def reset(options): if not is_root(): err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT raise FatalException(4, err) status, stateDesc = is_server_runing() if status: err = 'Ambari-server must be stopped to reset' raise FatalException(1, err) #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" choice = get_YN_input("**** WARNING **** You are about to reset and clear the " "Ambari Server database. This will remove all cluster " "host and configuration information from the database. " "You will be required to re-configure the Ambari server " "and re-run the cluster wizard. \n" "Are you SURE you want to perform the reset " "[yes/no] ({0})? ".format(default), get_silent()) okToRun = choice if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) _reset_database(options) pass
def get_choice_string_input(prompt, default, firstChoice, secondChoice, answer=None): if get_silent(): print(prompt) return default hasAnswer = answer is not None and answer if hasAnswer: print(prompt) input = True result = default while input: choice = str(answer) if hasAnswer else raw_input(prompt).lower() if choice in firstChoice: result = True input = False elif choice in secondChoice: result = False input = False elif choice is "": # Just enter pressed result = default input = False else: print "input not recognized, please try again: " quit_if_has_answer(hasAnswer) return result
def setup_component_https(component, command, property, alias): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() use_https = properties.get_property(property) in ['true'] if use_https: if get_YN_input( "Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False): truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_component_https_cmd( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) properties.process_pair(property, "false") else: return else: if get_YN_input( "Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_os_command( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to " + component + " Certificate: ", \ "Certificate not found") run_component_https_cmd( get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) properties.process_pair(property, "true") else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server " + command + "' command") else: print command + " is not enabled in silent mode."
def _create_custom_user(self): user = get_validated_string_input( "Enter user account for ambari-server service ({0}):".format(self.user), self.user, None, "Invalid username.", False ) if user in self.NR_SYSTEM_USERS: self.user = user return 0 if get_silent(): password = self.password else: password = get_validated_string_input("Enter password for user {0}:".format(user), "", None, "Password", True, False) from ambari_commons.os_windows import UserHelper uh = UserHelper(user) if uh.find_user(): print_info_msg("User {0} already exists, make sure that you typed correct password for user, " "skipping user creation".format(user)) else: status, message = uh.create_user(password) if status == UserHelper.USER_EXISTS: print_info_msg("User {0} already exists, make sure that you typed correct password for user, " "skipping user creation".format(user)) elif status == UserHelper.ACTION_FAILED: # fail print_warning_msg("Can't create user {0}. Failed with message {1}".format(user, message)) return UserHelper.ACTION_FAILED self.password = password # setting SeServiceLogonRight and SeBatchLogonRight to user #This is unconditional status, message = uh.add_user_privilege('SeServiceLogonRight') if status == UserHelper.ACTION_FAILED: print_warning_msg("Can't add SeServiceLogonRight to user {0}. Failed with message {1}".format(user, message)) return UserHelper.ACTION_FAILED status, message = uh.add_user_privilege('SeBatchLogonRight') if status == UserHelper.ACTION_FAILED: print_warning_msg("Can't add SeBatchLogonRight to user {0}. Failed with message {1}".format(user, message)) return UserHelper.ACTION_FAILED print_info_msg("User configuration is done.") print_warning_msg("When using non SYSTEM user make sure that your user has read\write access to log directories and " "all server directories. In case of integrated authentication for SQL Server make sure that your " "user is properly configured to access the ambari database.") if user.find('\\') == -1: user = '******' + user self.user = user return 0
def setup_https(args): if not is_root(): err = 'ambari-server setup-https should be run with ' \ 'root-level privileges' raise FatalException(4, err) args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT) api_ssl_old_value = properties.get_property(SSL_API) cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import=False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-https' command") if api_ssl_old_value != properties.get_property(SSL_API) \ or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT): print "Ambari server URL changed. To make use of the Tez View in Ambari " \ "please update the property tez.tez-ui.history-url.base in tez-site" ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def run_schema_upgrade(args): db_title = get_db_type(get_ambari_properties()).title silent = get_silent() default_answer = 'y' if silent else 'n' default_value = silent confirm = get_YN_input("Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (%s)? " % (db_title, default_answer), default_value) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 ensure_jdbc_driver_is_installed(args, get_ambari_properties()) print_info_msg('Upgrading database schema', True) serverClassPath = ServerClassPath(get_ambari_properties(), args) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell(validate_classpath=True) set_debug_mode_from_options(args) debug_mode = get_debug_mode() debug_start = (debug_mode & 1) or SCHEMA_UPGRADE_DEBUG