def store_password_file(password, filename):
conf_file = find_properties_file()
passFilePath = get_pass_file_path(conf_file, filename)
with open(passFilePath, 'w+') as passFile:
passFile.write(password)
print_info_msg("Adjusting filesystem permissions")
ambari_user = read_ambari_user()
set_file_permissions(passFilePath, "660", ambari_user, False)
#Windows paths need double backslashes, otherwise the Ambari server deserializer will think the single \ are escape markers
return passFilePath.replace('\\', '\\\\')
def store_password_file(password, filename):
conf_file = find_properties_file()
passFilePath = get_pass_file_path(conf_file, filename)
with open(passFilePath, 'w+') as passFile:
passFile.write(password)
print_info_msg("Adjusting filesystem permissions")
ambari_user = read_ambari_user()
set_file_permissions(passFilePath, "660", ambari_user, False)
#Windows paths need double backslashes, otherwise the Ambari server deserializer will think the single \ are escape markers
return passFilePath.replace('\\', '\\\\')
def import_file_to_keystore(source, destination): shutil.copy(source, destination) set_file_permissions(destination, "660", read_ambari_user(), False)
def import_cert_and_key(security_server_keys_dir):
import_cert_path = get_validated_filepath_input( \
"Enter path to Certificate: ", \
"Certificate not found")
import_key_path = get_validated_filepath_input( \
"Enter path to Private Key: ", "Private Key not found")
pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
certInfoDict = get_cert_info(import_cert_path)
if not certInfoDict:
print_warning_msg('Unable to get Certificate information')
else:
#Validate common name of certificate
if not is_valid_cert_host(certInfoDict):
print_warning_msg('Unable to validate Certificate hostname')
#Validate issue and expirations dates of certificate
if not is_valid_cert_exp(certInfoDict):
print_warning_msg('Unable to validate Certificate issue and expiration dates')
#jetty requires private key files with non-empty key passwords
retcode = 0
err = ''
if not pem_password:
print 'Generating random password for HTTPS keystore...done.'
pem_password = generate_random_string()
retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format(
import_key_path, pem_password))
import_key_path += '.secured'
if retcode == 0:
keystoreFilePath = os.path.join(security_server_keys_dir, \
SSL_KEYSTORE_FILE_NAME)
keystoreFilePathTmp = os.path.join(tempfile.gettempdir(), \
SSL_KEYSTORE_FILE_NAME)
passFilePath = os.path.join(security_server_keys_dir, \
SSL_KEY_PASSWORD_FILE_NAME)
passFilePathTmp = os.path.join(tempfile.gettempdir(), \
SSL_KEY_PASSWORD_FILE_NAME)
passinFilePath = os.path.join(tempfile.gettempdir(), \
SSL_PASSIN_FILE)
passwordFilePath = os.path.join(tempfile.gettempdir(), \
SSL_PASSWORD_FILE)
with open(passFilePathTmp, 'w+') as passFile:
passFile.write(pem_password)
passFile.close
pass
set_file_permissions(passFilePath, "660", read_ambari_user(), False)
copy_file(passFilePathTmp, passinFilePath)
copy_file(passFilePathTmp, passwordFilePath)
retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path, \
import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp))
if retcode == 0:
print 'Importing and saving Certificate...done.'
import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath)
import_file_to_keystore(passFilePathTmp, passFilePath)
import_file_to_keystore(import_cert_path, os.path.join( \
security_server_keys_dir, SSL_CERT_FILE_NAME))
import_file_to_keystore(import_key_path, os.path.join( \
security_server_keys_dir, SSL_KEY_FILE_NAME))
#Validate keystore
retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath, \
passwordFilePath, passinFilePath))
remove_file(passinFilePath)
remove_file(passwordFilePath)
if not retcode == 0:
print 'Error during keystore validation occured!:'
print err
return False
return True
else:
print_error_msg('Could not import Certificate and Private Key.')
