def store_password_file(password, filename): conf_file = find_properties_file() passFilePath = get_pass_file_path(conf_file, filename) with open(passFilePath, 'w+') as passFile: passFile.write(password) print_info_msg("Adjusting filesystem permissions") ambari_user = read_ambari_user() set_file_permissions(passFilePath, "660", ambari_user, False) #Windows paths need double backslashes, otherwise the Ambari server deserializer will think the single \ are escape markers return passFilePath.replace('\\', '\\\\')
def import_file_to_keystore(source, destination): shutil.copy(source, destination) set_file_permissions(destination, "660", read_ambari_user(), False)
def import_cert_and_key(security_server_keys_dir): import_cert_path = get_validated_filepath_input( \ "Enter path to Certificate: ", \ "Certificate not found") import_key_path = get_validated_filepath_input( \ "Enter path to Private Key: ", "Private Key not found") pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True) certInfoDict = get_cert_info(import_cert_path) if not certInfoDict: print_warning_msg('Unable to get Certificate information') else: #Validate common name of certificate if not is_valid_cert_host(certInfoDict): print_warning_msg('Unable to validate Certificate hostname') #Validate issue and expirations dates of certificate if not is_valid_cert_exp(certInfoDict): print_warning_msg('Unable to validate Certificate issue and expiration dates') #jetty requires private key files with non-empty key passwords retcode = 0 err = '' if not pem_password: print 'Generating random password for HTTPS keystore...done.' pem_password = generate_random_string() retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format( import_key_path, pem_password)) import_key_path += '.secured' if retcode == 0: keystoreFilePath = os.path.join(security_server_keys_dir, \ SSL_KEYSTORE_FILE_NAME) keystoreFilePathTmp = os.path.join(tempfile.gettempdir(), \ SSL_KEYSTORE_FILE_NAME) passFilePath = os.path.join(security_server_keys_dir, \ SSL_KEY_PASSWORD_FILE_NAME) passFilePathTmp = os.path.join(tempfile.gettempdir(), \ SSL_KEY_PASSWORD_FILE_NAME) passinFilePath = os.path.join(tempfile.gettempdir(), \ SSL_PASSIN_FILE) passwordFilePath = os.path.join(tempfile.gettempdir(), \ SSL_PASSWORD_FILE) with open(passFilePathTmp, 'w+') as passFile: passFile.write(pem_password) passFile.close pass set_file_permissions(passFilePath, "660", read_ambari_user(), False) copy_file(passFilePathTmp, passinFilePath) copy_file(passFilePathTmp, passwordFilePath) retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path, \ import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp)) if retcode == 0: print 'Importing and saving Certificate...done.' import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath) import_file_to_keystore(passFilePathTmp, passFilePath) import_file_to_keystore(import_cert_path, os.path.join( \ security_server_keys_dir, SSL_CERT_FILE_NAME)) import_file_to_keystore(import_key_path, os.path.join( \ security_server_keys_dir, SSL_KEY_FILE_NAME)) #Validate keystore retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath, \ passwordFilePath, passinFilePath)) remove_file(passinFilePath) remove_file(passwordFilePath) if not retcode == 0: print 'Error during keystore validation occured!:' print err return False return True else: print_error_msg('Could not import Certificate and Private Key.') print 'SSL error on exporting keystore: ' + err.rstrip() + \ '.\nPlease ensure that provided Private Key password is correct and ' + \ 're-import Certificate.' return False
if ambari_repo_file: if (os.path.exists(ambari_repo_file)): ambari_repo_file_owner = get_file_owner(ambari_repo_file) configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((ambari_repo_file, "644", ambari_repo_file_owner, False)) print "Adjusting ambari-server permissions and ownership..." for pack in configDefaults.NR_ADJUST_OWNERSHIP_LIST: file = pack[0] mod = pack[1] user = pack[2].format(ambari_user) recursive = pack[3] print_info_msg("Setting file permissions: {0} {1} {2} {3}".format(file, mod, user, recursive)) set_file_permissions(file, mod, user, recursive) for pack in configDefaults.NR_CHANGE_OWNERSHIP_LIST: path = pack[0] user = pack[1].format(ambari_user) recursive = pack[2] print_info_msg("Changing ownership: {0} {1} {2}".format(path, user, recursive)) change_owner(path, user, recursive) def configure_ldap_password(): passwordDefault = "" passwordPrompt = 'Enter Manager Password* : ' passwordPattern = ".*" passwordDescr = "Invalid characters in password." password = read_password(passwordDefault, passwordPattern, passwordPrompt,
def import_cert_and_key(security_server_keys_dir): import_cert_path = get_validated_filepath_input( \ "Enter path to Certificate: ", \ "Certificate not found") import_key_path = get_validated_filepath_input( \ "Enter path to Private Key: ", "Private Key not found") pem_password = get_validated_string_input( "Please enter password for Private Key: ", "", None, None, True) certInfoDict = get_cert_info(import_cert_path) if not certInfoDict: print_warning_msg('Unable to get Certificate information') else: #Validate common name of certificate if not is_valid_cert_host(certInfoDict): print_warning_msg('Unable to validate Certificate hostname') #Validate issue and expirations dates of certificate if not is_valid_cert_exp(certInfoDict): print_warning_msg( 'Unable to validate Certificate issue and expiration dates') #jetty requires private key files with non-empty key passwords retcode = 0 err = '' if not pem_password: print 'Generating random password for HTTPS keystore...done.' pem_password = generate_random_string() retcode, out, err = run_os_command( CHANGE_KEY_PWD_CND.format(import_key_path, pem_password)) import_key_path += '.secured' if retcode == 0: keystoreFilePath = os.path.join(security_server_keys_dir, \ SSL_KEYSTORE_FILE_NAME) keystoreFilePathTmp = os.path.join(tempfile.gettempdir(), \ SSL_KEYSTORE_FILE_NAME) passFilePath = os.path.join(security_server_keys_dir, \ SSL_KEY_PASSWORD_FILE_NAME) passFilePathTmp = os.path.join(tempfile.gettempdir(), \ SSL_KEY_PASSWORD_FILE_NAME) passinFilePath = os.path.join(tempfile.gettempdir(), \ SSL_PASSIN_FILE) passwordFilePath = os.path.join(tempfile.gettempdir(), \ SSL_PASSWORD_FILE) with open(passFilePathTmp, 'w+') as passFile: passFile.write(pem_password) passFile.close pass set_file_permissions(passFilePath, "660", read_ambari_user(), False) copy_file(passFilePathTmp, passinFilePath) copy_file(passFilePathTmp, passwordFilePath) retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path, \ import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp)) if retcode == 0: print 'Importing and saving Certificate...done.' import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath) import_file_to_keystore(passFilePathTmp, passFilePath) import_file_to_keystore(import_cert_path, os.path.join( \ security_server_keys_dir, SSL_CERT_FILE_NAME)) import_file_to_keystore(import_key_path, os.path.join( \ security_server_keys_dir, SSL_KEY_FILE_NAME)) #Validate keystore retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath, \ passwordFilePath, passinFilePath)) remove_file(passinFilePath) remove_file(passwordFilePath) if not retcode == 0: print 'Error during keystore validation occured!:' print err return False return True else: print_error_msg('Could not import Certificate and Private Key.') print 'SSL error on exporting keystore: ' + err.rstrip() + \ '.\nPlease ensure that provided Private Key password is correct and ' + \ 're-import Certificate.' return False
def _install_mpack(options, replay_mode=False, is_upgrade=False): """ Install management pack :param options: Command line options :param replay_mode: Flag to indicate if executing command in replay mode """ mpack_path = options.mpack_path if not mpack_path: print_error_msg("Management pack not specified!") raise FatalException(-1, 'Management pack not specified!') print_info_msg("Installing management pack {0}".format(mpack_path)) # Download management pack to a temp location tmp_archive_path = download_mpack(mpack_path) if not (tmp_archive_path and os.path.exists(tmp_archive_path)): print_error_msg("Management pack could not be downloaded!") raise FatalException(-1, 'Management pack could not be downloaded!') # Expand management pack in temp directory tmp_root_dir = expand_mpack(tmp_archive_path) # Read mpack metadata mpack_metadata = read_mpack_metadata(tmp_root_dir) if not mpack_metadata: raise FatalException(-1, 'Malformed management pack {0}. Metadata file missing!'.format(mpack_path)) # Validate management pack prerequisites # Skip validation in replay mode if not replay_mode: validate_mpack_prerequisites(mpack_metadata) if is_upgrade: # Execute pre upgrade hook _execute_hook(mpack_metadata, BEFORE_UPGRADE_HOOK_NAME, tmp_root_dir) else: # Execute pre install hook _execute_hook(mpack_metadata, BEFORE_INSTALL_HOOK_NAME, tmp_root_dir) # Purge previously installed stacks and management packs if options.purge and options.purge_list: purge_resources = options.purge_list.split(",") validate_purge(options, purge_resources, tmp_root_dir, mpack_metadata, replay_mode) purge_stacks_and_mpacks(purge_resources, replay_mode) adjust_ownership_list = [] change_ownership_list = [] # Get ambari mpack properties stack_location, extension_location, service_definitions_location, mpacks_staging_location, dashboard_location = get_mpack_properties() mpacks_cache_location = os.path.join(mpacks_staging_location, MPACKS_CACHE_DIRNAME) # Create directories if not os.path.exists(stack_location): sudo.makedir(stack_location, 0755) adjust_ownership_list.append((stack_location, "0755", "{0}", True)) change_ownership_list.append((stack_location,"{0}",True)) if not os.path.exists(extension_location): sudo.makedir(extension_location, 0755) adjust_ownership_list.append((extension_location, "0755", "{0}", True)) change_ownership_list.append((extension_location,"{0}",True)) if not os.path.exists(service_definitions_location): sudo.makedir(service_definitions_location, 0755) adjust_ownership_list.append((service_definitions_location, "0755", "{0}", True)) change_ownership_list.append((service_definitions_location,"{0}",True)) if not os.path.exists(mpacks_staging_location): sudo.makedir(mpacks_staging_location, 0755) adjust_ownership_list.append((mpacks_staging_location, "0755", "{0}", True)) change_ownership_list.append((mpacks_staging_location,"{0}",True)) if not os.path.exists(mpacks_cache_location): sudo.makedir(mpacks_cache_location, 0755) adjust_ownership_list.append((mpacks_cache_location, "0755", "{0}", True)) change_ownership_list.append((mpacks_cache_location,"{0}",True)) if not os.path.exists(dashboard_location): sudo.makedir(dashboard_location, 0755) sudo.makedir(os.path.join(dashboard_location, GRAFANA_DASHBOARDS_DIRNAME), 0755) sudo.makedir(os.path.join(dashboard_location, SERVICE_METRICS_DIRNAME), 0755) adjust_ownership_list.append((dashboard_location, "0755", "{0}", True)) change_ownership_list.append((dashboard_location,"{0}",True)) # Stage management pack (Stage at /var/lib/ambari-server/resources/mpacks/mpack_name-mpack_version) mpack_name = mpack_metadata.name mpack_version = mpack_metadata.version mpack_dirname = mpack_name + "-" + mpack_version mpack_staging_dir = os.path.join(mpacks_staging_location, mpack_dirname) mpack_archive_path = os.path.join(mpacks_cache_location, os.path.basename(tmp_archive_path)) print_info_msg("Stage management pack {0}-{1} to staging location {2}".format( mpack_name, mpack_version, mpack_staging_dir)) if os.path.exists(mpack_staging_dir): if options.force: print_info_msg("Force removing previously installed management pack from {0}".format(mpack_staging_dir)) sudo.rmtree(mpack_staging_dir) else: error_msg = "Management pack {0}-{1} already installed!".format(mpack_name, mpack_version) print_error_msg(error_msg) raise FatalException(-1, error_msg) shutil.move(tmp_root_dir, mpack_staging_dir) shutil.move(tmp_archive_path, mpack_archive_path) # Process setup steps for all artifacts (stack-definitions, extension-definitions, # service-definitions, stack-addon-service-definitions) in the management pack for artifact in mpack_metadata.artifacts: # Artifact name (Friendly name) artifact_name = artifact.name # Artifact type (stack-definitions, extension-definitions, service-definitions, etc) artifact_type = artifact.type # Artifact directory with contents of the artifact artifact_source_dir = os.path.join(mpack_staging_dir, artifact.source_dir) print_info_msg("Processing artifact {0} of type {1} in {2}".format( artifact_name, artifact_type, artifact_source_dir)) if artifact.type == STACK_DEFINITIONS_ARTIFACT_NAME: process_stack_definitions_artifact(artifact, artifact_source_dir, options) elif artifact.type == EXTENSION_DEFINITIONS_ARTIFACT_NAME: process_extension_definitions_artifact(artifact, artifact_source_dir, options) elif artifact.type == SERVICE_DEFINITIONS_ARTIFACT_NAME: process_service_definitions_artifact(artifact, artifact_source_dir, options) elif artifact.type == STACK_ADDON_SERVICE_DEFINITIONS_ARTIFACT_NAME: process_stack_addon_service_definitions_artifact(artifact, artifact_source_dir, options) else: print_info_msg("Unknown artifact {0} of type {1}".format(artifact_name, artifact_type)) ambari_user = read_ambari_user() if ambari_user: # This is required when a non-admin user is configured to setup ambari-server print_info_msg("Adjusting file permissions and ownerships") for pack in adjust_ownership_list: file = pack[0] mod = pack[1] user = pack[2].format(ambari_user) recursive = pack[3] logger.info("Setting file permissions: {0} {1} {2} {3}".format(file, mod, user, recursive)) set_file_permissions(file, mod, user, recursive) for pack in change_ownership_list: path = pack[0] user = pack[1].format(ambari_user) recursive = pack[2] logger.info("Changing ownership: {0} {1} {2}".format(path, user, recursive)) change_owner(path, user, recursive) print_info_msg("Management pack {0}-{1} successfully installed! Please restart ambari-server.".format(mpack_name, mpack_version)) return mpack_metadata, mpack_name, mpack_version, mpack_staging_dir, mpack_archive_path