suspend_start = (debug_mode & 2) or SUSPEND_START_MODE suspend_mode = 'y' if suspend_start else 'n' command = SCHEMA_UPGRADE_HELPER_CMD_DEBUG.format(jdk_path, class_path, suspend_mode) if debug_start else SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, class_path) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(args, ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) upgrade_response = json.loads(stdout) check_gpl_license_approved(upgrade_response) print_info_msg("Return code from schema upgrade command, retcode = {0}".format(str(retcode)), True) if stdout: print_info_msg("Console output from schema upgrade command:", True) print_info_msg(stdout, True) print if retcode > 0: print_error_msg("Error executing schema upgrade, please check the server logs.") if stderr: print_error_msg("Error output from schema upgrade command:") print_error_msg(stderr) print else: print_info_msg('Schema upgrade completed', True) return retcode
def _reset_local_database(self): #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" # Run automatic reset only for embedded DB okToRun = get_YN_input( "Confirm server reset [yes/no]({0})? ".format(default), get_silent()) if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) print "Resetting the Server database..." dbname = self.database_name filename = self.drop_tables_script_file username = self.database_username password = self.database_password command = PGConfig.SETUP_DB_CMD[:] command[-1] = command[-1].format(filename, username, password, dbname) drop_retcode, drop_outdata, drop_errdata = run_os_command(command) if not drop_retcode == 0: raise FatalException(1, drop_errdata) if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata: raise FatalException( 1, "Database is in use. Please, make sure all connections to the database are closed" ) if drop_errdata and get_verbose(): print_warning_msg(drop_errdata) print_info_msg("About to run database setup") retcode, outdata, errdata = self._setup_db() if errdata and get_verbose(): print_warning_msg(errdata) if (errdata and 'ERROR' in errdata.upper()) or ( drop_errdata and 'ERROR' in drop_errdata.upper()): err = "Non critical error in DDL" if not get_verbose(): err += ", use --verbose for more information" raise NonFatalException(err)
def _prompt_jdbc_driver_install(self, properties): result = self._is_jdbc_driver_installed(properties) if result == -1: if get_silent(): print_error_msg(self.JDBC_DRIVER_INSTALL_MSG) else: print_warning_msg(self.JDBC_DRIVER_INSTALL_MSG) raw_input(PRESS_ENTER_MSG) result = self._is_jdbc_driver_installed(properties) return (result, self.JDBC_DRIVER_INSTALL_MSG)
def setup_https(args): if not is_root(): warn = 'ambari-server setup-https is run as ' \ 'non-root user, some sudo privileges might be required' print warn args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import = False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action( security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action( security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-https' command") ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def setup_sso(options): print_info_msg("Setup SSO.") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair(options) properties = get_sso_properties(ambari_properties, admin_login, admin_password) if not options.sso_enabled: sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None) if sso_enabled: sso_status = "enabled" if sso_enabled == "true" else "disabled" else: sso_status = "not configured" sys.stdout.write("\nSSO is currently %s\n" % sso_status) if sso_status == "enabled": enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False) else: if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' services = None if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password) enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services) properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false" properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false" properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else "" update_sso_conf(ambari_properties, properties, admin_login, admin_password) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_truststore(options, import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False truststore_reconfigure = True if options.trust_store_reconfigure is not None else False if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): #Re-configuration enabled only for option "Setup truststore" if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\ and (truststore_reconfigure or get_YN_input( "The truststore is already configured. Do you want to re-configure " "the truststore [y/n] (y)? ", True)): properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY) properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY) properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY) truststore_type = get_and_persist_truststore_type(properties, options) truststore_path = get_and_persist_truststore_path(properties, options) truststore_password = get_and_persist_truststore_password(properties, options) if import_cert: import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True) if import_cert_confirm: aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None alias = aliasOption if aliasOption is not None \ else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input("Enter path to certificate: ", "Certificate not found", answer=options.import_cert_path) run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def setup_truststore(import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) if import_cert: if get_YN_input( "Do you want to import a certificate [y/n] (y)? ", True): alias = get_validated_string_input( "Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to