print 'SSL error on exporting keystore: ' + err.rstrip() + \
'.\nPlease ensure that provided Private Key password is correct and ' + \
're-import Certificate.'
return False
if ambari_repo_file:
if (os.path.exists(ambari_repo_file)):
ambari_repo_file_owner = get_file_owner(ambari_repo_file)
configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((ambari_repo_file, "644", ambari_repo_file_owner, False))
print "Adjusting ambari-server permissions and ownership..."
for pack in configDefaults.NR_ADJUST_OWNERSHIP_LIST:
file = pack[0]
mod = pack[1]
user = pack[2].format(ambari_user)
recursive = pack[3]
print_info_msg("Setting file permissions: {0} {1} {2} {3}".format(file, mod, user, recursive))
set_file_permissions(file, mod, user, recursive)
for pack in configDefaults.NR_CHANGE_OWNERSHIP_LIST:
path = pack[0]
user = pack[1].format(ambari_user)
recursive = pack[2]
print_info_msg("Changing ownership: {0} {1} {2}".format(path, user, recursive))
change_owner(path, user, recursive)
def configure_ldap_password():
passwordDefault = ""
passwordPrompt = 'Enter Manager Password* : '
passwordPattern = ".*"
passwordDescr = "Invalid characters in password."
password = read_password(passwordDefault, passwordPattern, passwordPrompt,
def import_file_to_keystore(source, destination):
shutil.copy(source, destination)
set_file_permissions(destination, "660", read_ambari_user(), False)
def import_cert_and_key(security_server_keys_dir):
import_cert_path = get_validated_filepath_input( \
"Enter path to Certificate: ", \
"Certificate not found")
import_key_path = get_validated_filepath_input( \
"Enter path to Private Key: ", "Private Key not found")
pem_password = get_validated_string_input(
"Please enter password for Private Key: ", "", None, None, True)
certInfoDict = get_cert_info(import_cert_path)
if not certInfoDict:
print_warning_msg('Unable to get Certificate information')
else:
#Validate common name of certificate
if not is_valid_cert_host(certInfoDict):
print_warning_msg('Unable to validate Certificate hostname')
#Validate issue and expirations dates of certificate
if not is_valid_cert_exp(certInfoDict):
print_warning_msg(
'Unable to validate Certificate issue and expiration dates')
#jetty requires private key files with non-empty key passwords
retcode = 0
err = ''
if not pem_password:
print 'Generating random password for HTTPS keystore...done.'
pem_password = generate_random_string()
retcode, out, err = run_os_command(
CHANGE_KEY_PWD_CND.format(import_key_path, pem_password))
import_key_path += '.secured'
if retcode == 0:
keystoreFilePath = os.path.join(security_server_keys_dir, \
SSL_KEYSTORE_FILE_NAME)
keystoreFilePathTmp = os.path.join(tempfile.gettempdir(), \
SSL_KEYSTORE_FILE_NAME)
passFilePath = os.path.join(security_server_keys_dir, \
SSL_KEY_PASSWORD_FILE_NAME)
passFilePathTmp = os.path.join(tempfile.gettempdir(), \
SSL_KEY_PASSWORD_FILE_NAME)
passinFilePath = os.path.join(tempfile.gettempdir(), \
SSL_PASSIN_FILE)
passwordFilePath = os.path.join(tempfile.gettempdir(), \
SSL_PASSWORD_FILE)
with open(passFilePathTmp, 'w+') as passFile:
passFile.write(pem_password)
passFile.close
pass
set_file_permissions(passFilePath, "660", read_ambari_user(), False)
copy_file(passFilePathTmp, passinFilePath)
copy_file(passFilePathTmp, passwordFilePath)
retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path, \
import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp))
if retcode == 0:
print 'Importing and saving Certificate...done.'
import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath)
import_file_to_keystore(passFilePathTmp, passFilePath)
import_file_to_keystore(import_cert_path, os.path.join( \
security_server_keys_dir, SSL_CERT_FILE_NAME))
import_file_to_keystore(import_key_path, os.path.join( \
security_server_keys_dir, SSL_KEY_FILE_NAME))
#Validate keystore
retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath, \
passwordFilePath, passinFilePath))
remove_file(passinFilePath)
remove_file(passwordFilePath)
if not retcode == 0:
print 'Error during keystore validation occured!:'
print err
return False
return True
else:
print_error_msg('Could not import Certificate and Private Key.')
print 'SSL error on exporting keystore: ' + err.rstrip() + \
'.\nPlease ensure that provided Private Key password is correct and ' + \
're-import Certificate.'
return False
def _install_mpack(options, replay_mode=False, is_upgrade=False):
"""
Install management pack
:param options: Command line options
:param replay_mode: Flag to indicate if executing command in replay mode
"""
mpack_path = options.mpack_path
if not mpack_path:
print_error_msg("Management pack not specified!")
raise FatalException(-1, 'Management pack not specified!')
print_info_msg("Installing management pack {0}".format(mpack_path))
# Download management pack to a temp location
tmp_archive_path = download_mpack(mpack_path)
if not (tmp_archive_path and os.path.exists(tmp_archive_path)):
print_error_msg("Management pack could not be downloaded!")
raise FatalException(-1, 'Management pack could not be downloaded!')
# Expand management pack in temp directory
tmp_root_dir = expand_mpack(tmp_archive_path)
# Read mpack metadata
mpack_metadata = read_mpack_metadata(tmp_root_dir)
if not mpack_metadata:
raise FatalException(-1, 'Malformed management pack {0}. Metadata file missing!'.format(mpack_path))
# Validate management pack prerequisites
# Skip validation in replay mode
if not replay_mode:
validate_mpack_prerequisites(mpack_metadata)
if is_upgrade:
# Execute pre upgrade hook
_execute_hook(mpack_metadata, BEFORE_UPGRADE_HOOK_NAME, tmp_root_dir)
else:
# Execute pre install hook
_execute_hook(mpack_metadata, BEFORE_INSTALL_HOOK_NAME, tmp_root_dir)
# Purge previously installed stacks and management packs
if options.purge and options.purge_list:
purge_resources = options.purge_list.split(",")
validate_purge(options, purge_resources, tmp_root_dir, mpack_metadata, replay_mode)
purge_stacks_and_mpacks(purge_resources, replay_mode)
adjust_ownership_list = []
change_ownership_list = []
# Get ambari mpack properties
stack_location, extension_location, service_definitions_location, mpacks_staging_location, dashboard_location = get_mpack_properties()
mpacks_cache_location = os.path.join(mpacks_staging_location, MPACKS_CACHE_DIRNAME)
# Create directories
if not os.path.exists(stack_location):
sudo.makedir(stack_location, 0755)
adjust_ownership_list.append((stack_location, "0755", "{0}", True))
change_ownership_list.append((stack_location,"{0}",True))
if not os.path.exists(extension_location):
sudo.makedir(extension_location, 0755)
adjust_ownership_list.append((extension_location, "0755", "{0}", True))
change_ownership_list.append((extension_location,"{0}",True))
if not os.path.exists(service_definitions_location):
sudo.makedir(service_definitions_location, 0755)
adjust_ownership_list.append((service_definitions_location, "0755", "{0}", True))
change_ownership_list.append((service_definitions_location,"{0}",True))
if not os.path.exists(mpacks_staging_location):
sudo.makedir(mpacks_staging_location, 0755)
adjust_ownership_list.append((mpacks_staging_location, "0755", "{0}", True))
change_ownership_list.append((mpacks_staging_location,"{0}",True))
if not os.path.exists(mpacks_cache_location):
sudo.makedir(mpacks_cache_location, 0755)
adjust_ownership_list.append((mpacks_cache_location, "0755", "{0}", True))
change_ownership_list.append((mpacks_cache_location,"{0}",True))
if not os.path.exists(dashboard_location):
sudo.makedir(dashboard_location, 0755)
sudo.makedir(os.path.join(dashboard_location, GRAFANA_DASHBOARDS_DIRNAME), 0755)
sudo.makedir(os.path.join(dashboard_location, SERVICE_METRICS_DIRNAME), 0755)
adjust_ownership_list.append((dashboard_location, "0755", "{0}", True))
change_ownership_list.append((dashboard_location,"{0}",True))
# Stage management pack (Stage at /var/lib/ambari-server/resources/mpacks/mpack_name-mpack_version)
mpack_name = mpack_metadata.name
mpack_version = mpack_metadata.version
mpack_dirname = mpack_name + "-" + mpack_version
mpack_staging_dir = os.path.join(mpacks_staging_location, mpack_dirname)
mpack_archive_path = os.path.join(mpacks_cache_location, os.path.basename(tmp_archive_path))
print_info_msg("Stage management pack {0}-{1} to staging location {2}".format(
mpack_name, mpack_version, mpack_staging_dir))
if os.path.exists(mpack_staging_dir):
if options.force:
print_info_msg("Force removing previously installed management pack from {0}".format(mpack_staging_dir))
sudo.rmtree(mpack_staging_dir)
else:
error_msg = "Management pack {0}-{1} already installed!".format(mpack_name, mpack_version)
print_error_msg(error_msg)
raise FatalException(-1, error_msg)
shutil.move(tmp_root_dir, mpack_staging_dir)
shutil.move(tmp_archive_path, mpack_archive_path)
# Process setup steps for all artifacts (stack-definitions, extension-definitions,
# service-definitions, stack-addon-service-definitions) in the management pack
for artifact in mpack_metadata.artifacts:
# Artifact name (Friendly name)
artifact_name = artifact.name
# Artifact type (stack-definitions, extension-definitions, service-definitions, etc)
artifact_type = artifact.type
# Artifact directory with contents of the artifact
artifact_source_dir = os.path.join(mpack_staging_dir, artifact.source_dir)
print_info_msg("Processing artifact {0} of type {1} in {2}".format(
artifact_name, artifact_type, artifact_source_dir))
if artifact.type == STACK_DEFINITIONS_ARTIFACT_NAME:
process_stack_definitions_artifact(artifact, artifact_source_dir, options)
elif artifact.type == EXTENSION_DEFINITIONS_ARTIFACT_NAME:
process_extension_definitions_artifact(artifact, artifact_source_dir, options)
elif artifact.type == SERVICE_DEFINITIONS_ARTIFACT_NAME:
process_service_definitions_artifact(artifact, artifact_source_dir, options)
elif artifact.type == STACK_ADDON_SERVICE_DEFINITIONS_ARTIFACT_NAME:
process_stack_addon_service_definitions_artifact(artifact, artifact_source_dir, options)
else:
print_info_msg("Unknown artifact {0} of type {1}".format(artifact_name, artifact_type))
ambari_user = read_ambari_user()
if ambari_user:
# This is required when a non-admin user is configured to setup ambari-server
print_info_msg("Adjusting file permissions and ownerships")
for pack in adjust_ownership_list:
file = pack[0]
mod = pack[1]
user = pack[2].format(ambari_user)
recursive = pack[3]
logger.info("Setting file permissions: {0} {1} {2} {3}".format(file, mod, user, recursive))
set_file_permissions(file, mod, user, recursive)
for pack in change_ownership_list:
path = pack[0]
user = pack[1].format(ambari_user)
recursive = pack[2]
logger.info("Changing ownership: {0} {1} {2}".format(path, user, recursive))
change_owner(path, user, recursive)
print_info_msg("Management pack {0}-{1} successfully installed! Please restart ambari-server.".format(mpack_name, mpack_version))
return mpack_metadata, mpack_name, mpack_version, mpack_staging_dir, mpack_archive_path
