def reset(options):
if not is_root():
err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT
raise FatalException(4, err)
status, stateDesc = is_server_runing()
if status:
err = 'Ambari-server must be stopped to reset'
raise FatalException(1, err)
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
choice = get_YN_input("**** WARNING **** You are about to reset and clear the "
"Ambari Server database. This will remove all cluster "
"host and configuration information from the database. "
"You will be required to re-configure the Ambari server "
"and re-run the cluster wizard. \n"
"Are you SURE you want to perform the reset "
"[yes/no] ({0})? ".format(default), get_silent())
okToRun = choice
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
_reset_database(options)
pass
def get_choice_string_input(prompt,
default,
firstChoice,
secondChoice,
answer=None):
if get_silent():
print(prompt)
return default
hasAnswer = answer is not None and answer
if hasAnswer:
print(prompt)
input = True
result = default
while input:
choice = str(answer) if hasAnswer else raw_input(prompt).lower()
if choice in firstChoice:
result = True
input = False
elif choice in secondChoice:
result = False
input = False
elif choice is "": # Just enter pressed
result = default
input = False
else:
print "input not recognized, please try again: "
quit_if_has_answer(hasAnswer)
return result
def setup_component_https(component, command, property, alias):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
use_https = properties.get_property(property) in ['true']
if use_https:
if get_YN_input(
"Do you want to disable HTTPS for " + component +
" [y/n] (n)? ", False):
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_component_https_cmd(
get_delete_cert_command(jdk_path, alias, truststore_path,
truststore_password))
properties.process_pair(property, "false")
else:
return
else:
if get_YN_input(
"Do you want to configure HTTPS for " + component +
" [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_os_command(
get_delete_cert_command(jdk_path, alias, truststore_path,
truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to " + component + " Certificate: ", \
"Certificate not found")
run_component_https_cmd(
get_import_cert_command(jdk_path, alias, truststore_type,
import_cert_path, truststore_path,
truststore_password))
properties.process_pair(property, "true")
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server " + command + "' command")
else:
print command + " is not enabled in silent mode."
def _create_custom_user(self):
user = get_validated_string_input(
"Enter user account for ambari-server service ({0}):".format(self.user),
self.user, None,
"Invalid username.",
False
)
if user in self.NR_SYSTEM_USERS:
self.user = user
return 0
if get_silent():
password = self.password
else:
password = get_validated_string_input("Enter password for user {0}:".format(user), "", None, "Password", True, False)
from ambari_commons.os_windows import UserHelper
uh = UserHelper(user)
if uh.find_user():
print_info_msg("User {0} already exists, make sure that you typed correct password for user, "
"skipping user creation".format(user))
else:
status, message = uh.create_user(password)
if status == UserHelper.USER_EXISTS:
print_info_msg("User {0} already exists, make sure that you typed correct password for user, "
"skipping user creation".format(user))
elif status == UserHelper.ACTION_FAILED: # fail
print_warning_msg("Can't create user {0}. Failed with message {1}".format(user, message))
return UserHelper.ACTION_FAILED
self.password = password
# setting SeServiceLogonRight and SeBatchLogonRight to user
#This is unconditional
status, message = uh.add_user_privilege('SeServiceLogonRight')
if status == UserHelper.ACTION_FAILED:
print_warning_msg("Can't add SeServiceLogonRight to user {0}. Failed with message {1}".format(user, message))
return UserHelper.ACTION_FAILED
status, message = uh.add_user_privilege('SeBatchLogonRight')
if status == UserHelper.ACTION_FAILED:
print_warning_msg("Can't add SeBatchLogonRight to user {0}. Failed with message {1}".format(user, message))
return UserHelper.ACTION_FAILED
print_info_msg("User configuration is done.")
print_warning_msg("When using non SYSTEM user make sure that your user has read\write access to log directories and "
"all server directories. In case of integrated authentication for SQL Server make sure that your "
"user is properly configured to access the ambari database.")
if user.find('\\') == -1:
user = '******' + user
self.user = user
return 0
def setup_https(args):
if not is_root():
err = 'ambari-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT)
api_ssl_old_value = properties.get_property(SSL_API)
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-https' command")
if api_ssl_old_value != properties.get_property(SSL_API) \
or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT):
print "Ambari server URL changed. To make use of the Tez View in Ambari " \
"please update the property tez.tez-ui.history-url.base in tez-site"
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def run_schema_upgrade(args):
db_title = get_db_type(get_ambari_properties()).title
silent = get_silent()
default_answer = 'y' if silent else 'n'
default_value = silent
confirm = get_YN_input("Ambari Server configured for %s. Confirm "
"you have made a backup of the Ambari Server database [y/n] (%s)? " % (db_title, default_answer), default_value)
if not confirm:
print_error_msg("Database backup is not confirmed")
return 1
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
return 1
ensure_jdbc_driver_is_installed(args, get_ambari_properties())
print_info_msg('Upgrading database schema', True)
serverClassPath = ServerClassPath(get_ambari_properties(), args)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell(validate_classpath=True)
set_debug_mode_from_options(args)
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SCHEMA_UPGRADE_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
command = SCHEMA_UPGRADE_HELPER_CMD_DEBUG.format(jdk_path, class_path, suspend_mode) if debug_start else SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, class_path)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(args, ambari_user, current_user)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
upgrade_response = json.loads(stdout)
check_gpl_license_approved(upgrade_response)
print_info_msg("Return code from schema upgrade command, retcode = {0}".format(str(retcode)), True)
if stdout:
print_info_msg("Console output from schema upgrade command:", True)
print_info_msg(stdout, True)
print
if retcode > 0:
print_error_msg("Error executing schema upgrade, please check the server logs.")