certificate: ", \ "Certificate not found") run_component_https_cmd( get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def setup_https(args): if not is_root(): err = 'tbds-server setup-https should be run with ' \ 'root-level privileges' raise FatalException(4, err) args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import=False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'tbds-server setup-https' command") ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def get_validated_string_input(prompt, default, pattern, description, is_pass, allowEmpty=True, validatorFunction=None, answer=None): input = "" hasAnswer = answer is not None and (answer or allowEmpty) if hasAnswer: print(prompt) while not input: if get_silent(): print(prompt) input = default elif is_pass: input = str(answer) if hasAnswer else get_password(prompt) else: input = str(answer) if hasAnswer else raw_input(prompt) if not input.strip(): # Empty input - if default available use default if not allowEmpty and not default: msg = 'Property' if description is None or description is "" else description msg += ' cannot be blank.' print msg input = "" quit_if_has_answer(hasAnswer) continue else: input = default if validatorFunction: if not validatorFunction(input): input = "" quit_if_has_answer(hasAnswer) continue break # done here and picking up default else: if not pattern == None and not re.search(pattern, input.strip()): print description input = "" quit_if_has_answer(hasAnswer) if validatorFunction: if not validatorFunction(input): input = "" quit_if_has_answer(hasAnswer) continue return input
def _reset_local_database(self): #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" # Run automatic reset only for embedded DB okToRun = get_YN_input("Confirm server reset [yes/no]({0})? ".format(default), get_silent()) if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) print "Resetting the Server database..." dbname = self.database_name filename = self.drop_tables_script_file username = self.database_username password = self.database_password command = PGConfig.SETUP_DB_CMD[:] command[-1] = command[-1].format(filename, username, password, dbname) drop_retcode, drop_outdata, drop_errdata = run_os_command(command) if not drop_retcode == 0: raise FatalException(1, drop_errdata) if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata: raise FatalException(1, "Database is in use. Please, make sure all connections to the database are closed") if drop_errdata and get_verbose(): print_warning_msg(drop_errdata) print_info_msg("About to run database setup") retcode, outdata, errdata = self._setup_db() if errdata and get_verbose(): print_warning_msg(errdata) if (errdata and 'ERROR' in errdata.upper()) or (drop_errdata and 'ERROR' in drop_errdata.upper()): err = "Non critical error in DDL" if not get_verbose(): err += ", use --verbose for more information" raise NonFatalException(err)
def get_validated_filepath_input(prompt, description, default=None): input = False while not input: if get_silent(): print (prompt) return default else: input = raw_input(prompt) if not input == None: input = input.strip() if not input == None and not "" == input and os.path.isfile(input): return input else: print description input = False
def verify_setup_allowed(): if get_silent(): properties = get_ambari_properties() if properties == -1: print_error_msg("Error getting ambari properties") return -1 isSecure = get_is_secure(properties) if isSecure: (isPersisted, masterKeyFile) = get_is_persisted(properties) if not isPersisted: print "ERROR: Cannot run silent 'setup' with password encryption enabled " \ "and Master Key not persisted." print "Ambari Server 'setup' exiting." return 1 return 0
def verify_setup_allowed(): if get_silent(): properties = get_ambari_properties() if properties == -1: print_error_msg("Error getting tbds properties") return -1 isSecure = get_is_secure(properties) if isSecure: (isPersisted, masterKeyFile) = get_is_persisted(properties) if not isPersisted: print "ERROR: Cannot run silent 'setup' with password encryption enabled " \ "and Master Key not persisted." print "TBDS Server 'setup' exiting." return 1 return 0
def setup_sso(options): logger.info("Setup SSO.") if not is_root(): raise FatalException( 4, 'ambari-server setup-sso should be run with root-level privileges') if not get_silent(): validateOptions(options) properties = get_ambari_properties() must_setup_params = False if not options.sso_enabled: sso_enabled = properties.get_property( JWT_AUTH_ENBABLED).lower() in ['true'] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False else: properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled) must_setup_params = options.sso_enabled == 'true' if must_setup_params: populateSsoProviderUrl(options, properties) populateSsoPublicCert(options, properties) populateJwtCookieName(options, properties) populateJwtAudiences(options, properties) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_component_https(component, command, property, alias): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"tbds-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() use_https = properties.get_property(property) in ['true'] if use_https: if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False): truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) properties.process_pair(property, "false") else: return else: if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to " + component + " Certificate: ", \ "Certificate not found") run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) properties.process_pair(property, "true") else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'tbds-server " + command + "' command") else: print command + " is not enabled in silent mode."
