def SvcDoRun(self): from ambari_server_main import server_process_main scmStatus = SvcStatusCallback(self) properties = get_ambari_properties() self.options.verbose = get_value_from_properties( properties, VERBOSE_OUTPUT_KEY, False) self.options.debug = get_value_from_properties(properties, DEBUG_MODE_KEY, False) self.options.suspend_start = get_value_from_properties( properties, SUSPEND_START_MODE_KEY, False) # set verbose set_verbose(self.options.verbose) self.redirect_output_streams() childProc = server_process_main(self.options, scmStatus) if not self._StopOrWaitForChildProcessToFinish(childProc): return pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME) remove_file(pid_file_path) pass
def select_dbms(self, options): try: dbms_index = options.database_index except AttributeError: db_name = get_value_from_properties(get_ambari_properties(), JDBC_DATABASE_PROPERTY, "").strip().lower() persistence_type = get_value_from_properties( get_ambari_properties(), PERSISTENCE_TYPE_PROPERTY, "").strip().lower() if persistence_type == STORAGE_TYPE_LOCAL: dbms_index = self.DBMS_KEYS_LIST.index("embedded") elif db_name: dbms_index = self.DBMS_KEYS_LIST.index(db_name) else: dbms_index = self._get_default_dbms_index(options) if options.must_set_database_options: n_dbms = 1 dbms_choice_prompt = "==============================================================================\n" \ "Choose one of the following options:\n" dbms_choices = '' for desc in self.DBMS_LIST: if len(desc.storage_name) > 0: dbms_storage = " ({0})".format(desc.storage_name) else: dbms_storage = "" dbms_choice_prompt += self.DBMS_PROMPT_PATTERN.format( n_dbms, desc.dbms_name, dbms_storage) dbms_choices += str(n_dbms) n_dbms += 1 database_num = str(dbms_index + 1) dbms_choice_prompt += self.DBMS_CHOICE_PROMPT_PATTERN.format( database_num) dbms_valid_choices = self.JDK_VALID_CHOICES_PATTERN.format( dbms_choices) database_num = get_validated_string_input(dbms_choice_prompt, database_num, dbms_valid_choices, "Invalid number.", False) dbms_index = int(database_num) - 1 if dbms_index >= n_dbms: print_info_msg('Unknown db option, default to {0} {1}.'.format( self.DBMS_LIST[0].storage_name, self.DBMS_LIST[0].dbms_name)) dbms_index = 0 return dbms_index
def extract_views(): java_exe_path = get_java_exe_path() if java_exe_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 properties = get_ambari_properties() if properties == -1: print_error_msg("Error getting ambari properties") return -1 vdir = get_value_from_properties(properties, VIEWS_DIR_PROPERTY, configDefaults.DEFAULT_VIEWS_DIR) files = [f for f in os.listdir(vdir) if os.path.isfile(os.path.join(vdir,f))] for f in files: command = VIEW_EXTRACT_CMD.format(java_exe_path, get_full_ambari_classpath(), os.path.join(vdir,f)) retcode, stdout, stderr = run_os_command(command) if retcode == 0: sys.stdout.write(f + "\n") elif retcode == 2: sys.stdout.write("Error extracting " + f + "\n") else: sys.stdout.write(".") sys.stdout.flush() print_info_msg("Return code from extraction of view archive " + f + ": " + str(retcode)) sys.stdout.write("\n") return 0
def setup_pam(): if not is_root(): err = 'Ambari-server setup-pam should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() if get_value_from_properties(properties, CLIENT_SECURITY_KEY, "") == 'ldap': err = "LDAP is configured. Can not setup PAM." raise FatalException(1, err) pam_property_value_map = {} pam_property_value_map[CLIENT_SECURITY_KEY] = 'pam' pamConfig = get_validated_string_input("Enter PAM configuration file: ", PAM_CONFIG_FILE, REGEX_ANYTHING, "Invalid characters in the input!", False, False) pam_property_value_map[PAM_CONFIG_FILE] = pamConfig if get_YN_input( "Do you want to allow automatic group creation [y/n] (y)? ", True): pam_property_value_map[AUTO_GROUP_CREATION] = 'true' else: pam_property_value_map[AUTO_GROUP_CREATION] = 'false' update_properties_2(properties, pam_property_value_map) print 'Saving...done' return 0
def get_default_dbms_name(self): properties = get_ambari_properties() default_dbms_name = get_value_from_properties(properties, DEFAULT_DBMS_PROPERTY, "").strip().lower() if default_dbms_name not in self.DBMS_KEYS_LIST: return "" else: return default_dbms_name
def _init_member_with_properties(options, attr_name, properties, property_key): options_val = getattr(options, attr_name, None) if options_val is None or options_val is "": options_val = get_value_from_properties(properties, property_key, None) return options_val
def __init__(self, properties, i_option, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None): self.prop_name = i_prop_name self.option = i_option self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default) self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name)) self.prompt_regex = i_prompt_regex self.allow_empty_prompt = i_allow_empty_prompt
def _install_jdbc_driver(self, properties, files_list): driver_path = get_value_from_properties(properties, JDBC_DRIVER_PATH_PROPERTY, None) if driver_path is None or driver_path == "": driver_path = self._get_jdbc_driver_path() properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, driver_path) return True return False