if stderr:
print_error_msg("Error output from schema upgrade command:")
print_error_msg(stderr)
print
else:
print_info_msg('Schema upgrade completed', True)
return retcode
def _reset_local_database(self):
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
# Run automatic reset only for embedded DB
okToRun = get_YN_input(
"Confirm server reset [yes/no]({0})? ".format(default),
get_silent())
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
print "Resetting the Server database..."
dbname = self.database_name
filename = self.drop_tables_script_file
username = self.database_username
password = self.database_password
command = PGConfig.SETUP_DB_CMD[:]
command[-1] = command[-1].format(filename, username, password, dbname)
drop_retcode, drop_outdata, drop_errdata = run_os_command(command)
if not drop_retcode == 0:
raise FatalException(1, drop_errdata)
if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata:
raise FatalException(
1,
"Database is in use. Please, make sure all connections to the database are closed"
)
if drop_errdata and get_verbose():
print_warning_msg(drop_errdata)
print_info_msg("About to run database setup")
retcode, outdata, errdata = self._setup_db()
if errdata and get_verbose():
print_warning_msg(errdata)
if (errdata and 'ERROR' in errdata.upper()) or (
drop_errdata and 'ERROR' in drop_errdata.upper()):
err = "Non critical error in DDL"
if not get_verbose():
err += ", use --verbose for more information"
raise NonFatalException(err)
def _prompt_jdbc_driver_install(self, properties):
result = self._is_jdbc_driver_installed(properties)
if result == -1:
if get_silent():
print_error_msg(self.JDBC_DRIVER_INSTALL_MSG)
else:
print_warning_msg(self.JDBC_DRIVER_INSTALL_MSG)
raw_input(PRESS_ENTER_MSG)
result = self._is_jdbc_driver_installed(properties)
return (result, self.JDBC_DRIVER_INSTALL_MSG)
def _prompt_jdbc_driver_install(self, properties):
result = self._is_jdbc_driver_installed(properties)
if result == -1:
if get_silent():
print_error_msg(self.JDBC_DRIVER_INSTALL_MSG)
else:
print_warning_msg(self.JDBC_DRIVER_INSTALL_MSG)
raw_input(PRESS_ENTER_MSG)
result = self._is_jdbc_driver_installed(properties)
return (result, self.JDBC_DRIVER_INSTALL_MSG)
def setup_https(args):
if not is_root():
warn = 'ambari-server setup-https is run as ' \
'non-root user, some sudo privileges might be required'
print warn
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ",
False):
properties.process_pair(SSL_API, "false")
cert_must_import = False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ",
True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def setup_sso(options):
print_info_msg("Setup SSO.")
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
ambari_properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(options)
properties = get_sso_properties(ambari_properties, admin_login, admin_password)
if not options.sso_enabled:
sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None)
if sso_enabled:
sso_status = "enabled" if sso_enabled == "true" else "disabled"
else:
sso_status = "not configured"
sys.stdout.write("\nSSO is currently %s\n" % sso_status)
if sso_status == "enabled":
enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False)
else:
if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True):
enable_sso = True
else:
return False
else:
enable_sso = options.sso_enabled == 'true'
services = None
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password)
enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services)
properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false"
properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false"
properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else ""
update_sso_conf(ambari_properties, properties, admin_login, admin_password)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def setup_truststore(options, import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False
truststore_reconfigure = True if options.trust_store_reconfigure is not None else False
if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
#Re-configuration enabled only for option "Setup truststore"
if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\
and (truststore_reconfigure or get_YN_input(
"The truststore is already configured. Do you want to re-configure "
"the truststore [y/n] (y)? ", True)):
properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
truststore_type = get_and_persist_truststore_type(properties, options)
truststore_path = get_and_persist_truststore_path(properties, options)
truststore_password = get_and_persist_truststore_password(properties, options)
if import_cert:
import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True)
if import_cert_confirm:
aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None
alias = aliasOption if aliasOption is not None \
else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input("Enter path to certificate: ",
"Certificate not found",
answer=options.import_cert_path)
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def setup_truststore(import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
if get_YN_input("Do you want to configure a truststore [y/n] (y)? ",
True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
if import_cert:
if get_YN_input(
"Do you want to import a certificate [y/n] (y)? ",
True):
alias = get_validated_string_input(
"Please enter an alias for the certificate: ", "",
None, None, False, False)
run_os_command(
get_delete_cert_command(jdk_path, alias,
truststore_path,
truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to certificate: ", \
"Certificate not found")
run_component_https_cmd(
get_import_cert_command(jdk_path, alias,
truststore_type,
import_cert_path,
truststore_path,
truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def setup_https(args):
if not is_root():
err = 'tbds-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'tbds-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def get_validated_string_input(prompt,
default,
pattern,
description,
is_pass,
allowEmpty=True,
validatorFunction=None,
answer=None):
input = ""
hasAnswer = answer is not None and (answer or allowEmpty)
if hasAnswer:
print(prompt)
while not input:
if get_silent():
print(prompt)
input = default
elif is_pass:
input = str(answer) if hasAnswer else get_password(prompt)
else:
input = str(answer) if hasAnswer else raw_input(prompt)
if not input.strip():
# Empty input - if default available use default
if not allowEmpty and not default:
msg = 'Property' if description is None or description is "" else description
msg += ' cannot be blank.'