def get_validated_filepath_input(prompt, description, default=None, answer=None): input = False hasAnswer = answer is not None and answer while not input: if get_silent(): print(prompt) return default else: input = str(answer) if hasAnswer else raw_input(prompt) if not input == None: input = input.strip() if not input == None and not "" == input and os.path.isfile(input): return input else: print description quit_if_has_answer(hasAnswer) input = False
def verify_setup_allowed(options): if get_silent(): properties = get_ambari_properties() if properties == -1: print_error_msg("Error getting ambari properties") return -1 isSecure = get_is_secure(properties) if isSecure: (isPersisted, masterKeyFile) = get_is_persisted(properties) if not isPersisted: print "ERROR: Cannot run silent 'setup' with password encryption enabled " \ "and Master Key not persisted." print "Ambari Server 'setup' exiting." return 1 factory = DBMSConfigFactory() default_dbms = factory.get_default_dbms_name() if default_dbms: valid = True if options.dbms is not None \ and options.database_host is not None \ and options.database_port is not None \ and options.database_name is not None \ and options.database_username is not None \ and options.database_password is not None: if default_dbms == "sqlanywhere" and options.sqla_server_name is None: valid = False else: valid = False if not valid: print "ERROR: Cannot run silent setup without database connection properties provided." print "Ambari Server 'setup' exiting." return 2 return 0
def get_choice_string_input(prompt, default, firstChoice, secondChoice): if get_silent(): print(prompt) return default input = True result = default while input: choice = raw_input(prompt).lower() if choice in firstChoice: result = True input = False elif choice in secondChoice: result = False input = False elif choice is "": # Just enter pressed result = default input = False else: print "input not recognized, please try again: " return result
def setup_truststore(import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) if import_cert: if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True): alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to certificate: ", \ "Certificate not found") run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def get_validated_string_input(prompt, default, pattern, description, is_pass, allowEmpty=True, validatorFunction=None): input = "" while not input: if get_silent(): print (prompt) input = default elif is_pass: input = get_password(prompt) else: input = raw_input(prompt) if not input.strip(): # Empty input - if default available use default if not allowEmpty and not default: msg = 'Property' if description is None or description is "" else description msg += ' cannot be blank.' print msg input = "" continue else: input = default if validatorFunction: if not validatorFunction(input): input = "" continue break # done here and picking up default else: if not pattern == None and not re.search(pattern, input.strip()): print description input = "" if validatorFunction: if not validatorFunction(input): input = "" continue return input
def download_and_install_jdk(self, args, properties): conf_file = properties.fileName jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." if args.java_home: #java_home was specified among the command-line arguments. Use it as custom JDK location. if not validate_jdk(args.java_home): err = "Path to java home " + args.java_home + " or java binary file does not exists" raise FatalException(1, err) print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") print_warning_msg(jcePolicyWarn) IS_CUSTOM_JDK = True properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return java_home_var = get_JAVA_HOME() if get_silent(): if not java_home_var: #No java_home_var set, detect if java is already installed if os.environ.has_key(JAVA_HOME): args.java_home = os.environ[JAVA_HOME] properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return else: # For now, changing the existing JDK to make sure we use a supported one pass if java_home_var: change_jdk = get_YN_input_optional("Do you want to change Oracle JDK [y/n] (n)? ", False,SETUP_USE_DEFAULT) if not change_jdk: self._ensure_java_home_env_var_is_set(java_home_var) self.jdk_index = self.custom_jdk_number return #Continue with the normal setup, taking the first listed JDK version as the default option jdk_num = str(self.jdk_index + 1) (self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num) jdk_num = get_validated_string_input_optional( jdk_choice_prompt, jdk_num, jdk_valid_choices, "Invalid number.", False, SETUP_USE_DEFAULT ) self.jdk_index = int(jdk_num) - 1 if self.jdk_index == self.custom_jdk_number: print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.") print_warning_msg(jcePolicyWarn) args.java_home = get_validated_string_input_optional("Path to JAVA_HOME: ", None, None, None, False,SETUP_USE_DEFAULT, False) if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)): err = "Java home path or java binary file is unavailable. Please put correct path to java home." raise FatalException(1, err) print "Validating JDK on TBDS Server...done." properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) return jdk_cfg = self.jdks[self.jdk_index] try: resources_dir = properties[RESOURCES_DIR_PROPERTY] except (KeyError), e: err = 'Property ' + str(e) + ' is not defined at ' + conf_file raise FatalException(1, err)
