def setup_ambari_krb5_jaas(): jaas_conf_file = search_file(SECURITY_KERBEROS_JASS_FILENAME, get_conf_dir()) if os.path.exists(jaas_conf_file): print 'Setting up Ambari kerberos JAAS configuration to access ' + \ 'secured Hadoop daemons...' principal = get_validated_string_input( 'Enter ambari server\'s kerberos ' 'principal name ([email protected]): ', '*****@*****.**', '.*', '', False, False) keytab = get_validated_string_input( 'Enter keytab path for ambari ' 'server\'s kerberos principal: ', '/etc/security/keytabs/ambari.keytab', '.*', False, False, validatorFunction=is_valid_filepath) for line in fileinput.FileInput(jaas_conf_file, inplace=1): line = re.sub('keyTab=.*$', 'keyTab="' + keytab + '"', line) line = re.sub('principal=.*$', 'principal="' + principal + '"', line) print line, else: raise NonFatalException('No jaas config file found at location: ' + jaas_conf_file)
def setup_sso(options): print_info_msg("Setup SSO.") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair(options) properties = get_sso_properties(ambari_properties, admin_login, admin_password) if not options.sso_enabled: sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None) if sso_enabled: sso_status = "enabled" if sso_enabled == "true" else "disabled" else: sso_status = "not configured" sys.stdout.write("\nSSO is currently %s\n" % sso_status) if sso_status == "enabled": enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False) else: if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' services = None if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password) enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services) properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false" properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false" properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else "" update_sso_conf(ambari_properties, properties, admin_login, admin_password) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def _setup_remote_database(self): properties = get_ambari_properties() if properties == -1: err = 'Error getting ambari properties' print_error_msg(err) raise FatalException(-1, err) if self.ensure_jdbc_driver_installed(properties): print 'Configuring remote database connection properties...' retcode = self._setup_remote_db() if retcode == -1: err = "Remote database setup aborted." raise NonFatalException(err) if not retcode == 0: err = 'Error while configuring connection properties. Exiting' raise FatalException(retcode, err)
def setup_sso(options): logger.info("Setup SSO.") if not is_root(): raise FatalException( 4, 'ambari-server setup-sso should be run with root-level privileges') if not get_silent(): validateOptions(options) properties = get_ambari_properties() must_setup_params = False if not options.sso_enabled: sso_enabled = properties.get_property( JWT_AUTH_ENBABLED).lower() in ['true'] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False else: properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled) must_setup_params = options.sso_enabled == 'true' if must_setup_params: populateSsoProviderUrl(options, properties) populateSsoPublicCert(options, properties) populateJwtCookieName(options, properties) populateJwtAudiences(options, properties) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def _reset_local_database(self): #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" # Run automatic reset only for embedded DB okToRun = get_YN_input( "Confirm server reset [yes/no]({0})? ".format(default), get_silent()) if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) print "Resetting the Server database..." dbname = self.database_name filename = self.drop_tables_script_file username = self.database_username password = self.database_password command = PGConfig.SETUP_DB_CMD[:] command[-1] = command[-1].format(filename, username, password, dbname) drop_retcode, drop_outdata, drop_errdata = run_os_command(command) if not drop_retcode == 0: raise FatalException(1, drop_errdata) if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata: raise FatalException( 1, "Database is in use. Please, make sure all connections to the database are closed" ) if drop_errdata and get_verbose(): print_warning_msg(drop_errdata) print_info_msg("About to run database setup") retcode, outdata, errdata = self._setup_db() if errdata and get_verbose(): print_warning_msg(errdata) if (errdata and 'ERROR' in errdata.upper()) or ( drop_errdata and 'ERROR' in drop_errdata.upper()): err = "Non critical error in DDL" if not get_verbose(): err += ", use --verbose for more information" raise NonFatalException(err)
def is_server_runing(): pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME) if os.path.exists(pid_file_path): try: f = open(pid_file_path, "r") except IOError, ex: raise FatalException(1, str(ex)) pid = f.readline().strip() if not pid.isdigit(): err = "%s is corrupt. Removing" % (pid_file_path) f.close() run_os_command("rm -f " + pid_file_path) raise NonFatalException(err) f.close() retcode, out, err = run_os_command("ps -p " + pid) if retcode == 0: return True, int(pid) else: return False, None
def _reset_remote_database(self): super(MSSQLConfig, self)._reset_remote_database() raise NonFatalException("Please replace '*' symbols with password before running DDL`s!")
def _reset_remote_database(self): super(PGConfig, self)._reset_remote_database() raise NonFatalException("Please set DB password to PGPASSWORD env variable before running DDL`s!")