print msg
input = ""
quit_if_has_answer(hasAnswer)
continue
else:
input = default
if validatorFunction:
if not validatorFunction(input):
input = ""
quit_if_has_answer(hasAnswer)
continue
break # done here and picking up default
else:
if not pattern == None and not re.search(pattern, input.strip()):
print description
input = ""
quit_if_has_answer(hasAnswer)
if validatorFunction:
if not validatorFunction(input):
input = ""
quit_if_has_answer(hasAnswer)
continue
return input
def _reset_local_database(self):
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
# Run automatic reset only for embedded DB
okToRun = get_YN_input("Confirm server reset [yes/no]({0})? ".format(default), get_silent())
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
print "Resetting the Server database..."
dbname = self.database_name
filename = self.drop_tables_script_file
username = self.database_username
password = self.database_password
command = PGConfig.SETUP_DB_CMD[:]
command[-1] = command[-1].format(filename, username, password, dbname)
drop_retcode, drop_outdata, drop_errdata = run_os_command(command)
if not drop_retcode == 0:
raise FatalException(1, drop_errdata)
if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata:
raise FatalException(1, "Database is in use. Please, make sure all connections to the database are closed")
if drop_errdata and get_verbose():
print_warning_msg(drop_errdata)
print_info_msg("About to run database setup")
retcode, outdata, errdata = self._setup_db()
if errdata and get_verbose():
print_warning_msg(errdata)
if (errdata and 'ERROR' in errdata.upper()) or (drop_errdata and 'ERROR' in drop_errdata.upper()):
err = "Non critical error in DDL"
if not get_verbose():
err += ", use --verbose for more information"
raise NonFatalException(err)
def get_validated_filepath_input(prompt, description, default=None):
input = False
while not input:
if get_silent():
print (prompt)
return default
else:
input = raw_input(prompt)
if not input == None:
input = input.strip()
if not input == None and not "" == input and os.path.isfile(input):
return input
else:
print description
input = False
def verify_setup_allowed():
if get_silent():
properties = get_ambari_properties()
if properties == -1:
print_error_msg("Error getting ambari properties")
return -1
isSecure = get_is_secure(properties)
if isSecure:
(isPersisted, masterKeyFile) = get_is_persisted(properties)
if not isPersisted:
print "ERROR: Cannot run silent 'setup' with password encryption enabled " \
"and Master Key not persisted."
print "Ambari Server 'setup' exiting."
return 1
return 0
def verify_setup_allowed():
if get_silent():
properties = get_ambari_properties()
if properties == -1:
print_error_msg("Error getting tbds properties")
return -1
isSecure = get_is_secure(properties)
if isSecure:
(isPersisted, masterKeyFile) = get_is_persisted(properties)
if not isPersisted:
print "ERROR: Cannot run silent 'setup' with password encryption enabled " \
"and Master Key not persisted."
print "TBDS Server 'setup' exiting."
return 1
return 0
def setup_sso(options):
logger.info("Setup SSO.")
if not is_root():
raise FatalException(
4,
'ambari-server setup-sso should be run with root-level privileges')
if not get_silent():
validateOptions(options)
properties = get_ambari_properties()
must_setup_params = False
if not options.sso_enabled:
sso_enabled = properties.get_property(
JWT_AUTH_ENBABLED).lower() in ['true']
if sso_enabled:
if get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)?",
False):
properties.process_pair(JWT_AUTH_ENBABLED, "false")
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)?",
True):
properties.process_pair(JWT_AUTH_ENBABLED, "true")
must_setup_params = True
else:
return False
else:
properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled)
must_setup_params = options.sso_enabled == 'true'
if must_setup_params:
populateSsoProviderUrl(options, properties)
populateSsoPublicCert(options, properties)
populateJwtCookieName(options, properties)
populateJwtAudiences(options, properties)
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def setup_component_https(component, command, property, alias):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"tbds-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
use_https = properties.get_property(property) in ['true']
if use_https:
if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
properties.process_pair(property, "false")
else:
return
else:
if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to " + component + " Certificate: ", \
"Certificate not found")
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
properties.process_pair(property, "true")
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'tbds-server " + command + "' command")
else:
print command + " is not enabled in silent mode."