def download_and_install_jdk(self, args, properties): conf_file = properties.fileName jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." if args.java_home: #java_home was specified among the command-line arguments. Use it as custom JDK location. if not validate_jdk(args.java_home): err = "Path to java home " + args.java_home + " or java binary file does not exists" raise FatalException(1, err) print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") print_warning_msg(jcePolicyWarn) IS_CUSTOM_JDK = True properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return java_home_var = get_JAVA_HOME() if OS_FAMILY == OSConst.WINSRV_FAMILY: progress_func = None else: progress_func = download_progress if get_silent(): if not java_home_var: #No java_home_var set, detect if java is already installed if os.environ.has_key(JAVA_HOME): args.java_home = os.environ[JAVA_HOME] properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return else: # For now, changing the existing JDK to make sure we use a supported one pass if java_home_var: change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False) if not change_jdk: self._ensure_java_home_env_var_is_set(java_home_var) self.jdk_index = self.custom_jdk_number return #Continue with the normal setup, taking the first listed JDK version as the default option jdk_num = str(self.jdk_index + 1) (self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num) jdk_num = get_validated_string_input( jdk_choice_prompt, jdk_num, jdk_valid_choices, "Invalid number.", False ) self.jdk_index = int(jdk_num) - 1 if self.jdk_index == self.custom_jdk_number: print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.") print_warning_msg(jcePolicyWarn) args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False) if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)): err = "Java home path or java binary file is unavailable. Please put correct path to java home." raise FatalException(1, err) print "Validating JDK on Ambari Server...done." properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) # Make sure any previously existing JDK and JCE name properties are removed. These will # confuse things in a Custom JDK scenario properties.removeProp(JDK_NAME_PROPERTY) properties.removeProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) return jdk_cfg = self.jdks[self.jdk_index] resources_dir = get_resources_location(properties) dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file)) if os.path.exists(dest_file): print "JDK already exists, using " + dest_file elif properties[JDK_DOWNLOAD_SUPPORTED_PROPERTY].upper() == "FALSE": print "ERROR: Oracle JDK is not found in {1}. JDK download is not supported in this distribution. Please download Oracle JDK " \ "archive ({0}) manually from Oracle site, place it into {1} and re-run this script.".format(jdk_cfg.dest_file, dest_file) print "NOTE: If you have already downloaded the file, please verify if the name is exactly same as {0}.".format(jdk_cfg.dest_file) print 'Exiting...' sys.exit(1) else: ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) " "Policy Files you must accept the " "license terms found at " "http://www.oracle.com/technetwork/java/javase/" "terms/license/index.html and not accepting will " "cancel the Ambari Server setup and you must install the JDK and JCE " "files manually.\nDo you accept the " "Oracle Binary Code License Agreement [y/n] (y)? ", True) if not ok: print 'Exiting...' sys.exit(1) jdk_url = jdk_cfg.url print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file, progress_func) try: (retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK has failed: %s\n" % str(e) file_exists = os.path.isfile(dest_file) if file_exists: ok = get_YN_input("JDK found at " + dest_file + ". " "Would you like to re-download the JDK [y/n] (y)? ", not get_silent()) if not ok: err = "Unable to install JDK. Please remove JDK file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err) else: jdk_url = jdk_cfg.url print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file, progress_func) print 'Successfully re-downloaded JDK distribution to ' + dest_file try: (retcode, out) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK was failed: %s\n" % str(e) err = "Unable to install JDK. Please remove JDK, file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err)
def setup(options): if get_silent(): if check_setup_already_done(): print "Nothing was done. Please, use ambari-server setup command without [-s] key, to change configuration." sys.exit(0) retcode = verify_setup_allowed() if not retcode == 0: raise FatalException(1, None) if not is_root(): err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT raise FatalException(4, err) # proceed jdbc properties if they were set if _check_jdbc_options(options): proceedJDBCProperties(options) return (retcode, err) = disable_security_enhancements() if not retcode == 0: raise FatalException(retcode, err) #Create ambari user, if needed retcode = check_ambari_user() if not retcode == 0: err = 'Failed to create user. Exiting.' raise FatalException(retcode, err) print configDefaults.MESSAGE_CHECK_FIREWALL check_firewall() # proceed jdbc properties if they were set if _check_jdbc_options(options): proceedJDBCProperties(options) print 'Checking JDK...' try: download_and_install_jdk(options) except FatalException as e: err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e) raise FatalException(e.code, err) print 'Completing setup...' retcode = configure_os_settings() if not retcode == 0: err = 'Configure of OS settings in ambari.properties failed. Exiting.' raise FatalException(retcode, err) print 'Configuring database...' prompt_db_properties(options) #DB setup should be done last after doing any setup. _setup_database(options) check_jdbc_drivers(options) print 'Extracting system views...' retcode = extract_views() if not retcode == 0: err = 'Error while extracting system views. Exiting' raise FatalException(retcode, err) # we've already done this, but new files were created so run it one time. adjust_directory_permissions(read_ambari_user())
def setup_trusted_proxy(options): print_info_msg("Setup Trusted Proxy") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) properties = get_trusted_proxy_properties(ambari_properties, admin_login, admin_password) if not options.tproxy_enabled: tproxy_support_enabled = get_value_from_dictionary( properties, TPROXY_SUPPORT_ENABLED) if tproxy_support_enabled: if 'true' == tproxy_support_enabled: tproxy_status = "enabled" else: tproxy_status = "disabled" else: tproxy_status = "not configured" print_info_msg("\nTrusted Proxy support is currently %s\n" % tproxy_status) if tproxy_status == "enabled": enable_tproxy = not get_YN_input( "Do you want to disable Trusted Proxy support [y/n] (n)? ", False) elif get_YN_input( "Do you want to configure Trusted Proxy Support [y/n] (y)? ", True): enable_tproxy = True else: return False else: enable_tproxy = options.tproxy_enabled == 'true' if enable_tproxy: properties[TPROXY_SUPPORT_ENABLED] = "true" if not options.tproxy_configuration_file_path: add_new_trusted_proxy = add_new_trusted_proxy_config( properties) while add_new_trusted_proxy: add_new_trusted_proxy = add_new_trusted_proxy_config( properties) else: parse_trusted_configuration_file( options.tproxy_configuration_file_path, properties) update_tproxy_conf(ambari_properties, properties, admin_login, admin_password) else: remove_tproxy_conf(ambari_properties, admin_login, admin_password) else: warning = "setup-trusted-proxy is not enabled in silent mode." raise NonFatalException(warning) pass
def ensure_jdbc_driver_installed(self, properties): # check default driver is already in classpath, will be passed for postgres only, because its driver is built-in is_driver_in_classpath = self._is_jdbc_driver_installed(properties) if is_driver_in_classpath == 0: return True # check driver is available via driver path property server_jdbc_path = properties.get_property(JDBC_DRIVER_PATH_PROPERTY) if server_jdbc_path and os.path.isfile(server_jdbc_path): return True # check driver is present by default driver path default_driver_path = self._get_default_driver_path(properties) if default_driver_path and os.path.isfile(default_driver_path): ambari_should_use_existing_default_jdbc = get_YN_input( "Should ambari use existing default jdbc {0} [y/n] (y)? ". format(default_driver_path), True) if ambari_should_use_existing_default_jdbc: properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, default_driver_path) update_properties(properties) return True if get_silent(): print_error_msg(self.JDBC_DRIVER_INSTALL_MSG) return False path_to_custom_jdbc_driver = get_validated_string_input( "Enter full path to custom jdbc driver: ", None, None, None, False, False) if path_to_custom_jdbc_driver and os.path.isfile( path_to_custom_jdbc_driver): try: custom_jdbc_name = os.path.basename(path_to_custom_jdbc_driver) if not path_to_custom_jdbc_driver == os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name): if os.path.isfile( os.path.join(configDefaults.JAVA_SHARE_PATH, custom_jdbc_name)): replace_jdbc_in_share_dir = get_YN_input( "You already have file {0} in /usr/share/java/. Should it be replaced? [y/n] (y)? " .format(custom_jdbc_name), True) if replace_jdbc_in_share_dir: try: os.remove( os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name)) except Exception, ee: err = 'ERROR: Could not remove jdbc file. %s' % os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name) raise FatalException(1, err) shutil.copy(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH) print "Copying {0} to {1}".format( path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH) except Exception, e: err = "Can not copy file {0} to {1} due to: {2} . Please check file " \ "permissions and free disk space.".format(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH, str(e)) raise FatalException(1, err) properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, path_to_custom_jdbc_driver) update_properties(properties) return True
class JDKSetup(object): def __init__(self): self.JDK_DEFAULT_CONFIGS = [] self.JDK_PROMPT = "[{0}] {1}\n" self.JDK_CUSTOM_CHOICE_PROMPT = "[{0}] - Custom JDK\n==============================================================================\nEnter choice ({1}): " self.JDK_VALID_CHOICES = "^[{0}{1:d}]$" self.JDK_MIN_FILESIZE = 5000 self.JAVA_BIN = "" self.jdk_index = 0 # # Downloads and installs the JDK and the JCE policy archive # def download_and_install_jdk(self, args, properties): conf_file = properties.fileName jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." if args.java_home: #java_home was specified among the command-line arguments. Use it as custom JDK location. if not validate_jdk(args.java_home): err = "Path to java home " + args.java_home + " or java binary file does not exists" raise FatalException(1, err) print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") print_warning_msg(jcePolicyWarn) IS_CUSTOM_JDK = True properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return java_home_var = get_JAVA_HOME() if get_silent(): if not java_home_var: #No java_home_var set, detect if java is already installed if os.environ.has_key(JAVA_HOME): args.java_home = os.environ[JAVA_HOME] properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return else: # For now, changing the existing JDK to make sure we use a supported one pass if java_home_var: change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False) if not change_jdk: self._ensure_java_home_env_var_is_set(java_home_var) self.jdk_index = self.custom_jdk_number return #Continue with the normal setup, taking the first listed JDK version as the default option jdk_num = str(self.jdk_index + 1) (self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num) jdk_num = get_validated_string_input( jdk_choice_prompt, jdk_num, jdk_valid_choices, "Invalid number.", False ) self.jdk_index = int(jdk_num) - 1 if self.jdk_index == self.custom_jdk_number: print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.") print_warning_msg(jcePolicyWarn) args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False) if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)): err = "Java home path or java binary file is unavailable. Please put correct path to java home." raise FatalException(1, err) print "Validating JDK on Ambari Server...done." properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) return jdk_cfg = self.jdks[self.jdk_index] try: resources_dir = properties[RESOURCES_DIR_PROPERTY] except (KeyError), e: err = 'Property ' + str(e) + ' is not defined at ' + conf_file raise FatalException(1, err) dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file)) if os.path.exists(dest_file): print "JDK already exists, using " + dest_file else: ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) " "Policy Files you must accept the " "license terms found at " "http://www.oracle.com/technetwork/java/javase/" "terms/license/index.html and not accepting will " "cancel the Ambari Server setup and you must install the JDK and JCE " "files manually.\nDo you accept the " "Oracle Binary Code License Agreement [y/n] (y)? ", True) if not ok: print 'Exiting...' sys.exit(1) jdk_url = jdk_cfg.url print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file) try: (retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK has failed: %s\n" % str(e) file_exists = os.path.isfile(dest_file) if file_exists: ok = get_YN_input("JDK found at " + dest_file + ". " "Would you like to re-download the JDK [y/n] (y)? ", not get_silent()) if not ok: err = "Unable to install JDK. Please remove JDK file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err) else: jdk_url = jdk_cfg.url print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file) print 'Successfully re-downloaded JDK distribution to ' + dest_file try: (retcode, out) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK was failed: %s\n" % str(e) err = "Unable to install JDK. Please remove JDK, file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err)
def download_and_install_jdk(self, args, properties): conf_file = properties.fileName jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." if args.java_home: #java_home was specified among the command-line arguments. Use it as custom JDK location. if not validate_jdk(args.java_home): err = "Path to java home " + args.java_home + " or java binary file does not exists" raise FatalException(1, err) print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") print_warning_msg(jcePolicyWarn) IS_CUSTOM_JDK = True properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return java_home_var = get_JAVA_HOME() if get_silent(): if not java_home_var: #No java_home_var set, detect if java is already installed if os.environ.has_key(JAVA_HOME): args.java_home = os.environ[JAVA_HOME] properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return else: # For now, changing the existing JDK to make sure we use a supported one pass if java_home_var: change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False) if not change_jdk: self._ensure_java_home_env_var_is_set(java_home_var) self.jdk_index = self.custom_jdk_number return #Continue with the normal setup, taking the first listed JDK version as the default option jdk_num = str(self.jdk_index + 1) (self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num) jdk_num = get_validated_string_input( jdk_choice_prompt, jdk_num, jdk_valid_choices, "Invalid number.", False ) self.jdk_index = int(jdk_num) - 1 if self.jdk_index == self.custom_jdk_number: print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.") print_warning_msg(jcePolicyWarn) args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False) if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)): err = "Java home path or java binary file is unavailable. Please put correct path to java home." raise FatalException(1, err) print "Validating JDK on Ambari Server...done." properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) return jdk_cfg = self.jdks[self.jdk_index] try: resources_dir = properties[RESOURCES_DIR_PROPERTY] except (KeyError), e: err = 'Property ' + str(e) + ' is not defined at ' + conf_file raise FatalException(1, err)
