cn):
> Group member attribute (memberUid):
> Distinguished name attribute (dn):
> Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] (follow):
> Bind anonymously [true/false] (false):
> Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
> uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Bind DN Password:
> Confirm Bind DN Password:
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
> Force lower-case user names [true/false]:
> Results from LDAP are paginated when requested [true/false]:
> 
> Review Settings
> 
> Primary LDAP Host (ldap.ambari.apache.org):  ctr
> Primary LDAP Port (389):  389
> Use SSL [true/false] (false):  false
> User object class (posixUser):  posixUser
> User ID attribute (uid):  uid
> Group object class (posixGroup):  posixGroup
> Group name attribute (cn):  cn
> Group member attribute (memberUid):  memberUid
> Distinguished name attribute (dn):  dn
> Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync 
> (skip):  skip
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *
> Save settings [y/n] (y)? y
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> Traceback (most recent call last):
> File "/usr/sbin/ambari-server.py", line 1060, in 
> mainBody()
> File "/usr/sbin/ambari-server.py", line 1030, in mainBody
> main(options, args, parser)
> File "/usr/sbin/ambari-server.py", line 980, in main
> action_obj.execute()
> File "/usr/sbin/ambari-server.py", line 79, in execute
> self.fn(*self.args, **self.kwargs)
> File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, 
> in setup_ldap
> encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, 
> 

[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[Dmitry Lysnichenko (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Lysnichenko updated AMBARI-24646:

Description: 
*STR*
Installed ambari-server and configured password encryption, but chose not to 
persist master key
{code}
[root@ctr ~]# ambari-server setup-security
Using python  /usr/bin/python
Security setup options...
===
Choose one of the following options:
[1] Enable HTTPS for Ambari server.
[2] Encrypt passwords stored in ambari.properties file.
[3] Setup Ambari kerberos JAAS configuration.
[4] Setup truststore.
[5] Import certificate to truststore.
===
Enter choice, (1-5): 2
Password encryption is enabled.
Do you want to reset Master Key? [y/n] (n): y
Master Key not persisted.
Enter current Master Key:
Enter new Master Key:
Re-enter master key:
Do you want to persist master key. If you choose not to persist, you need to 
provide the Master Key while starting the ambari server as an env variable 
named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
Persist [y/n] (y)? n
Adjusting ambari-server permissions and ownership...
Ambari Server 'setup-security' completed successfully.
{code}

Then export environment variable
export AMBARI_SECURITY_MASTER_KEY=hadoop

Thereafter ran the following:
*Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
instead of asking for master key
{code}
[root@ctr ~]# ambari-server setup-ldap -v
Using python  /usr/bin/python
INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
INFO: about to run command: ps -p 5596
INFO:
process_pid=12677
Please select the type of LDAP you want to use (AD, IPA, Generic LDAP):Generic 
LDAP
Primary LDAP Host (ldap.ambari.apache.org): ctr
Primary LDAP Port (389):
Secondary LDAP Host :
Secondary LDAP Port :
Use SSL [true/false] (false):
User object class (posixUser):
User ID attribute (uid):
Group object class (posixGroup):
Group name attribute (cn):
Group member attribute (memberUid):
Distinguished name attribute (dn):
Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
Referral method [follow/ignore] (follow):
Bind anonymously [true/false] (false):
Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
Enter Bind DN Password:
Confirm Bind DN Password:
Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
Force lower-case user names [true/false]:
Results from LDAP are paginated when requested [true/false]:

Review Settings

Primary LDAP Host (ldap.ambari.apache.org):  ctr
Primary LDAP Port (389):  389
Use SSL [true/false] (false):  false
User object class (posixUser):  posixUser
User ID attribute (uid):  uid
Group object class (posixGroup):  posixGroup
Group name attribute (cn):  cn
Group member attribute (memberUid):  memberUid
Distinguished name attribute (dn):  dn
Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
Referral method [follow/ignore] (follow):  follow
Bind anonymously [true/false] (false):  false
Handling behavior for username collisions [convert/skip] for LDAP sync (skip):  
skip
ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
ambari.ldap.connectivity.bind_password: *
Save settings [y/n] (y)? y
INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
Traceback (most recent call last):
File "/usr/sbin/ambari-server.py", line 1060, in 
mainBody()
File "/usr/sbin/ambari-server.py", line 1030, in mainBody
main(options, args, parser)
File "/usr/sbin/ambari-server.py", line 980, in main
action_obj.execute()
File "/usr/sbin/ambari-server.py", line 79, in execute
self.fn(*self.args, **self.kwargs)
File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, in 
setup_ldap
encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, 
options)
File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 
858, in encrypt_password
return get_encrypted_password(alias, password, properties, options)
File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 
867, in get_encrypted_password
masterKey = get_original_master_key(properties, options)
File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 
1022, in get_original_master_key
if options is not None and options.master_key is not None and 
options.master_key:
AttributeError: Values instance has no attribute 'master_key'
[root@ctr ~]#
{code}

*Issue #2* - Kept asking for Master key on the prompt, despite giving correct 
values
{code}
[root@ctr ~]# ambari-server setup
Using python  /usr/bin/python
Setup ambari-server
Checking SELinux...

[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[Dmitry Lysnichenko (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Lysnichenko updated AMBARI-24646:

Component/s: ambari-server

> 'ambari-server setup-ldap' fails with AttributeError when master_key is not 
> persisted
> -
>
> Key: AMBARI-24646
> URL: https://issues.apache.org/jira/browse/AMBARI-24646
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.7.0
>Reporter: Dmitry Lysnichenko
>Assignee: Dmitry Lysnichenko
>Priority: Blocker
> Fix For: 2.7.2
>
>
> *STR*
> Installed ambari-server and configured password encryption, but chose not to 
> persist master key
> {code}
> [root@ctr ~]# ambari-server setup-security
> Using python  /usr/bin/python
> Security setup options...
> ===
> Choose one of the following options:
> [1] Enable HTTPS for Ambari server.
> [2] Encrypt passwords stored in ambari.properties file.
> [3] Setup Ambari kerberos JAAS configuration.
> [4] Setup truststore.
> [5] Import certificate to truststore.
> ===
> Enter choice, (1-5): 2
> Password encryption is enabled.
> Do you want to reset Master Key? [y/n] (n): y
> Master Key not persisted.
> Enter current Master Key:
> Enter new Master Key:
> Re-enter master key:
> Do you want to persist master key. If you choose not to persist, you need to 
> provide the Master Key while starting the ambari server as an env variable 
> named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
> Persist [y/n] (y)? n
> Adjusting ambari-server permissions and ownership...
> Ambari Server 'setup-security' completed successfully.
> {code}
> Then export environment variable
> export AMBARI_SECURITY_MASTER_KEY=hadoop
> Thereafter ran the following:
> *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
> instead of asking for master key
> {code}
> [root@ctr ~]# ambari-server setup-ldap -v
> Using python  /usr/bin/python
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: about to run command: ps -p 5596
> INFO:
> process_pid=12677
> Please select the type of LDAP you want to use (AD, IPA, Generic 
> LDAP):Generic LDAP
> Primary LDAP Host (ldap.ambari.apache.org): ctr
> Primary LDAP Port (389):
> Secondary LDAP Host :
> Secondary LDAP Port :
> Use SSL [true/false] (false):
> User object class (posixUser):
> User ID attribute (uid):
> Group object class (posixGroup):
> Group name attribute (cn):
> Group member attribute (memberUid):
> Distinguished name attribute (dn):
> Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] (follow):
> Bind anonymously [true/false] (false):
> Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
> uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Bind DN Password:
> Confirm Bind DN Password:
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
> Force lower-case user names [true/false]:
> Results from LDAP are paginated when requested [true/false]:
> 
> Review Settings
> 
> Primary LDAP Host (ldap.ambari.apache.org):  ctr
> Primary LDAP Port (389):  389
> Use SSL [true/false] (false):  false
> User object class (posixUser):  posixUser
> User ID attribute (uid):  uid
> Group object class (posixGroup):  posixGroup
> Group name attribute (cn):  cn
> Group member attribute (memberUid):  memberUid
> Distinguished name attribute (dn):  dn
> Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync 
> (skip):  skip
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *
> Save settings [y/n] (y)? y
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> Traceback (most recent call last):
> File "/usr/sbin/ambari-server.py", line 1060, in 
> mainBody()
> File "/usr/sbin/ambari-server.py", line 1030, in mainBody
> main(options, args, parser)
> File "/usr/sbin/ambari-server.py", line 980, in main
> action_obj.execute()
> File "/usr/sbin/ambari-server.py", line 79, in execute
> self.fn(*self.args, **self.kwargs)
> File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, 
> in setup_ldap
> encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, 
> options)
> File 

[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[Dmitry Lysnichenko (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Lysnichenko updated AMBARI-24646:

Fix Version/s: 2.7.2

> 'ambari-server setup-ldap' fails with AttributeError when master_key is not 
> persisted
> -
>
> Key: AMBARI-24646
> URL: https://issues.apache.org/jira/browse/AMBARI-24646
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.7.0
>Reporter: Dmitry Lysnichenko
>Assignee: Dmitry Lysnichenko
>Priority: Blocker
> Fix For: 2.7.2
>
>
> *STR*
> Installed ambari-server and configured password encryption, but chose not to 
> persist master key
> {code}
> [root@ctr ~]# ambari-server setup-security
> Using python  /usr/bin/python
> Security setup options...
> ===
> Choose one of the following options:
> [1] Enable HTTPS for Ambari server.
> [2] Encrypt passwords stored in ambari.properties file.
> [3] Setup Ambari kerberos JAAS configuration.
> [4] Setup truststore.
> [5] Import certificate to truststore.
> ===
> Enter choice, (1-5): 2
> Password encryption is enabled.
> Do you want to reset Master Key? [y/n] (n): y
> Master Key not persisted.
> Enter current Master Key:
> Enter new Master Key:
> Re-enter master key:
> Do you want to persist master key. If you choose not to persist, you need to 
> provide the Master Key while starting the ambari server as an env variable 
> named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
> Persist [y/n] (y)? n
> Adjusting ambari-server permissions and ownership...
> Ambari Server 'setup-security' completed successfully.
> {code}
> Then export environment variable
> export AMBARI_SECURITY_MASTER_KEY=hadoop
> Thereafter ran the following:
> *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
> instead of asking for master key
> {code}
> [root@ctr ~]# ambari-server setup-ldap -v
> Using python  /usr/bin/python
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: about to run command: ps -p 5596
> INFO:
> process_pid=12677
> Please select the type of LDAP you want to use (AD, IPA, Generic 
> LDAP):Generic LDAP
> Primary LDAP Host (ldap.ambari.apache.org): ctr
> Primary LDAP Port (389):
> Secondary LDAP Host :
> Secondary LDAP Port :
> Use SSL [true/false] (false):
> User object class (posixUser):
> User ID attribute (uid):
> Group object class (posixGroup):
> Group name attribute (cn):
> Group member attribute (memberUid):
> Distinguished name attribute (dn):
> Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] (follow):
> Bind anonymously [true/false] (false):
> Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
> uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Bind DN Password:
> Confirm Bind DN Password:
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
> Force lower-case user names [true/false]:
> Results from LDAP are paginated when requested [true/false]:
> 
> Review Settings
> 
> Primary LDAP Host (ldap.ambari.apache.org):  ctr
> Primary LDAP Port (389):  389
> Use SSL [true/false] (false):  false
> User object class (posixUser):  posixUser
> User ID attribute (uid):  uid
> Group object class (posixGroup):  posixGroup
> Group name attribute (cn):  cn
> Group member attribute (memberUid):  memberUid
> Distinguished name attribute (dn):  dn
> Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync 
> (skip):  skip
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *
> Save settings [y/n] (y)? y
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> Traceback (most recent call last):
> File "/usr/sbin/ambari-server.py", line 1060, in 
> mainBody()
> File "/usr/sbin/ambari-server.py", line 1030, in mainBody
> main(options, args, parser)
> File "/usr/sbin/ambari-server.py", line 980, in main
> action_obj.execute()
> File "/usr/sbin/ambari-server.py", line 79, in execute
> self.fn(*self.args, **self.kwargs)
> File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, 
> in setup_ldap
> encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, 
> options)
> File 

[jira] [Updated] (AMBARI-24646) 'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

[Dmitry Lysnichenko (JIRA)]

 [ 
https://issues.apache.org/jira/browse/AMBARI-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Lysnichenko updated AMBARI-24646:

Affects Version/s: 2.7.0

> 'ambari-server setup-ldap' fails with AttributeError when master_key is not 
> persisted
> -
>
> Key: AMBARI-24646
> URL: https://issues.apache.org/jira/browse/AMBARI-24646
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.7.0
>Reporter: Dmitry Lysnichenko
>Assignee: Dmitry Lysnichenko
>Priority: Blocker
> Fix For: 2.7.2
>
>
> *STR*
> Installed ambari-server and configured password encryption, but chose not to 
> persist master key
> {code}
> [root@ctr ~]# ambari-server setup-security
> Using python  /usr/bin/python
> Security setup options...
> ===
> Choose one of the following options:
> [1] Enable HTTPS for Ambari server.
> [2] Encrypt passwords stored in ambari.properties file.
> [3] Setup Ambari kerberos JAAS configuration.
> [4] Setup truststore.
> [5] Import certificate to truststore.
> ===
> Enter choice, (1-5): 2
> Password encryption is enabled.
> Do you want to reset Master Key? [y/n] (n): y
> Master Key not persisted.
> Enter current Master Key:
> Enter new Master Key:
> Re-enter master key:
> Do you want to persist master key. If you choose not to persist, you need to 
> provide the Master Key while starting the ambari server as an env variable 
> named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. 
> Persist [y/n] (y)? n
> Adjusting ambari-server permissions and ownership...
> Ambari Server 'setup-security' completed successfully.
> {code}
> Then export environment variable
> export AMBARI_SECURITY_MASTER_KEY=hadoop
> Thereafter ran the following:
> *Issue #1* - Gave AttributeError after accepting the 'Save settings' prompt, 
> instead of asking for master key
> {code}
> [root@ctr ~]# ambari-server setup-ldap -v
> Using python  /usr/bin/python
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> INFO: about to run command: ps -p 5596
> INFO:
> process_pid=12677
> Please select the type of LDAP you want to use (AD, IPA, Generic 
> LDAP):Generic LDAP
> Primary LDAP Host (ldap.ambari.apache.org): ctr
> Primary LDAP Port (389):
> Secondary LDAP Host :
> Secondary LDAP Port :
> Use SSL [true/false] (false):
> User object class (posixUser):
> User ID attribute (uid):
> Group object class (posixGroup):
> Group name attribute (cn):
> Group member attribute (memberUid):
> Distinguished name attribute (dn):
> Search Base (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
> Referral method [follow/ignore] (follow):
> Bind anonymously [true/false] (false):
> Bind DN (uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org): 
> uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> Enter Bind DN Password:
> Confirm Bind DN Password:
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
> Force lower-case user names [true/false]:
> Results from LDAP are paginated when requested [true/false]:
> 
> Review Settings
> 
> Primary LDAP Host (ldap.ambari.apache.org):  ctr
> Primary LDAP Port (389):  389
> Use SSL [true/false] (false):  false
> User object class (posixUser):  posixUser
> User ID attribute (uid):  uid
> Group object class (posixGroup):  posixGroup
> Group name attribute (cn):  cn
> Group member attribute (memberUid):  memberUid
> Distinguished name attribute (dn):  dn
> Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync 
> (skip):  skip
> ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> ambari.ldap.connectivity.bind_password: *
> Save settings [y/n] (y)? y
> INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
> Traceback (most recent call last):
> File "/usr/sbin/ambari-server.py", line 1060, in 
> mainBody()
> File "/usr/sbin/ambari-server.py", line 1030, in mainBody
> main(options, args, parser)
> File "/usr/sbin/ambari-server.py", line 980, in main
> action_obj.execute()
> File "/usr/sbin/ambari-server.py", line 79, in execute
> self.fn(*self.args, **self.kwargs)
> File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, 
> in setup_ldap
> encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, 
> options)
> File