def setup_sso(options): logger.info("Setup SSO.") if not is_root(): raise FatalException( 4, 'ambari-server setup-sso should be run with root-level privileges') server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) if not options.sso_enabled: sso_enabled_from_db = get_sso_property_from_db( properties, admin_login, admin_password, SSO_MANAGE_SERVICES) sso_enabled = sso_enabled_from_db == None or sso_enabled_from_db in [ 'true' ] print_info_msg( "SSO is currently {0}".format( "not configured" if sso_enabled_from_db == None else ( "enabled" if sso_enabled else "disabled")), True) if sso_enabled: enable_sso = not get_YN_input( "Do you want to disable SSO authentication [y/n] (n)? ", False) else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' services = '' if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) services = get_services_requires_sso(options, properties, admin_login, admin_password) update_sso_conf(properties, enable_sso, services, admin_login, admin_password) enable_jwt_auth = WILDCARD_FOR_ALL_SERVICES == services or SERVICE_NAME_AMBARI in services properties.process_pair(JWT_AUTH_ENBABLED, "true" if enable_jwt_auth else "false") update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_sso(args): logger.info("Setup SSO.") if not is_root(): err = 'ambari-server setup-sso should be run with ' \ 'root-level privileges' raise FatalException(4, err) if not get_silent(): properties = get_ambari_properties() must_setup_params = False store_new_cert = False sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [ 'true' ] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False if must_setup_params: provider_url = get_value_from_properties( properties, JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT) provider_url = get_validated_string_input( "Provider URL [URL] ({0}):".format(provider_url), provider_url, REGEX_ANYTHING, "Invalid provider URL", False) properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url) cert_path = properties.get_property(JWT_PUBLIC_KEY) cert_string = get_multi_line_input( "Public Certificate pem ({0})".format( 'stored' if cert_path else 'empty')) if cert_string is not None: store_new_cert = True if get_YN_input( "Do you want to configure advanced properties [y/n] (n) ?", False): cookie_name = get_value_from_properties( properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input( "JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) properties.process_pair(JWT_COOKIE_NAME, cookie_name) audiences = properties.get_property(JWT_AUDIENCES) audiences = get_validated_string_input( "JWT audiences list (comma-separated), empty for any ({0}):" .format(audiences), audiences, REGEX_ANYTHING, "Invalid value", False) properties.process_pair(JWT_AUDIENCES, audiences) # TODO not required for now as we support Knox only # orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT) # orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param), # orig_query_param, # REGEX_ANYTHING, # "Invalid value", # False) # properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param) if store_new_cert: full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER cert_path = store_password_file(full_cert, JWT_PUBLIC_KEY_FILENAME) properties.process_pair(JWT_PUBLIC_KEY, cert_path) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-https' command") ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err) else: warning = "setup-https is not enabled in silent mode." raise NonFatalException(warning) def setup_truststore(import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
def setup_sso(options): print_info_msg("Setup SSO.") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) properties = get_sso_properties(ambari_properties, admin_login, admin_password) if not options.sso_enabled: ambari_auth_enabled = get_value_from_dictionary( properties, AMBARI_SSO_AUTH_ENABLED) manage_services = get_value_from_dictionary( properties, SSO_MANAGE_SERVICES) if ambari_auth_enabled or manage_services: if (ambari_auth_enabled and 'true' == ambari_auth_enabled) or \ (manage_services and 'true' == manage_services): sso_status = "enabled" else: sso_status = "disabled" else: sso_status = "not configured" sys.stdout.write("\nSSO is currently %s\n" % sso_status) if sso_status == "enabled": enable_sso = not get_YN_input( "Do you want to disable SSO authentication [y/n] (n)? ", False) elif get_YN_input( "Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_ambari_requires_sso(options, properties) populate_service_management(options, properties, ambari_properties, admin_login, admin_password) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) update_sso_conf(ambari_properties, properties, admin_login, admin_password) else: remove_sso_conf(ambari_properties, admin_login, admin_password) else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_trusted_proxy(options): print_info_msg("Setup Trusted Proxy") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair( options) properties = get_trusted_proxy_properties(ambari_properties, admin_login, admin_password) if not options.tproxy_enabled: tproxy_support_enabled = get_value_from_dictionary( properties, TPROXY_SUPPORT_ENABLED) if tproxy_support_enabled: if 'true' == tproxy_support_enabled: tproxy_status = "enabled" else: tproxy_status = "disabled" else: tproxy_status = "not configured" print_info_msg("\nTrusted Proxy support is currently %s\n" % tproxy_status) if tproxy_status == "enabled": enable_tproxy = not get_YN_input( "Do you want to disable Trusted Proxy support [y/n] (n)? ", False) elif get_YN_input( "Do you want to configure Trusted Proxy Support [y/n] (y)? ", True): enable_tproxy = True else: return False else: enable_tproxy = options.tproxy_enabled == 'true' if enable_tproxy: properties[TPROXY_SUPPORT_ENABLED] = "true" if not options.tproxy_configuration_file_path: add_new_trusted_proxy = add_new_trusted_proxy_config( properties) while add_new_trusted_proxy: add_new_trusted_proxy = add_new_trusted_proxy_config( properties) else: parse_trusted_configuration_file( options.tproxy_configuration_file_path, properties) update_tproxy_conf(ambari_properties, properties, admin_login, admin_password) else: remove_tproxy_conf(ambari_properties, admin_login, admin_password) else: warning = "setup-trusted-proxy is not enabled in silent mode." raise NonFatalException(warning) pass