def select_dbms(self, options): try: dbms_index = options.database_index except AttributeError: db_name = get_value_from_properties(get_ambari_properties(), JDBC_DATABASE_PROPERTY, "").strip().lower() persistence_type = get_value_from_properties(get_ambari_properties(), PERSISTENCE_TYPE_PROPERTY, "").strip().lower() if persistence_type == STORAGE_TYPE_LOCAL: dbms_index = self.DBMS_KEYS_LIST.index("embedded") elif db_name: dbms_index = self.DBMS_KEYS_LIST.index(db_name) else: dbms_index = self._get_default_dbms_index(options) if options.must_set_database_options: n_dbms = 1 dbms_choice_prompt = "==============================================================================\n" \ "Choose one of the following options:\n" dbms_choices = '' for desc in self.DBMS_LIST: if len(desc.storage_name) > 0: dbms_storage = " ({0})".format(desc.storage_name) else: dbms_storage = "" dbms_choice_prompt += self.DBMS_PROMPT_PATTERN.format(n_dbms, desc.dbms_name, dbms_storage) dbms_choices += str(n_dbms) n_dbms += 1 database_num = str(dbms_index + 1) dbms_choice_prompt += self.DBMS_CHOICE_PROMPT_PATTERN.format(database_num) dbms_valid_choices = self.JDK_VALID_CHOICES_PATTERN.format(dbms_choices) database_num = get_validated_string_input( dbms_choice_prompt, database_num, dbms_valid_choices, "Invalid number.", False ) dbms_index = int(database_num) - 1 if dbms_index >= n_dbms: print_info_msg('Unknown db option, default to {0} {1}.'.format( self.DBMS_LIST[0].storage_name, self.DBMS_LIST[0].dbms_name)) dbms_index = 0 return dbms_index
def _read_password_from_properties(properties, options): database_password = DEFAULT_PASSWORD password_file = get_value_from_properties(properties, JDBC_PASSWORD_PROPERTY, "") if password_file: if is_alias_string(password_file): database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS, options) else: if os.path.isabs(password_file) and os.path.exists(password_file): with open(password_file, 'r') as file: database_password = file.read() return database_password
def populate_sso_provider_url(options, properties): if not options.sso_provider_url: provider_url = get_value_from_properties( properties, JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT) provider_url = get_validated_string_input( "Provider URL [URL] ({0}):".format(provider_url), provider_url, REGEX_URL, "Invalid provider URL", False) else: provider_url = options.sso_provider_url properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url)
def migrate_ldap_pam(args): properties = get_ambari_properties() if get_value_from_properties(properties,CLIENT_SECURITY,"") != 'pam': err = "PAM is not configured. Please configure PAM authentication first." raise FatalException(1, err) db_title = get_db_type(properties).title confirm = get_YN_input("Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 # At this point, the args does not have the ambari database information. # Augment the args with the correct ambari database information parse_properties_file(args) ensure_jdbc_driver_is_installed(args, properties) print 'Migrating LDAP Users & Groups to PAM' serverClassPath = ServerClassPath(properties, args) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell() command = LDAP_TO_PAM_MIGRATION_HELPER_CMD.format(jdk_path, class_path) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(args, ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg("Return code from LDAP to PAM migration command, retcode = " + str(retcode)) if stdout: print "Console output from LDAP to PAM migration command:" print stdout print if stderr: print "Error output from LDAP to PAM migration command:" print stderr print if retcode > 0: print_error_msg("Error executing LDAP to PAM migration, please check the server logs.") else: print_info_msg('LDAP to PAM migration completed') return retcode
def populate_jwt_cookie_name(options, properties): if not options.sso_jwt_cookie_name: cookie_name = get_value_from_properties(properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input( "JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) else: cookie_name = options.sso_jwt_cookie_name properties.process_pair(JWT_COOKIE_NAME, cookie_name)
def _read_password_from_properties(properties): database_password = DEFAULT_PASSWORD password_file = get_value_from_properties(properties, JDBC_PASSWORD_PROPERTY, "") if password_file: if is_alias_string(password_file): database_password = decrypt_password_for_alias(properties, JDBC_RCA_PASSWORD_ALIAS) else: if os.path.isabs(password_file) and os.path.exists(password_file): with open(password_file, 'r') as file: database_password = file.read() return database_password
def get_and_persist_truststore_type(properties, options): truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY) if not truststore_type: SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks") truststore_type = get_validated_string_input( "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)), SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer = options.trust_store_type) if truststore_type: properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type) return truststore_type