def setup_sso(options): print_info_msg("Setup SSO.") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) properties = get_sso_properties(ambari_properties, admin_login, admin_password) if not options.sso_enabled: ambari_auth_enabled = get_value_from_dictionary( properties, AMBARI_SSO_AUTH_ENABLED) manage_services = get_value_from_dictionary( properties, SSO_MANAGE_SERVICES) if ambari_auth_enabled or manage_services: if (ambari_auth_enabled and 'true' == ambari_auth_enabled) or \ (manage_services and 'true' == manage_services): sso_status = "enabled" else: sso_status = "disabled" else: sso_status = "not configured" sys.stdout.write("\nSSO is currently %s\n" % sso_status) if sso_status == "enabled": enable_sso = not get_YN_input( "Do you want to disable SSO authentication [y/n] (n)? ", False) elif get_YN_input( "Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_ambari_requires_sso(options, properties) populate_service_management(options, properties, ambari_properties, admin_login, admin_password) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) update_sso_conf(ambari_properties, properties, admin_login, admin_password) else: remove_sso_conf(ambari_properties, admin_login, admin_password) else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_sso(options): logger.info("Setup SSO.") if not is_root(): raise FatalException( 4, 'ambari-server setup-sso should be run with root-level privileges') server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) if not options.sso_enabled: sso_enabled_from_db = get_sso_property_from_db( properties, admin_login, admin_password, SSO_MANAGE_SERVICES) sso_enabled = sso_enabled_from_db == None or sso_enabled_from_db in [ 'true' ] print_info_msg( "SSO is currently {0}".format( "not configured" if sso_enabled_from_db == None else ( "enabled" if sso_enabled else "disabled")), True) if sso_enabled: enable_sso = not get_YN_input( "Do you want to disable SSO authentication [y/n] (n)? ", False) else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' services = '' if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) services = get_services_requires_sso(options, properties, admin_login, admin_password) update_sso_conf(properties, enable_sso, services, admin_login, admin_password) enable_jwt_auth = WILDCARD_FOR_ALL_SERVICES == services or SERVICE_NAME_AMBARI in services properties.process_pair(JWT_AUTH_ENBABLED, "true" if enable_jwt_auth else "false") update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_sso(args): logger.info("Setup SSO.") if not is_root(): err = 'ambari-server setup-sso should be run with ' \ 'root-level privileges' raise FatalException(4, err) if not get_silent(): properties = get_ambari_properties() must_setup_params = False store_new_cert = False sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [ 'true' ] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False if must_setup_params: provider_url = get_value_from_properties( properties, JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT) provider_url = get_validated_string_input( "Provider URL [URL] ({0}):".format(provider_url), provider_url, REGEX_ANYTHING, "Invalid provider URL", False) properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url) cert_path = properties.get_property(JWT_PUBLIC_KEY) cert_string = get_multi_line_input( "Public Certificate pem ({0})".format( 'stored' if cert_path else 'empty')) if cert_string is not None: store_new_cert = True if get_YN_input( "Do you want to configure advanced properties [y/n] (n) ?", False): cookie_name = get_value_from_properties( properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input( "JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) properties.process_pair(JWT_COOKIE_NAME, cookie_name) audiences = properties.get_property(JWT_AUDIENCES) audiences = get_validated_string_input( "JWT audiences list (comma-separated), empty for any ({0}):" .format(audiences), audiences, REGEX_ANYTHING, "Invalid value", False) properties.process_pair(JWT_AUDIENCES, audiences) # TODO not required for now as we support Knox only # orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT) # orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param), # orig_query_param, # REGEX_ANYTHING, # "Invalid value", # False) # properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param) if store_new_cert: full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER cert_path = store_password_file(full_cert, JWT_PUBLIC_KEY_FILENAME) properties.process_pair(JWT_PUBLIC_KEY, cert_path) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass