Andrew Onischuk created AMBARI-24225: ----------------------------------------
Summary: Ambari Server Secure LDAP (LDAPS) setup fails with internal error Key: AMBARI-24225 URL: https://issues.apache.org/jira/browse/AMBARI-24225 Project: Ambari Issue Type: Bug Reporter: Andrew Onischuk Assignee: Andrew Onischuk Fix For: 2.7.0 Attachments: AMBARI-24225.patch perform ambari-server setup-ldap At use SSL* prompt choose true to setup secure ldap Send value on rest of the prompts as seen below. trusttore is already created before this setup. At the end this fails with a 500 internal server error. [root@ctr-e138-1518143905142-384562-01-000008 init.d]# ambari-server setup-ldap Using python /usr/bin/python Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site Primary URL Port* : 636 Secondary URL Host : Secondary URL Port : Use SSL* [true/false] (false): true User object class* (person): User name attribute* (uid): Group object class* (ou=groups,dc=ambari,dc=apache,dc=org): Group name attribute* (cn): Group member attribute* (memberUid): Distinguished name attribute* (dn): Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org Referral method [follow/ignore] : Bind anonymously* [true/false] (false): Handling behavior for username collisions [convert/skip] for LDAP sync* (convert): Force lower-case user names [true/false] :true Results from LDAP are paginated when requested [true/false] :true Manager DN* : uid=hdfs,ou=people,ou=dev,dc=apache,dc=org Enter Manager Password* : Re-enter password: Do you want to provide custom TrustStore for Ambari [y/n] (n)?y TrustStore type [jks/jceks/pkcs12] (jks):jks Path to TrustStore file :/root/keystore.jks Password for TrustStore: Re-enter password: ==================== Review Settings ==================== Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site Primary URL Port* : 636 Use SSL* [true/false] (false): true User object class* (person): person User name attribute* (uid): uid Group object class* (ou=groups,dc=ambari,dc=apache,dc=org): ou=groups,dc=ambari,dc=apache,dc=org Group name attribute* (cn): cn Group member attribute* (memberUid): memberUid Distinguished name attribute* (dn): dn Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org Bind anonymously* [true/false] (false): false Handling behavior for username collisions [convert/skip] for LDAP sync* (convert): convert Force lower-case user names [true/false] : true Results from LDAP are paginated when requested [true/false] : true ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org ambari.ldap.connectivity.bind_password: ***** ssl.trustStore.type: jks ssl.trustStore.path: /root/keystore.jks ssl.trustStore.password: ***** Save settings [y/n] (y)? y Saving LDAP properties... Enter Ambari Admin login: admin Enter Ambari Admin password: ERROR: Unexpected HTTPError: HTTP Error 500: Internal Server Error For more info run ambari-server with -v or --verbose option Found following in ambari-audit logs [root@ctr-e138-1518143905142-384562-01-000008 ambari-server]# tail -1000f ambari-audit.log 2018-06-29T02:34:58.425Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles( ), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER) 2018-06-29T02:34:58.482Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles( Ambari: Ambari Administrator ), Status(Success) 2018-06-29T02:34:58.638Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(200 OK) 2018-06-29T06:01:46.430Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles( ), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER) 2018-06-29T06:01:46.510Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles( Ambari: Ambari Administrator ), Status(Success) 2018-06-29T06:01:46.642Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(500 Internal Server Error), Reason(org.apache.ambari.server.controller.spi.SystemException: Invalid Ambari server configuration key: ldap-configuration:ssl.trustStore.path) ^C [root@ctr-e138-1518143905142-384562-01-000008 ambari-server]# Could you please help take a look to identofy the issue Cluster where this is reproduced : 172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site 172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site ctr-e138-1518143905142-384562-01-000008 172.27.76.128 ctr-e138-1518143905142-384562-01-000004.hwx.site ctr-e138-1518143905142-384562-01-000004 172.27.57.11 ctr-e138-1518143905142-384562-01-000003.hwx.site ctr-e138-1518143905142-384562-01-000003 172.27.79.80 ctr-e138-1518143905142-384562-01-000005.hwx.site ctr-e138-1518143905142-384562-01-000005 172.27.57.3 ctr-e138-1518143905142-384562-01-000009.hwx.site ctr-e138-1518143905142-384562-01-000009 172.27.79.82 ctr-e138-1518143905142-384562-01-000010.hwx.site ctr-e138-1518143905142-384562-01-000010 -- This message was sent by Atlassian JIRA (v7.6.3#76005)