def SvcDoRun(self): from ambari_server_main import server_process_main scmStatus = SvcStatusCallback(self) properties = get_ambari_properties() self.options.verbose = get_value_from_properties(properties, VERBOSE_OUTPUT_KEY, False) self.options.debug = get_value_from_properties(properties, DEBUG_MODE_KEY, False) self.options.suspend_start = get_value_from_properties(properties, SUSPEND_START_MODE_KEY, False) # set verbose set_verbose(self.options.verbose) self.redirect_output_streams() childProc = server_process_main(self.options, scmStatus) if not self._StopOrWaitForChildProcessToFinish(childProc): return pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME) remove_file(pid_file_path) pass
def get_and_persist_truststore_path(properties, options): truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY) if not truststore_path: SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY) while not truststore_path: truststore_path = get_validated_string_input( "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)), SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path) if truststore_path: properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path) return truststore_path
def get_truststore_type(properties): truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY) if not truststore_type: SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks") truststore_type = get_validated_string_input( "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)), SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False) if truststore_type: properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type) return truststore_type
def _is_jdbc_user_changed(database_username): properties = get_ambari_properties() if properties == -1: print_error_msg("Error getting ambari properties") return None previos_user = get_value_from_properties(properties, JDBC_USER_NAME_PROPERTY, "") if previos_user and database_username: if previos_user != database_username: return True else: return False return None
def adjust_directory_permissions(ambari_user): properties = get_ambari_properties() bootstrap_dir = os.path.abspath(get_value_from_properties(properties, BOOTSTRAP_DIR_PROPERTY)) print_info_msg("Cleaning bootstrap directory ({0}) contents...".format(bootstrap_dir)) if os.path.exists(bootstrap_dir): shutil.rmtree(bootstrap_dir) #Ignore the non-existent dir error if not os.path.exists(bootstrap_dir): try: os.makedirs(bootstrap_dir) except Exception, ex: print_warning_msg("Failed recreating the bootstrap directory: {0}".format(str(ex))) pass
def get_truststore_path(properties): truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY) if not truststore_path: SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY) while not truststore_path: truststore_path = get_validated_string_input( "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)), SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False) if truststore_path: properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path) return truststore_path
def adjust_directory_permissions(ambari_user): properties = get_ambari_properties() bootstrap_dir = os.path.abspath(get_value_from_properties(properties, BOOTSTRAP_DIR_PROPERTY)) print_info_msg("Cleaning bootstrap directory ({0}) contents...".format(bootstrap_dir)) shutil.rmtree(bootstrap_dir, True) #Ignore the non-existent dir error #Protect against directories lingering around del_attempts = 0 while os.path.exists(bootstrap_dir) and del_attempts < 100: time.sleep(50) del_attempts += 1 if not os.path.exists(bootstrap_dir): try: os.makedirs(bootstrap_dir) except Exception, ex: print_warning_msg("Failed recreating the bootstrap directory: {0}".format(str(ex))) pass
def setup_pam(options): if not is_root(): err = 'Ambari-server setup-pam should be run with root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() if get_value_from_properties(properties,CLIENT_SECURITY,"") == 'ldap': query = "LDAP is currently configured, do you wish to use PAM instead [y/n] (n)? " if get_YN_input(query, False): pass else: err = "LDAP is configured. Can not setup PAM." raise FatalException(1, err) pam_property_list_reqd = init_pam_properties_list_reqd(properties, options) pam_property_value_map = {} pam_property_value_map[CLIENT_SECURITY] = 'pam' for pam_prop in pam_property_list_reqd: input = get_validated_string_input(pam_prop.pam_prop_val_prompt, pam_prop.pam_prop_name, pam_prop.prompt_regex, "Invalid characters in the input!", False, pam_prop.allow_empty_prompt, answer = pam_prop.option) if input is not None and input != "": pam_property_value_map[pam_prop.prop_name] = input # Verify that the PAM config file exists, else show warning... pam_config_file = pam_property_value_map[PAM_CONFIG_FILE] if not os.path.exists(pam_config_file): print_warning_msg("The PAM configuration file, {0} does not exist. " \ "Please create it before restarting Ambari.".format(pam_config_file)) update_properties_2(properties, pam_property_value_map) print 'Saving...done' return 0
def setup_ldap(options): logger.info("Setup LDAP.") properties = get_ambari_properties() server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) current_client_security = get_value_from_properties(properties,CLIENT_SECURITY,"no auth method") if current_client_security != 'ldap': query = "Currently '" + current_client_security + "' is configured, do you wish to use LDAP instead [y/n] (n)? " if get_YN_input(query, False): pass else: err = "Currently '" + current_client_security + "' configured. Can not setup LDAP." raise FatalException(1, err) isSecure = get_is_secure(properties) ldap_property_list_reqd = init_ldap_properties_list_reqd(properties, options) ldap_property_list_opt = [LDAP_MGR_USERNAME_PROPERTY, LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] LDAP_MGR_DN_DEFAULT = None SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks") SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY) ldap_property_value_map = {} for ldap_prop in ldap_property_list_reqd: input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex, "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt, answer = ldap_prop.option) if input is not None and input != "": ldap_property_value_map[ldap_prop.prop_name] = input bindAnonymously = ldap_property_value_map[LDAP_ANONYMOUS_BIND] anonymous = (bindAnonymously and bindAnonymously.lower() == 'true') mgr_password = None # Ask for manager credentials only if bindAnonymously is false if not anonymous: username = get_validated_string_input("Manager DN* {0}: ".format( get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*", "Invalid characters in the input!", False, False, answer = options.ldap_manager_dn) ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username mgr_password = configure_ldap_password(options) ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password useSSL = ldap_property_value_map[LDAP_USE_SSL] ldaps = (useSSL and useSSL.lower() == 'true') ts_password = None if ldaps: truststore_default = "n" truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT) if truststore_set: truststore_default = "y" custom_trust_store = True if options.trust_store_path is not None and options.trust_store_path else False if not custom_trust_store: custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?". format(truststore_default), truststore_set) if custom_trust_store: ts_type = get_validated_string_input("TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)), SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer=options.trust_store_type) ts_path = None while True: ts_path = get_validated_string_input("Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)), SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path) if os.path.exists(ts_path): break else: print 'File not found.' hasAnswer = options.trust_store_path is not None and options.trust_store_path quit_if_has_answer(hasAnswer) ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password", options.trust_store_password) ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password pass elif properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY): print 'The TrustStore is already configured: ' print ' ' + SSL_TRUSTSTORE_TYPE_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY) print ' ' + SSL_TRUSTSTORE_PATH_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY) print ' ' + SSL_TRUSTSTORE_PASSWORD_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY) if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True, options.trust_store_reconfigure): properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY) pass pass print '=' * 20 print 'Review Settings' print '=' * 20 for property in ldap_property_list_reqd: if ldap_property_value_map.has_key(property): print("%s: %s" % (property, ldap_property_value_map[property])) for property in ldap_property_list_opt: if ldap_property_value_map.has_key(property): if property not in ldap_property_list_passwords: print("%s: %s" % (property, ldap_property_value_map[property])) else: print("%s: %s" % (property, BLIND_PASSWORD)) save_settings = True if options.ldap_save_settings is not None else get_YN_input("Save settings [y/n] (y)? ", True) if save_settings: if isSecure: if mgr_password: encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, options) if mgr_password != encrypted_passwd: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd pass if ts_password: encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password, options) if ts_password != encrypted_passwd: ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd pass pass # Persisting values if mgr_password: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME) print 'Saving LDAP properties...' ldap_property_value_map[IS_LDAP_CONFIGURED] = "true" #Saving LDAP configuration in Ambari DB using the REST API update_ldap_configuration(properties, ldap_property_value_map) #The only property we want to write out in Ambari.properties is the client.security type being LDAP ldap_property_value_map.clear() ldap_property_value_map[CLIENT_SECURITY] = 'ldap' update_properties_2(properties, ldap_property_value_map) print 'Saving LDAP properties finished' return 0
if not stack_version: Logger.error( "Could not parse HDP version from output of hdp-select: %s" % str(out)) return 1 else: stack_version = options.hdp_version return stack_version parser = OptionParser() parser.add_option("-d", "--database-driver", dest="sql_driver_path", default=get_value_from_properties( get_ambari_properties(), JDBC_DRIVER_PATH_PROPERTY, DEFAULT_SQL_DRIVER_PATH), help="Path to JDBC driver") parser.add_option("-f", "--fs-type", dest="fs_type", default="wasb", help="Expected protocol of fs.defaultFS") parser.add_option("-v", "--hdp-version", dest="hdp_version", default="", help="hdp-version used in path of tarballs") parser.add_option("-u", "--upgrade", dest="upgrade",
def sync_ldap(options): logger.info("Sync users and groups with configured LDAP.") if not is_root(): err = 'Ambari-server sync-ldap should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() if get_value_from_properties(properties, CLIENT_SECURITY_KEY, "") == 'pam': err = "PAM is configured. Can not sync LDAP." raise FatalException(1, err) server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if properties == -1: raise FatalException(1, "Failed to read properties file.") ldap_configured = properties.get_property(IS_LDAP_CONFIGURED) if ldap_configured != 'true': err = "LDAP is not configured. Run 'ambari-server setup-ldap' first." raise FatalException(1, err) # set ldap sync options ldap_sync_options = LdapSyncOptions(options) if ldap_sync_options.no_ldap_sync_options_set(): err = 'Must specify a sync option (all, existing, users or groups). Please invoke ambari-server.py --help to print the options.' raise FatalException(1, err) admin_login = ldap_sync_options.ldap_sync_admin_name\ if ldap_sync_options.ldap_sync_admin_name is not None and ldap_sync_options.ldap_sync_admin_name \ else get_validated_string_input(prompt="Enter Ambari Admin login: "******"Enter Ambari Admin password: "******"Event": { "specs": [{ "principal_type": "users", "sync_type": "all" }, { "principal_type": "groups", "sync_type": "all" }] } }] elif ldap_sync_options.ldap_sync_existing: sys.stdout.write('Syncing existing.') bodies = [{ "Event": { "specs": [{ "principal_type": "users", "sync_type": "existing" }, { "principal_type": "groups", "sync_type": "existing" }] } }] else: sys.stdout.write('Syncing specified users and groups.') bodies = [{"Event": {"specs": []}}] body = bodies[0] events = body['Event'] specs = events['specs'] if ldap_sync_options.ldap_sync_users is not None: new_specs = [{ "principal_type": "users", "sync_type": "specific", "names": "" }] get_ldap_event_spec_names(ldap_sync_options.ldap_sync_users, specs, new_specs) if ldap_sync_options.ldap_sync_groups is not None: new_specs = [{ "principal_type": "groups", "sync_type": "specific", "names": "" }] get_ldap_event_spec_names(ldap_sync_options.ldap_sync_groups, specs, new_specs) if get_verbose(): sys.stdout.write('\nCalling API ' + url + ' : ' + str(bodies) + '\n') request.add_data(json.dumps(bodies)) request.get_method = lambda: 'POST' try: response = urllib2.urlopen(request) except Exception as e: err = 'Sync event creation failed. Error details: %s' % e raise FatalException(1, err) response_status_code = response.getcode() if response_status_code != 201: err = 'Error during syncing. Http status code - ' + str( response_status_code) raise FatalException(1, err) response_body = json.loads(response.read()) url = response_body['resources'][0]['href'] request = urllib2.Request(url) request.add_header('Authorization', 'Basic %s' % admin_auth) request.add_header('X-Requested-By', 'ambari') body = [{"LDAP": {"synced_groups": "*", "synced_users": "*"}}] request.add_data(json.dumps(body)) request.get_method = lambda: 'GET' request_in_progress = True while request_in_progress: sys.stdout.write('.') sys.stdout.flush() try: response = urllib2.urlopen(request) except Exception as e: request_in_progress = False err = 'Sync event check failed. Error details: %s' % e raise FatalException(1, err) response_status_code = response.getcode() if response_status_code != 200: err = 'Error during syncing. Http status code - ' + str( response_status_code) raise FatalException(1, err) response_body = json.loads(response.read()) sync_info = response_body['Event'] if sync_info['status'] == 'ERROR': raise FatalException(1, str(sync_info['status_detail'])) elif sync_info['status'] == 'COMPLETE': print '\n\nCompleted LDAP Sync.' print 'Summary:' for principal_type, summary in sync_info['summary'].iteritems(): print ' {0}:'.format(principal_type) for action, amount in summary.iteritems(): print ' {0} = {1!s}'.format(action, amount) request_in_progress = False else: time.sleep(1) sys.stdout.write('\n') sys.stdout.flush()
def __init__(self, properties, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None): self.prop_name = i_prop_name self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default) self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name)) self.prompt_regex = i_prompt_regex self.allow_empty_prompt = i_allow_empty_prompt