def get_validated_filepath_input(prompt,
description,
default=None,
answer=None):
input = False
hasAnswer = answer is not None and answer
while not input:
if get_silent():
print(prompt)
return default
else:
input = str(answer) if hasAnswer else raw_input(prompt)
if not input == None:
input = input.strip()
if not input == None and not "" == input and os.path.isfile(input):
return input
else:
print description
quit_if_has_answer(hasAnswer)
input = False
def verify_setup_allowed(options):
if get_silent():
properties = get_ambari_properties()
if properties == -1:
print_error_msg("Error getting ambari properties")
return -1
isSecure = get_is_secure(properties)
if isSecure:
(isPersisted, masterKeyFile) = get_is_persisted(properties)
if not isPersisted:
print "ERROR: Cannot run silent 'setup' with password encryption enabled " \
"and Master Key not persisted."
print "Ambari Server 'setup' exiting."
return 1
factory = DBMSConfigFactory()
default_dbms = factory.get_default_dbms_name()
if default_dbms:
valid = True
if options.dbms is not None \
and options.database_host is not None \
and options.database_port is not None \
and options.database_name is not None \
and options.database_username is not None \
and options.database_password is not None:
if default_dbms == "sqlanywhere" and options.sqla_server_name is None:
valid = False
else:
valid = False
if not valid:
print "ERROR: Cannot run silent setup without database connection properties provided."
print "Ambari Server 'setup' exiting."
return 2
return 0
def get_choice_string_input(prompt, default, firstChoice, secondChoice):
if get_silent():
print(prompt)
return default
input = True
result = default
while input:
choice = raw_input(prompt).lower()
if choice in firstChoice:
result = True
input = False
elif choice in secondChoice:
result = False
input = False
elif choice is "": # Just enter pressed
result = default
input = False
else:
print "input not recognized, please try again: "
return result
def setup_truststore(import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
if import_cert:
if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to certificate: ", \
"Certificate not found")
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def get_validated_string_input(prompt, default, pattern, description,
is_pass, allowEmpty=True, validatorFunction=None):
input = ""
while not input:
if get_silent():
print (prompt)
input = default
elif is_pass:
input = get_password(prompt)
else:
input = raw_input(prompt)
if not input.strip():
# Empty input - if default available use default
if not allowEmpty and not default:
msg = 'Property' if description is None or description is "" else description
msg += ' cannot be blank.'
print msg
input = ""
continue
else:
input = default
if validatorFunction:
if not validatorFunction(input):
input = ""
continue
break # done here and picking up default
else:
if not pattern == None and not re.search(pattern, input.strip()):
print description
input = ""
if validatorFunction:
if not validatorFunction(input):
input = ""
continue
return input
def download_and_install_jdk(self, args, properties):
conf_file = properties.fileName
jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
"please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
if args.java_home:
#java_home was specified among the command-line arguments. Use it as custom JDK location.
if not validate_jdk(args.java_home):
err = "Path to java home " + args.java_home + " or java binary file does not exists"
raise FatalException(1, err)
print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts")
print_warning_msg(jcePolicyWarn)
IS_CUSTOM_JDK = True
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
java_home_var = get_JAVA_HOME()
if get_silent():
if not java_home_var:
#No java_home_var set, detect if java is already installed
if os.environ.has_key(JAVA_HOME):
args.java_home = os.environ[JAVA_HOME]
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
else:
# For now, changing the existing JDK to make sure we use a supported one
pass
if java_home_var:
change_jdk = get_YN_input_optional("Do you want to change Oracle JDK [y/n] (n)? ", False,SETUP_USE_DEFAULT)
if not change_jdk:
self._ensure_java_home_env_var_is_set(java_home_var)
self.jdk_index = self.custom_jdk_number
return
#Continue with the normal setup, taking the first listed JDK version as the default option
jdk_num = str(self.jdk_index + 1)
(self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num)
jdk_num = get_validated_string_input_optional(
jdk_choice_prompt,
jdk_num,
jdk_valid_choices,
"Invalid number.",
False,
SETUP_USE_DEFAULT
)
self.jdk_index = int(jdk_num) - 1
if self.jdk_index == self.custom_jdk_number:
print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.")
print_warning_msg(jcePolicyWarn)
args.java_home = get_validated_string_input_optional("Path to JAVA_HOME: ", None, None, None, False,SETUP_USE_DEFAULT, False)
if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)):
err = "Java home path or java binary file is unavailable. Please put correct path to java home."
raise FatalException(1, err)
print "Validating JDK on TBDS Server...done."
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
return
jdk_cfg = self.jdks[self.jdk_index]
try:
resources_dir = properties[RESOURCES_DIR_PROPERTY]
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined at ' + conf_file
raise FatalException(1, err)
def download_and_install_jdk(self, args, properties):
conf_file = properties.fileName
jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
"please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
if args.java_home:
#java_home was specified among the command-line arguments. Use it as custom JDK location.
if not validate_jdk(args.java_home):
err = "Path to java home " + args.java_home + " or java binary file does not exists"
raise FatalException(1, err)
print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts")
print_warning_msg(jcePolicyWarn)
IS_CUSTOM_JDK = True
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
java_home_var = get_JAVA_HOME()
if OS_FAMILY == OSConst.WINSRV_FAMILY:
progress_func = None
else:
progress_func = download_progress
if get_silent():
if not java_home_var:
#No java_home_var set, detect if java is already installed
if os.environ.has_key(JAVA_HOME):
args.java_home = os.environ[JAVA_HOME]
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
else:
# For now, changing the existing JDK to make sure we use a supported one
pass
if java_home_var:
change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False)
if not change_jdk:
self._ensure_java_home_env_var_is_set(java_home_var)
self.jdk_index = self.custom_jdk_number
return
#Continue with the normal setup, taking the first listed JDK version as the default option
jdk_num = str(self.jdk_index + 1)
(self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num)
jdk_num = get_validated_string_input(
jdk_choice_prompt,
jdk_num,
jdk_valid_choices,
"Invalid number.",
False
)
self.jdk_index = int(jdk_num) - 1
if self.jdk_index == self.custom_jdk_number:
print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.")
print_warning_msg(jcePolicyWarn)
args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False)
if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)):
err = "Java home path or java binary file is unavailable. Please put correct path to java home."
raise FatalException(1, err)
print "Validating JDK on Ambari Server...done."
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
# Make sure any previously existing JDK and JCE name properties are removed. These will
# confuse things in a Custom JDK scenario
properties.removeProp(JDK_NAME_PROPERTY)
properties.removeProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
return
jdk_cfg = self.jdks[self.jdk_index]
resources_dir = get_resources_location(properties)
dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file))
if os.path.exists(dest_file):
print "JDK already exists, using " + dest_file
elif properties[JDK_DOWNLOAD_SUPPORTED_PROPERTY].upper() == "FALSE":
print "ERROR: Oracle JDK is not found in {1}. JDK download is not supported in this distribution. Please download Oracle JDK " \
"archive ({0}) manually from Oracle site, place it into {1} and re-run this script.".format(jdk_cfg.dest_file, dest_file)
print "NOTE: If you have already downloaded the file, please verify if the name is exactly same as {0}.".format(jdk_cfg.dest_file)
print 'Exiting...'
sys.exit(1)
else:
ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) "
"Policy Files you must accept the "
"license terms found at "
"http://www.oracle.com/technetwork/java/javase/"
"terms/license/index.html and not accepting will "
"cancel the Ambari Server setup and you must install the JDK and JCE "
"files manually.\nDo you accept the "
"Oracle Binary Code License Agreement [y/n] (y)? ", True)
if not ok:
print 'Exiting...'
sys.exit(1)
jdk_url = jdk_cfg.url
print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file, progress_func)
try:
(retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK has failed: %s\n" % str(e)
file_exists = os.path.isfile(dest_file)
if file_exists:
ok = get_YN_input("JDK found at " + dest_file + ". "
"Would you like to re-download the JDK [y/n] (y)? ", not get_silent())
if not ok:
err = "Unable to install JDK. Please remove JDK file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
else:
jdk_url = jdk_cfg.url
print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file, progress_func)
print 'Successfully re-downloaded JDK distribution to ' + dest_file
try:
(retcode, out) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK was failed: %s\n" % str(e)
err = "Unable to install JDK. Please remove JDK, file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
def setup(options):
if get_silent():
if check_setup_already_done():
print "Nothing was done. Please, use ambari-server setup command without [-s] key, to change configuration."
sys.exit(0)
retcode = verify_setup_allowed()
if not retcode == 0:
raise FatalException(1, None)
if not is_root():
err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
raise FatalException(4, err)
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
return
(retcode, err) = disable_security_enhancements()
if not retcode == 0:
raise FatalException(retcode, err)
#Create ambari user, if needed
retcode = check_ambari_user()
if not retcode == 0:
err = 'Failed to create user. Exiting.'
raise FatalException(retcode, err)
print configDefaults.MESSAGE_CHECK_FIREWALL
check_firewall()
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
print 'Checking JDK...'
try:
download_and_install_jdk(options)
except FatalException as e:
err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
raise FatalException(e.code, err)
print 'Completing setup...'
retcode = configure_os_settings()
if not retcode == 0:
err = 'Configure of OS settings in ambari.properties failed. Exiting.'
raise FatalException(retcode, err)
print 'Configuring database...'
prompt_db_properties(options)
#DB setup should be done last after doing any setup.
_setup_database(options)
check_jdbc_drivers(options)
print 'Extracting system views...'
retcode = extract_views()
if not retcode == 0:
err = 'Error while extracting system views. Exiting'
raise FatalException(retcode, err)
# we've already done this, but new files were created so run it one time.
adjust_directory_permissions(read_ambari_user())
def setup_trusted_proxy(options):
print_info_msg("Setup Trusted Proxy")
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
ambari_properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(
options)
properties = get_trusted_proxy_properties(ambari_properties,
admin_login, admin_password)
if not options.tproxy_enabled:
tproxy_support_enabled = get_value_from_dictionary(
properties, TPROXY_SUPPORT_ENABLED)
if tproxy_support_enabled:
if 'true' == tproxy_support_enabled:
tproxy_status = "enabled"
else:
tproxy_status = "disabled"
else:
tproxy_status = "not configured"
print_info_msg("\nTrusted Proxy support is currently %s\n" %
tproxy_status)
if tproxy_status == "enabled":
enable_tproxy = not get_YN_input(
"Do you want to disable Trusted Proxy support [y/n] (n)? ",
False)
elif get_YN_input(
"Do you want to configure Trusted Proxy Support [y/n] (y)? ",
True):
enable_tproxy = True
else:
return False
else:
enable_tproxy = options.tproxy_enabled == 'true'
if enable_tproxy:
properties[TPROXY_SUPPORT_ENABLED] = "true"
if not options.tproxy_configuration_file_path:
add_new_trusted_proxy = add_new_trusted_proxy_config(
properties)
while add_new_trusted_proxy:
add_new_trusted_proxy = add_new_trusted_proxy_config(
properties)
else:
parse_trusted_configuration_file(
options.tproxy_configuration_file_path, properties)
update_tproxy_conf(ambari_properties, properties, admin_login,
admin_password)
else:
remove_tproxy_conf(ambari_properties, admin_login, admin_password)
else:
warning = "setup-trusted-proxy is not enabled in silent mode."
raise NonFatalException(warning)
pass
def ensure_jdbc_driver_installed(self, properties):
# check default driver is already in classpath, will be passed for postgres only, because its driver is built-in
is_driver_in_classpath = self._is_jdbc_driver_installed(properties)
if is_driver_in_classpath == 0:
return True
# check driver is available via driver path property
server_jdbc_path = properties.get_property(JDBC_DRIVER_PATH_PROPERTY)
if server_jdbc_path and os.path.isfile(server_jdbc_path):
return True
# check driver is present by default driver path
default_driver_path = self._get_default_driver_path(properties)
if default_driver_path and os.path.isfile(default_driver_path):
ambari_should_use_existing_default_jdbc = get_YN_input(
"Should ambari use existing default jdbc {0} [y/n] (y)? ".
format(default_driver_path), True)
if ambari_should_use_existing_default_jdbc:
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY,
default_driver_path)
update_properties(properties)
return True
if get_silent():
print_error_msg(self.JDBC_DRIVER_INSTALL_MSG)
return False
path_to_custom_jdbc_driver = get_validated_string_input(
"Enter full path to custom jdbc driver: ", None, None, None, False,
False)
if path_to_custom_jdbc_driver and os.path.isfile(
path_to_custom_jdbc_driver):
try:
custom_jdbc_name = os.path.basename(path_to_custom_jdbc_driver)
if not path_to_custom_jdbc_driver == os.path.join(
configDefaults.JAVA_SHARE_PATH, custom_jdbc_name):
if os.path.isfile(
os.path.join(configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name)):
replace_jdbc_in_share_dir = get_YN_input(
"You already have file {0} in /usr/share/java/. Should it be replaced? [y/n] (y)? "
.format(custom_jdbc_name), True)
if replace_jdbc_in_share_dir:
try:
os.remove(
os.path.join(
configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name))
except Exception, ee:
err = 'ERROR: Could not remove jdbc file. %s' % os.path.join(
configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name)
raise FatalException(1, err)
shutil.copy(path_to_custom_jdbc_driver,
configDefaults.JAVA_SHARE_PATH)
print "Copying {0} to {1}".format(
path_to_custom_jdbc_driver,
configDefaults.JAVA_SHARE_PATH)
except Exception, e:
err = "Can not copy file {0} to {1} due to: {2} . Please check file " \
"permissions and free disk space.".format(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH, str(e))
raise FatalException(1, err)
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY,
path_to_custom_jdbc_driver)
update_properties(properties)
return True
class JDKSetup(object):
def __init__(self):
self.JDK_DEFAULT_CONFIGS = []
self.JDK_PROMPT = "[{0}] {1}\n"
self.JDK_CUSTOM_CHOICE_PROMPT = "[{0}] - Custom JDK\n==============================================================================\nEnter choice ({1}): "
self.JDK_VALID_CHOICES = "^[{0}{1:d}]$"
self.JDK_MIN_FILESIZE = 5000
self.JAVA_BIN = ""
self.jdk_index = 0
#
# Downloads and installs the JDK and the JCE policy archive
#
def download_and_install_jdk(self, args, properties):
conf_file = properties.fileName
jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
"please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
if args.java_home:
#java_home was specified among the command-line arguments. Use it as custom JDK location.
if not validate_jdk(args.java_home):
err = "Path to java home " + args.java_home + " or java binary file does not exists"
raise FatalException(1, err)
print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts")
print_warning_msg(jcePolicyWarn)
IS_CUSTOM_JDK = True
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
java_home_var = get_JAVA_HOME()
if get_silent():
if not java_home_var:
#No java_home_var set, detect if java is already installed
if os.environ.has_key(JAVA_HOME):
args.java_home = os.environ[JAVA_HOME]
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
else:
# For now, changing the existing JDK to make sure we use a supported one
pass
if java_home_var:
change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False)
if not change_jdk:
self._ensure_java_home_env_var_is_set(java_home_var)
self.jdk_index = self.custom_jdk_number
return
#Continue with the normal setup, taking the first listed JDK version as the default option
jdk_num = str(self.jdk_index + 1)
(self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num)
jdk_num = get_validated_string_input(
jdk_choice_prompt,
jdk_num,
jdk_valid_choices,
"Invalid number.",
False
)
self.jdk_index = int(jdk_num) - 1
if self.jdk_index == self.custom_jdk_number:
print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.")
print_warning_msg(jcePolicyWarn)
args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False)
if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)):
err = "Java home path or java binary file is unavailable. Please put correct path to java home."
raise FatalException(1, err)
print "Validating JDK on Ambari Server...done."
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
return
jdk_cfg = self.jdks[self.jdk_index]
try:
resources_dir = properties[RESOURCES_DIR_PROPERTY]
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined at ' + conf_file
raise FatalException(1, err)
dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file))
if os.path.exists(dest_file):
print "JDK already exists, using " + dest_file
else:
ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) "
"Policy Files you must accept the "
"license terms found at "
"http://www.oracle.com/technetwork/java/javase/"
"terms/license/index.html and not accepting will "
"cancel the Ambari Server setup and you must install the JDK and JCE "
"files manually.\nDo you accept the "
"Oracle Binary Code License Agreement [y/n] (y)? ", True)
if not ok:
print 'Exiting...'
sys.exit(1)
jdk_url = jdk_cfg.url
print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file)
try:
(retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK has failed: %s\n" % str(e)
file_exists = os.path.isfile(dest_file)
if file_exists:
ok = get_YN_input("JDK found at " + dest_file + ". "
"Would you like to re-download the JDK [y/n] (y)? ", not get_silent())
if not ok:
err = "Unable to install JDK. Please remove JDK file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
else:
jdk_url = jdk_cfg.url
print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file)
print 'Successfully re-downloaded JDK distribution to ' + dest_file
try:
(retcode, out) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK was failed: %s\n" % str(e)
err = "Unable to install JDK. Please remove JDK, file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
def download_and_install_jdk(self, args, properties):
conf_file = properties.fileName
jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
"please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
if args.java_home:
#java_home was specified among the command-line arguments. Use it as custom JDK location.
if not validate_jdk(args.java_home):
err = "Path to java home " + args.java_home + " or java binary file does not exists"
raise FatalException(1, err)
print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts")
print_warning_msg(jcePolicyWarn)
IS_CUSTOM_JDK = True
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
java_home_var = get_JAVA_HOME()
if get_silent():
if not java_home_var:
#No java_home_var set, detect if java is already installed
if os.environ.has_key(JAVA_HOME):
args.java_home = os.environ[JAVA_HOME]
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
else:
# For now, changing the existing JDK to make sure we use a supported one
pass
if java_home_var:
change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False)
if not change_jdk:
self._ensure_java_home_env_var_is_set(java_home_var)
self.jdk_index = self.custom_jdk_number
return
#Continue with the normal setup, taking the first listed JDK version as the default option
jdk_num = str(self.jdk_index + 1)
(self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num)
jdk_num = get_validated_string_input(
jdk_choice_prompt,
jdk_num,
jdk_valid_choices,
"Invalid number.",
False
)
self.jdk_index = int(jdk_num) - 1
if self.jdk_index == self.custom_jdk_number:
print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.")
print_warning_msg(jcePolicyWarn)
args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False)
if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)):
err = "Java home path or java binary file is unavailable. Please put correct path to java home."
raise FatalException(1, err)
print "Validating JDK on Ambari Server...done."
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
return
jdk_cfg = self.jdks[self.jdk_index]
try:
resources_dir = properties[RESOURCES_DIR_PROPERTY]
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined at ' + conf_file
raise FatalException(1, err)
def setup_sso(options):
print_info_msg("Setup SSO.")
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
ambari_properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(
options)
properties = get_sso_properties(ambari_properties, admin_login,
admin_password)
if not options.sso_enabled:
ambari_auth_enabled = get_value_from_dictionary(
properties, AMBARI_SSO_AUTH_ENABLED)
manage_services = get_value_from_dictionary(
properties, SSO_MANAGE_SERVICES)
if ambari_auth_enabled or manage_services:
if (ambari_auth_enabled and 'true' == ambari_auth_enabled) or \
(manage_services and 'true' == manage_services):
sso_status = "enabled"
else:
sso_status = "disabled"
else:
sso_status = "not configured"
sys.stdout.write("\nSSO is currently %s\n" % sso_status)
if sso_status == "enabled":
enable_sso = not get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)? ",
False)
elif get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)? ",
True):
enable_sso = True
else:
return False
else:
enable_sso = options.sso_enabled == 'true'
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
populate_ambari_requires_sso(options, properties)
populate_service_management(options, properties, ambari_properties,
admin_login, admin_password)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
update_sso_conf(ambari_properties, properties, admin_login,
admin_password)
else:
remove_sso_conf(ambari_properties, admin_login, admin_password)
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def setup_sso(options):
logger.info("Setup SSO.")
if not is_root():
raise FatalException(
4,
'ambari-server setup-sso should be run with root-level privileges')
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(
options)
if not options.sso_enabled:
sso_enabled_from_db = get_sso_property_from_db(
properties, admin_login, admin_password, SSO_MANAGE_SERVICES)
sso_enabled = sso_enabled_from_db == None or sso_enabled_from_db in [
'true'
]
print_info_msg(
"SSO is currently {0}".format(
"not configured" if sso_enabled_from_db == None else (
"enabled" if sso_enabled else "disabled")), True)
if sso_enabled:
enable_sso = not get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)? ",
False)
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)? ",
True):
enable_sso = True
else:
return False
else:
enable_sso = options.sso_enabled == 'true'
services = ''
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
services = get_services_requires_sso(options, properties,
admin_login, admin_password)
update_sso_conf(properties, enable_sso, services, admin_login,
admin_password)
enable_jwt_auth = WILDCARD_FOR_ALL_SERVICES == services or SERVICE_NAME_AMBARI in services
properties.process_pair(JWT_AUTH_ENBABLED,
"true" if enable_jwt_auth else "false")
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def setup_sso(args):
logger.info("Setup SSO.")
if not is_root():
err = 'ambari-server setup-sso should be run with ' \
'root-level privileges'
raise FatalException(4, err)
if not get_silent():
properties = get_ambari_properties()
must_setup_params = False
store_new_cert = False
sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [
'true'
]
if sso_enabled:
if get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)?",
False):
properties.process_pair(JWT_AUTH_ENBABLED, "false")
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)?",
True):
properties.process_pair(JWT_AUTH_ENBABLED, "true")
must_setup_params = True
else:
return False
if must_setup_params:
provider_url = get_value_from_properties(
properties, JWT_AUTH_PROVIDER_URL,
JWT_AUTH_PROVIDER_URL_DEFAULT)
provider_url = get_validated_string_input(
"Provider URL [URL] ({0}):".format(provider_url), provider_url,
REGEX_ANYTHING, "Invalid provider URL", False)
properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url)
cert_path = properties.get_property(JWT_PUBLIC_KEY)
cert_string = get_multi_line_input(
"Public Certificate pem ({0})".format(
'stored' if cert_path else 'empty'))
if cert_string is not None:
store_new_cert = True
if get_YN_input(
"Do you want to configure advanced properties [y/n] (n) ?",
False):
cookie_name = get_value_from_properties(
properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
cookie_name = get_validated_string_input(
"JWT Cookie name ({0}):".format(cookie_name), cookie_name,
REGEX_ANYTHING, "Invalid cookie name", False)
properties.process_pair(JWT_COOKIE_NAME, cookie_name)
audiences = properties.get_property(JWT_AUDIENCES)
audiences = get_validated_string_input(
"JWT audiences list (comma-separated), empty for any ({0}):"
.format(audiences), audiences, REGEX_ANYTHING,
"Invalid value", False)
properties.process_pair(JWT_AUDIENCES, audiences)
# TODO not required for now as we support Knox only
# orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT)
# orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param),
# orig_query_param,
# REGEX_ANYTHING,
# "Invalid value",
# False)
# properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param)
if store_new_cert:
full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER
cert_path = store_password_file(full_cert,
JWT_PUBLIC_KEY_FILENAME)
properties.process_pair(JWT_PUBLIC_KEY, cert_path)
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