def setup_ldap(): if not is_root(): err = 'Ambari-server setup-ldap should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() isSecure = get_is_secure(properties) ldap_property_list_reqd = init_ldap_properties_list_reqd(properties) ldap_property_list_opt = ["authentication.ldap.managerDn", LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0]) SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks") SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY) ldap_property_value_map = {} for ldap_prop in ldap_property_list_reqd: input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex, "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt) if input is not None and input != "": ldap_property_value_map[ldap_prop.prop_name] = input bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"] anonymous = (bindAnonymously and bindAnonymously.lower() == 'true') mgr_password = None # Ask for manager credentials only if bindAnonymously is false if not anonymous: username = get_validated_string_input("Manager DN* {0}: ".format( get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*", "Invalid characters in the input!", False, False) ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username mgr_password = configure_ldap_password() ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password useSSL = ldap_property_value_map["authentication.ldap.useSSL"] ldaps = (useSSL and useSSL.lower() == 'true') ts_password = None if ldaps: truststore_default = "n" truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT) if truststore_set: truststore_default = "y" custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?". format(truststore_default), truststore_set) if custom_trust_store: ts_type = get_validated_string_input( "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)), SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False) ts_path = None while True: ts_path = get_validated_string_input( "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)), SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False) if os.path.exists(ts_path): break else: print 'File not found.' ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password") ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password pass else: properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY) pass pass print '=' * 20 print 'Review Settings' print '=' * 20 for property in ldap_property_list_reqd: if property in ldap_property_value_map: print("%s: %s" % (property, ldap_property_value_map[property])) for property in ldap_property_list_opt: if ldap_property_value_map.has_key(property): if property not in ldap_property_list_passwords: print("%s: %s" % (property, ldap_property_value_map[property])) else: print("%s: %s" % (property, BLIND_PASSWORD)) save_settings = get_YN_input("Save settings [y/n] (y)? ", True) if save_settings: ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap' if isSecure: if mgr_password: encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password) if mgr_password != encrypted_passwd: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd pass if ts_password: encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password) if ts_password != encrypted_passwd: ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd pass pass # Persisting values ldap_property_value_map[IS_LDAP_CONFIGURED] = "true" if mgr_password: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME) update_properties_2(properties, ldap_property_value_map) print 'Saving...done' return 0
def setup_sso(args): logger.info("Setup SSO.") if not is_root(): err = 'ambari-server setup-sso should be run with ' \ 'root-level privileges' raise FatalException(4, err) if not get_silent(): properties = get_ambari_properties() must_setup_params = False store_new_cert = False sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [ 'true' ] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False if must_setup_params: provider_url = get_value_from_properties( properties, JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT) provider_url = get_validated_string_input( "Provider URL [URL] ({0}):".format(provider_url), provider_url, REGEX_ANYTHING, "Invalid provider URL", False) properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url) cert_path = properties.get_property(JWT_PUBLIC_KEY) cert_string = get_multi_line_input( "Public Certificate pem ({0})".format( 'stored' if cert_path else 'empty')) if cert_string is not None: store_new_cert = True if get_YN_input( "Do you want to configure advanced properties [y/n] (n) ?", False): cookie_name = get_value_from_properties( properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input( "JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) properties.process_pair(JWT_COOKIE_NAME, cookie_name) audiences = properties.get_property(JWT_AUDIENCES) audiences = get_validated_string_input( "JWT audiences list (comma-separated), empty for any ({0}):" .format(audiences), audiences, REGEX_ANYTHING, "Invalid value", False) properties.process_pair(JWT_AUDIENCES, audiences) # TODO not required for now as we support Knox only # orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT) # orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param), # orig_query_param, # REGEX_ANYTHING, # "Invalid value", # False) # properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param) if store_new_cert: full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER cert_path = store_password_file(full_cert, JWT_PUBLIC_KEY_FILENAME) properties.process_pair(JWT_PUBLIC_KEY, cert_path) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass