def reset(options):
if not is_root():
err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT
raise FatalException(4, err)
status, stateDesc = is_server_runing()
if status:
err = 'Ambari-server must be stopped to reset'
raise FatalException(1, err)
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
choice = get_YN_input("**** WARNING **** You are about to reset and clear the "
"Ambari Server database. This will remove all cluster "
"host and configuration information from the database. "
"You will be required to re-configure the Ambari server "
"and re-run the cluster wizard. \n"
"Are you SURE you want to perform the reset "
"[yes/no] ({0})? ".format(default), get_silent())
okToRun = choice
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
_reset_database(options)
pass
def setup_pam():
if not is_root():
err = 'Ambari-server setup-pam should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
if get_value_from_properties(properties, CLIENT_SECURITY_KEY,
"") == 'ldap':
err = "LDAP is configured. Can not setup PAM."
raise FatalException(1, err)
pam_property_value_map = {}
pam_property_value_map[CLIENT_SECURITY_KEY] = 'pam'
pamConfig = get_validated_string_input("Enter PAM configuration file: ",
PAM_CONFIG_FILE, REGEX_ANYTHING,
"Invalid characters in the input!",
False, False)
pam_property_value_map[PAM_CONFIG_FILE] = pamConfig
if get_YN_input(
"Do you want to allow automatic group creation [y/n] (y)? ", True):
pam_property_value_map[AUTO_GROUP_CREATION] = 'true'
else:
pam_property_value_map[AUTO_GROUP_CREATION] = 'false'
update_properties_2(properties, pam_property_value_map)
print 'Saving...done'
return 0
def generate_child_process_param_list(ambari_user, java_exe, class_path,
debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return param_list
def upgrade_stack(args):
if not is_root():
err = 'Ambari-server upgradestack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
check_database_name_property()
try:
stack_id = args[1]
except IndexError:
#stack_id is mandatory
raise FatalException("Invalid number of stack upgrade arguments")
try:
repo_url = args[2]
except IndexError:
repo_url = None
try:
repo_url_os = args[3]
except IndexError:
repo_url_os = None
stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
retcode = run_stack_upgrade(stack_name, stack_version, repo_url, repo_url_os)
if not retcode == 0:
raise FatalException(retcode, 'Stack upgrade failed.')
return retcode
def setup_kerberos(options):
logger.info("Setting up Kerberos authentication...")
if not is_root():
err = "ambari-server setup-kerberos should be run with root-level privileges"
raise FatalException(4, err)
properties = get_ambari_properties()
kerberos_property_list_required = init_kerberos_properties_list(
properties, options)
kerberos_property_value_map = {}
for kerberos_property in kerberos_property_list_required:
input = get_validated_string_input(
kerberos_property.kerberos_prop_val_prompt,
kerberos_property.kerberos_prop_name,
kerberos_property.prompt_regex, "Invalid characters in the input!",
False, kerberos_property.allow_empty_prompt)
if input is not None and input != "":
kerberos_property_value_map[kerberos_property.prop_name] = input
print "Properties to be updated / written into ambari properties:"
pp = pprint.PrettyPrinter()
pp.pprint(kerberos_property_value_map)
save = get_YN_input("Save settings [y/n] (y)? ", True)
if save:
update_properties_2(properties, kerberos_property_value_map)
print "Kerberos authentication settings successfully saved. Please restart the server in order for the new settings to take effect."
else:
print "Kerberos authentication settings aborted."
return 0
def upgrade_stack(args):
if not is_root():
err = 'Ambari-server upgradestack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
check_database_name_property()
try:
stack_id = args[1]
except IndexError:
#stack_id is mandatory
raise FatalException("Invalid number of stack upgrade arguments")
try:
repo_url = args[2]
except IndexError:
repo_url = None
try:
repo_url_os = args[3]
except IndexError:
repo_url_os = None
stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
retcode = run_stack_upgrade(stack_name, stack_version, repo_url,
repo_url_os)
if not retcode == 0:
raise FatalException(retcode, 'Stack upgrade failed.')
return retcode
def generate_child_process_param_list(ambari_user, java_exe, class_path,
debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return param_list
def setup_https(args):
if not is_root():
err = 'ambari-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT)
api_ssl_old_value = properties.get_property(SSL_API)
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-https' command")
if api_ssl_old_value != properties.get_property(SSL_API) \
or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT):
print "Ambari server URL changed. To make use of the Tez View in Ambari " \
"please update the property tez.tez-ui.history-url.base in tez-site"
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def ensure_can_start_under_current_user(ambari_user):
current_user = getpass.getuser()
if ambari_user is None:
err = "Unable to detect a system user for Ambari Server.\n" + SETUP_OR_UPGRADE_MSG
raise FatalException(1, err)
if current_user != ambari_user and not is_root():
err = "Unable to start Ambari Server as user {0}. Please either run \"ambari-server start\" " \
"command as root, as sudo or as user \"{1}\"".format(current_user, ambari_user)
raise FatalException(1, err)
return current_user
def ensure_dbms_is_running(self, options, properties, scmStatus=None):
if self._is_local_database():
if is_root():
(pg_status, retcode, out, err) = PGConfig._check_postgre_up()
if not retcode == 0:
err = "Unable to start PostgreSQL server. Status {0}. {1}. Exiting".format(pg_status, err)
raise FatalException(retcode, err)
else:
print "Unable to check PostgreSQL server status when starting " "without root privileges."
print "Please do not forget to start PostgreSQL server."
def setup_https(args):
if not is_root():
warn = 'ambari-server setup-https is run as ' \
'non-root user, some sudo privileges might be required'
print warn
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ",
False):
properties.process_pair(SSL_API, "false")
cert_must_import = False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ",
True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def ensure_dbms_is_running(self, options, properties, scmStatus=None):
if self._is_local_database():
if is_root():
(pg_status, retcode, out, err) = PGConfig._check_postgre_up()
if not retcode == 0:
err = 'Unable to start PostgreSQL server. Status {0}. {1}. Exiting'.format(pg_status, err)
raise FatalException(retcode, err)
else:
print "Unable to check PostgreSQL server status when starting " \
"without root privileges."
print "Please do not forget to start PostgreSQL server."
def setup_https(args):
if not is_root():
err = 'tbds-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'tbds-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def setup_sso(options):
logger.info("Setup SSO.")
if not is_root():
raise FatalException(
4,
'ambari-server setup-sso should be run with root-level privileges')
if not get_silent():
validateOptions(options)
properties = get_ambari_properties()
must_setup_params = False
if not options.sso_enabled:
sso_enabled = properties.get_property(
JWT_AUTH_ENBABLED).lower() in ['true']
if sso_enabled:
if get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)?",
False):
properties.process_pair(JWT_AUTH_ENBABLED, "false")
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)?",
True):
properties.process_pair(JWT_AUTH_ENBABLED, "true")
must_setup_params = True
else:
return False
else:
properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled)
must_setup_params = options.sso_enabled == 'true'
if must_setup_params:
populateSsoProviderUrl(options, properties)
populateSsoPublicCert(options, properties)
populateJwtCookieName(options, properties)
populateJwtAudiences(options, properties)
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def enable_stack_version(stack_name, stack_versions):
if not is_root():
err = 'Ambari-server enable-stack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
try:
print_info_msg("stack name requested: " + str(stack_name))
print_info_msg("stack version requested: " + str(stack_versions))
except IndexError:
raise FatalException("Invalid stack version passed")
retcode = update_stack_metainfo(stack_name, stack_versions)
if not retcode == 0:
raise FatalException(retcode, 'Stack enable request failed.')
return retcode
def upgrade_stack(args):
logger.info("Upgrade stack.")
if not is_root():
err = 'Ambari-server upgradestack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
check_database_name_property()
try:
stack_id = args[1]
except IndexError:
#stack_id is mandatory
raise FatalException("Invalid number of stack upgrade arguments")
try:
repo_url = args[2]
except IndexError:
repo_url = None
try:
repo_url_os = args[3]
except IndexError:
repo_url_os = None
parser = optparse.OptionParser()
parser.add_option("-d", type="int", dest="database_index")
db = get_ambari_properties()[JDBC_DATABASE_PROPERTY]
idx = LINUX_DBMS_KEYS_LIST.index(db)
(options, opt_args) = parser.parse_args(["-d {0}".format(idx)])
stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
retcode = run_stack_upgrade(options, stack_name, stack_version, repo_url,
repo_url_os)
if not retcode == 0:
raise FatalException(retcode, 'Stack upgrade failed.')
return retcode
def upgrade_stack(args):
if not is_root():
err = 'Ambari-server upgradestack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
check_database_name_property()
try:
stack_id = args[1]
except IndexError:
#stack_id is mandatory
raise FatalException("Invalid number of stack upgrade arguments")
try:
repo_url = args[2]
except IndexError:
repo_url = None
try:
repo_url_os = args[3]
except IndexError:
repo_url_os = None
parser = optparse.OptionParser()
parser.add_option("-d", type="int", dest="database_index")
db = get_ambari_properties()[JDBC_DATABASE_PROPERTY]
idx = LINUX_DBMS_KEYS_LIST.index(db)
(options, opt_args) = parser.parse_args(["-d {0}".format(idx)])
stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
retcode = run_stack_upgrade(options, stack_name, stack_version, repo_url, repo_url_os)
if not retcode == 0:
raise FatalException(retcode, 'Stack upgrade failed.')
return retcode
def setup_pam(options):
if not is_root():
err = 'Ambari-server setup-pam should be run with root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
if get_value_from_properties(properties,CLIENT_SECURITY,"") == 'ldap':
query = "LDAP is currently configured, do you wish to use PAM instead [y/n] (n)? "
if get_YN_input(query, False):
pass
else:
err = "LDAP is configured. Can not setup PAM."
raise FatalException(1, err)
pam_property_list_reqd = init_pam_properties_list_reqd(properties, options)
pam_property_value_map = {}
pam_property_value_map[CLIENT_SECURITY] = 'pam'
for pam_prop in pam_property_list_reqd:
input = get_validated_string_input(pam_prop.pam_prop_val_prompt, pam_prop.pam_prop_name, pam_prop.prompt_regex,
"Invalid characters in the input!", False, pam_prop.allow_empty_prompt,
answer = pam_prop.option)
if input is not None and input != "":
pam_property_value_map[pam_prop.prop_name] = input
# Verify that the PAM config file exists, else show warning...
pam_config_file = pam_property_value_map[PAM_CONFIG_FILE]
if not os.path.exists(pam_config_file):
print_warning_msg("The PAM configuration file, {0} does not exist. " \
"Please create it before restarting Ambari.".format(pam_config_file))
update_properties_2(properties, pam_property_value_map)
print 'Saving...done'
return 0
def setup(options):
logger.info("Setup ambari-server.")
if options.only_silent:
if check_setup_already_done():
print "Nothing was done. Ambari Setup already performed and cannot re-run setup in silent mode. Use \"ambari-server setup\" command without -s option to change Ambari setup."
sys.exit(0)
retcode = verify_setup_allowed(options)
if not retcode == 0:
raise FatalException(1, None)
if not is_root():
warn_msg = configDefaults.MESSAGE_WARN_SETUP_NOT_ROOT
print warn_msg
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
return
(retcode, err) = disable_security_enhancements()
if not retcode == 0:
raise FatalException(retcode, err)
#Create ambari user, if needed
(retcode, register_service, svc_user, svc_password) = check_ambari_user(options)
if not retcode == 0:
err = 'Failed to create user. Exiting.'
raise FatalException(retcode, err)
print configDefaults.MESSAGE_CHECK_FIREWALL
check_firewall()
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
print 'Checking JDK...'
try:
download_and_install_jdk(options)
except FatalException as e:
err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
raise FatalException(e.code, err)
print 'Checking GPL software agreement...'
write_gpl_license_accepted(default_prompt_value=options.accept_gpl)
print 'Completing setup...'
retcode = configure_os_settings()
if not retcode == 0:
err = 'Configure of OS settings in ambari.properties failed. Exiting.'
raise FatalException(retcode, err)
print 'Configuring database...'
prompt_db_properties(options)
#DB setup should be done last after doing any setup.
_setup_database(options)
check_jdbc_drivers(options)
if not options.skip_view_extraction:
print 'Extracting system views...'
retcode = extract_views(options)
if not retcode == 0:
err = 'Error while extracting system views. Exiting'
raise FatalException(retcode, err)
json_url = get_json_url_from_repo_file()
if json_url:
print "Ambari repo file contains latest json url {0}, updating stacks repoinfos with it...".format(json_url)
properties = get_ambari_properties()
stack_root = get_stack_location(properties)
update_latest_in_repoinfos_for_all_stacks(stack_root, json_url)
else:
print "Ambari repo file doesn't contain latest json url, skipping repoinfos modification"
# we've already done this, but new files were created so run it one time.
adjust_directory_permissions(svc_user)
service_setup(register_service, svc_user, svc_password)
def upgrade(args):
print_info_msg("Upgrade Ambari Server", True)
if not is_root():
err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
raise FatalException(4, err)
print_info_msg(
'Updating Ambari Server properties in {0} ...'.format(
AMBARI_PROPERTIES_FILE), True)
retcode = update_ambari_properties()
if not retcode == 0:
err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
print_info_msg(
'Updating Ambari Server properties in {0} ...'.format(AMBARI_ENV_FILE),
True)
retcode = update_ambari_env()
if not retcode == 0:
err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
retcode = update_krb_jaas_login_properties()
if retcode == -2:
pass # no changes done, let's be silent
elif retcode == 0:
print_info_msg("File {0} updated.".format(AMBARI_KRB_JAAS_LOGIN_FILE),
True)
elif not retcode == 0:
err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
restore_custom_services()
replay_mpack_logs()
try:
update_database_name_property(upgrade=True)
except FatalException:
return -1
# Ignore the server version & database options passed via command-line arguments
parse_properties_file(args)
#TODO check database version
change_objects_owner(args)
retcode = run_schema_upgrade(args)
if not retcode == 0:
print_error_msg(
"Ambari server upgrade failed. Please look at {0}, for more details."
.format(configDefaults.SERVER_LOG_FILE))
raise FatalException(11, 'Schema upgrade failed.')
user = read_ambari_user()
if user is None:
warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
print_warning_msg(warn)
else:
adjust_directory_permissions(user)
# local repo
upgrade_local_repo(args)
# create jdbc symlinks if jdbc drivers are available in resources
check_jdbc_drivers(args)
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
print_error_msg(err)
raise FatalException(-1, err)
# Move *.py files from custom_actions to custom_actions/scripts
# This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
ambari_version = get_ambari_version(properties)
if ambari_version is None:
args.warnings.append(
"*.py files were not moved from custom_actions to custom_actions/scripts."
)
elif compare_versions(ambari_version, "2.0.0") == 0:
move_user_custom_actions()
# Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
admin_views_dirs = get_admin_views_dir(properties)
for admin_views_dir in admin_views_dirs:
shutil.rmtree(admin_views_dir)
# Modify timestamp of views jars to current time
views_jars = get_views_jars(properties)
for views_jar in views_jars:
os.utime(views_jar, None)
# check if ambari has obsolete LDAP configuration
if properties.get_property(
LDAP_PRIMARY_URL_PROPERTY
) and not properties.get_property(IS_LDAP_CONFIGURED):
args.warnings.append(
"Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
)
# adding custom jdbc name and previous custom jdbc properties
# we need that to support new dynamic jdbc names for upgraded ambari
add_jdbc_properties(properties)
def setup_sso(args):
logger.info("Setup SSO.")
if not is_root():
err = 'ambari-server setup-sso should be run with ' \
'root-level privileges'
raise FatalException(4, err)
if not get_silent():
properties = get_ambari_properties()
must_setup_params = False
store_new_cert = False
sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [
'true'
]
if sso_enabled:
if get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)?",
False):
properties.process_pair(JWT_AUTH_ENBABLED, "false")
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)?",
True):
properties.process_pair(JWT_AUTH_ENBABLED, "true")
must_setup_params = True
else:
return False
if must_setup_params:
provider_url = get_value_from_properties(
properties, JWT_AUTH_PROVIDER_URL,
JWT_AUTH_PROVIDER_URL_DEFAULT)
provider_url = get_validated_string_input(
"Provider URL [URL] ({0}):".format(provider_url), provider_url,
REGEX_ANYTHING, "Invalid provider URL", False)
properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url)
cert_path = properties.get_property(JWT_PUBLIC_KEY)
cert_string = get_multi_line_input(
"Public Certificate pem ({0})".format(
'stored' if cert_path else 'empty'))
if cert_string is not None:
store_new_cert = True
if get_YN_input(
"Do you want to configure advanced properties [y/n] (n) ?",
False):
cookie_name = get_value_from_properties(
properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
cookie_name = get_validated_string_input(
"JWT Cookie name ({0}):".format(cookie_name), cookie_name,
REGEX_ANYTHING, "Invalid cookie name", False)
properties.process_pair(JWT_COOKIE_NAME, cookie_name)
audiences = properties.get_property(JWT_AUDIENCES)
audiences = get_validated_string_input(
"JWT audiences list (comma-separated), empty for any ({0}):"
.format(audiences), audiences, REGEX_ANYTHING,
"Invalid value", False)
properties.process_pair(JWT_AUDIENCES, audiences)
# TODO not required for now as we support Knox only
# orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT)
# orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param),
# orig_query_param,
# REGEX_ANYTHING,
# "Invalid value",
# False)
# properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param)
if store_new_cert:
full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER
cert_path = store_password_file(full_cert,
JWT_PUBLIC_KEY_FILENAME)
properties.process_pair(JWT_PUBLIC_KEY, cert_path)
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def server_process_main(options, scmStatus=None):
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg("The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("Ambari Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
serverClassPath = ServerClassPath(properties, options)
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
param_list = generate_child_process_param_list(ambari_user, java_exe,
serverClassPath.get_full_ambari_classpath_escaped_for_shell(), debug_start,
suspend_mode)
environ = generate_env(options, ambari_user, current_user)
if not os.path.exists(configDefaults.PID_DIR):
os.makedirs(configDefaults.PID_DIR, 0755)
# The launched shell process and sub-processes should have a group id that
# is different from the parent.
def make_process_independent():
processId = os.getpid()
if processId > 0:
try:
os.setpgid(processId, processId)
except OSError, e:
print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(pidJava, str(e)))
pass
def setup_ldap():
if not is_root():
err = 'Ambari-server setup-ldap should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)
ldap_property_list_opt = ["authentication.ldap.managerDn",
LDAP_MGR_PASSWORD_PROPERTY,
SSL_TRUSTSTORE_TYPE_PROPERTY,
SSL_TRUSTSTORE_PATH_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY,
SSL_TRUSTSTORE_PATH_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
ldap_property_value_map = {}
for ldap_prop in ldap_property_list_reqd:
input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
"Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
if input is not None and input != "":
ldap_property_value_map[ldap_prop.prop_name] = input
bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
mgr_password = None
# Ask for manager credentials only if bindAnonymously is false
if not anonymous:
username = get_validated_string_input("Manager DN* {0}: ".format(
get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
"Invalid characters in the input!", False, False)
ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
mgr_password = configure_ldap_password()
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
ldaps = (useSSL and useSSL.lower() == 'true')
ts_password = None
if ldaps:
truststore_default = "n"
truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
if truststore_set:
truststore_default = "y"
custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
format(truststore_default),
truststore_set)
if custom_trust_store:
ts_type = get_validated_string_input(
"TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
SSL_TRUSTSTORE_TYPE_DEFAULT,
"^(jks|jceks|pkcs12)?$", "Wrong type", False)
ts_path = None
while True:
ts_path = get_validated_string_input(
"Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
SSL_TRUSTSTORE_PATH_DEFAULT,
".*", False, False)
if os.path.exists(ts_path):
break
else:
print 'File not found.'
ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
pass
else:
properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
pass
pass
print '=' * 20
print 'Review Settings'
print '=' * 20
for property in ldap_property_list_reqd:
if property in ldap_property_value_map:
print("%s: %s" % (property, ldap_property_value_map[property]))
for property in ldap_property_list_opt:
if ldap_property_value_map.has_key(property):
if property not in ldap_property_list_passwords:
print("%s: %s" % (property, ldap_property_value_map[property]))
else:
print("%s: %s" % (property, BLIND_PASSWORD))
save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
if save_settings:
ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
if isSecure:
if mgr_password:
encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
if mgr_password != encrypted_passwd:
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
pass
if ts_password:
encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
if ts_password != encrypted_passwd:
ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
pass
pass
# Persisting values
ldap_property_value_map[IS_LDAP_CONFIGURED] = "true"
if mgr_password:
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME)
update_properties_2(properties, ldap_property_value_map)
print 'Saving...done'
return 0
def setup_master_key():
if not is_root():
err = 'Ambari-server setup should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
if properties == -1:
raise FatalException(1, "Failed to read properties file.")
db_windows_auth_prop = properties.get_property(JDBC_USE_INTEGRATED_AUTH_PROPERTY)
db_sql_auth = False if db_windows_auth_prop and db_windows_auth_prop.lower() == 'true' else True
db_password = properties.get_property(JDBC_PASSWORD_PROPERTY)
# Encrypt passwords cannot be called before setup
if db_sql_auth and not db_password:
print 'Please call "setup" before "encrypt-passwords". Exiting...'
return 1
# Check configuration for location of master key
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
# Read clear text DB password from file
if db_sql_auth and not is_alias_string(db_password) and os.path.isfile(db_password):
with open(db_password, 'r') as passwdfile:
db_password = passwdfile.read()
ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY)
if ldap_password:
# Read clear text LDAP password from file
if not is_alias_string(ldap_password) and os.path.isfile(ldap_password):
with open(ldap_password, 'r') as passwdfile:
ldap_password = passwdfile.read()
ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
resetKey = False
masterKey = None
if isSecure:
print "Password encryption is enabled."
resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
# For encrypting of only unencrypted passwords without resetting the key ask
# for master key if not persisted.
if isSecure and not isPersisted and not resetKey:
print "Master Key not persisted."
masterKey = get_original_master_key(properties)
pass
# Make sure both passwords are clear-text if master key is lost
if resetKey:
if not isPersisted:
print "Master Key not persisted."
masterKey = get_original_master_key(properties)
# Unable get the right master key or skipped question <enter>
if not masterKey:
print "To disable encryption, do the following:"
print "- Edit " + find_properties_file() + \
" and set " + SECURITY_IS_ENCRYPTION_ENABLED + " = " + "false."
err = "{0} is already encrypted. Please call {1} to store unencrypted" \
" password and call 'encrypt-passwords' again."
if db_sql_auth and db_password and is_alias_string(db_password):
print err.format('- Database password', "'" + SETUP_ACTION + "'")
if ldap_password and is_alias_string(ldap_password):
print err.format('- LDAP manager password', "'" + LDAP_SETUP_ACTION + "'")
if ts_password and is_alias_string(ts_password):
print err.format('TrustStore password', "'" + LDAP_SETUP_ACTION + "'")
return 1
pass
pass
pass
# Read back any encrypted passwords
if db_sql_auth and db_password and is_alias_string(db_password):
db_password = read_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, masterKey)
if ldap_password and is_alias_string(ldap_password):
ldap_password = read_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, masterKey)
if ts_password and is_alias_string(ts_password):
ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
# Read master key, if non-secure or reset is true
if resetKey or not isSecure:
masterKey = read_master_key(resetKey)
persist = get_YN_input("Do you want to persist master key. If you choose " \
"not to persist, you need to provide the Master " \
"Key while starting the ambari server as an env " \
"variable named " + SECURITY_KEY_ENV_VAR_NAME + \
" or the start will prompt for the master key."
" Persist [y/n] (y)? ", True)
if persist:
save_master_key(masterKey, get_master_key_location(properties) + os.sep +
SECURITY_MASTER_KEY_FILENAME, persist)
elif not persist and masterKeyFile:
try:
os.remove(masterKeyFile)
print_info_msg("Deleting master key file at location: " + str(
masterKeyFile))
except Exception, e:
print 'ERROR: Could not remove master key file. %s' % e
# Blow up the credential store made with previous key, if any
store_file = get_credential_store_location(properties)
if os.path.exists(store_file):
try:
os.remove(store_file)
except:
print_warning_msg("Failed to remove credential store file.")
pass
pass
def setup(options):
retcode = verify_setup_allowed()
if not retcode == 0:
raise FatalException(1, None)
if not is_root():
err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
raise FatalException(4, err)
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
return
(retcode, err) = disable_security_enhancements()
if not retcode == 0:
raise FatalException(retcode, err)
#Create ambari user, if needed
retcode = check_ambari_user()
if not retcode == 0:
err = 'Failed to create user. Exiting.'
raise FatalException(retcode, err)
print configDefaults.MESSAGE_CHECK_FIREWALL
check_firewall()
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
print 'Checking JDK...'
try:
download_and_install_jdk(options)
except FatalException as e:
err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
raise FatalException(e.code, err)
print 'Completing setup...'
retcode = configure_os_settings()
if not retcode == 0:
err = 'Configure of OS settings in ambari.properties failed. Exiting.'
raise FatalException(retcode, err)
print 'Configuring database...'
prompt_db_properties(options)
#DB setup should be done last after doing any setup.
_setup_database(options)
check_jdbc_drivers(options)
print 'Extracting system views...'
retcode = extract_views()
if not retcode == 0:
err = 'Error while extracting system views. Exiting'
raise FatalException(retcode, err)
# we've already done this, but new files were created so run it one time.
adjust_directory_permissions(read_ambari_user())
def setup_sso(options):
logger.info("Setup SSO.")
if not is_root():
raise FatalException(
4,
'ambari-server setup-sso should be run with root-level privileges')
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(
options)
if not options.sso_enabled:
sso_enabled_from_db = get_sso_property_from_db(
properties, admin_login, admin_password, SSO_MANAGE_SERVICES)
sso_enabled = sso_enabled_from_db == None or sso_enabled_from_db in [
'true'
]
print_info_msg(
"SSO is currently {0}".format(
"not configured" if sso_enabled_from_db == None else (
"enabled" if sso_enabled else "disabled")), True)
if sso_enabled:
enable_sso = not get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)? ",
False)
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)? ",
True):
enable_sso = True
else:
return False
else:
enable_sso = options.sso_enabled == 'true'
services = ''
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
services = get_services_requires_sso(options, properties,
admin_login, admin_password)
update_sso_conf(properties, enable_sso, services, admin_login,
admin_password)
enable_jwt_auth = WILDCARD_FOR_ALL_SERVICES == services or SERVICE_NAME_AMBARI in services
properties.process_pair(JWT_AUTH_ENBABLED,
"true" if enable_jwt_auth else "false")
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
environ = os.environ.copy()
# Need to handle master key not persisted scenario
if isSecure and not masterKeyFile:
prompt = False
masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
if masterKey is not None and masterKey != "":
pass
else:
keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
if keyLocation is not None:
try:
# Verify master key can be read by the java process
with open(keyLocation, 'r'):
pass
except IOError:
print_warning_msg("Cannot read Master key from path specified in "
"environemnt.")
prompt = True
else:
# Key not provided in the environment
prompt = True
if prompt:
import pwd
masterKey = get_original_master_key(properties)
tempDir = tempfile.gettempdir()
tempFilePath = tempDir + os.sep + "masterkey"
save_master_key(masterKey, tempFilePath, True)
if ambari_user != current_user:
uid = pwd.getpwnam(ambari_user).pw_uid
gid = pwd.getpwnam(ambari_user).pw_gid
os.chown(tempFilePath, uid, gid)
else:
os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
if tempFilePath is not None:
environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(java_exe,
ambari_provider_module_option,
jvm_args,
class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'), ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'), command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd, command=command)
param_list.append(cmd)
return (param_list, environ)
def server_process_main(options, scmStatus=None):
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg(
"The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
is_active_instance = get_is_active_instance()
if not is_active_instance:
print_warning_msg(
"This instance of ambari server is not designated as active. Cannot start ambari server."
)
err = "This is not an active instance. Shutting down..."
raise FatalException(1, err)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("Ambari Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
if not options.skip_properties_validation:
missing_properties = get_missing_properties(properties)
if missing_properties:
err = "Required properties are not found: " + str(missing_properties) + ". To skip properties validation " \
"use \"--skip-properties-validation\""
raise FatalException(1, err)
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
serverClassPath = ServerClassPath(properties, options)
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
if options.skip_database_validation:
global jvm_args
jvm_args += " -DskipDatabaseConsistencyValidation"
param_list = generate_child_process_param_list(
ambari_user, java_exe,
serverClassPath.get_full_ambari_classpath_escaped_for_shell(
validate_classpath=True), debug_start, suspend_mode)
environ = generate_env(options, ambari_user, current_user)
if not os.path.exists(configDefaults.PID_DIR):
os.makedirs(configDefaults.PID_DIR, 0755)
# The launched shell process and sub-processes should have a group id that
# is different from the parent.
def make_process_independent():
if IS_FOREGROUND: # upstart script is not able to track process from different pgid.
return
processId = os.getpid()
if processId > 0:
try:
os.setpgid(processId, processId)
except OSError, e:
print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(
pidJava, str(e)))
pass
def server_process_main(options, scmStatus=None):
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg("The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("TBDS Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"tbds-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
class_path = get_conf_dir()
class_path = os.path.abspath(class_path) + os.pathsep + get_ambari_classpath()
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
(param_list, environ) = generate_child_process_param_list(ambari_user, current_user,
java_exe, class_path, debug_start, suspend_mode)
if not os.path.exists(configDefaults.PID_DIR):
os.makedirs(configDefaults.PID_DIR, 0755)
print_info_msg("Running server: " + str(param_list))
procJava = subprocess.Popen(param_list, env=environ)
pidJava = procJava.pid
if pidJava <= 0:
procJava.terminate()
exitcode = procJava.returncode
exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
save_pid(exitcode, exitfile)
if scmStatus is not None:
scmStatus.reportStopPending()
raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
else:
pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
save_pid(pidJava, pidfile)
print "Server PID at: "+pidfile
print "Server out at: "+configDefaults.SERVER_OUT_FILE
print "Server log at: "+configDefaults.SERVER_LOG_FILE
wait_for_server_start(pidfile, scmStatus)
if scmStatus is not None:
scmStatus.reportStarted()
return procJava
def server_process_main(options, scmStatus=None):
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
raise FatalException(-1, err)
properties_for_print = []
logger.info("Ambari server properties config:")
for key, value in properties.getPropertyDict().items():
if "passwd" not in key and "password" not in key:
properties_for_print.append(key + "=" + value)
logger.info(properties_for_print)
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg(
"The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
is_active_instance = get_is_active_instance()
if not is_active_instance:
print_warning_msg(
"This instance of ambari server is not designated as active. Cannot start ambari server."
)
err = "This is not an active instance. Shutting down..."
raise FatalException(1, err)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("Ambari Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
if not options.skip_properties_validation:
missing_properties = get_missing_properties(properties)
if missing_properties:
err = "Required properties are not found: " + str(missing_properties) + ". To skip properties validation " \
"use \"--skip-properties-validation\""
raise FatalException(1, err)
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
serverClassPath = ServerClassPath(properties, options)
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
environ = generate_env(options, ambari_user, current_user)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell(
validate_classpath=True)
if options.skip_database_check:
global jvm_args
jvm_args += " -DskipDatabaseConsistencyCheck"
print "Ambari Server is starting with the database consistency check skipped. Do not make any changes to your cluster " \
"topology or perform a cluster upgrade until you correct the database consistency issues. See \"" \
+ configDefaults.DB_CHECK_LOG + "\" for more details on the consistency issues."
properties.process_pair(CHECK_DATABASE_SKIPPED_PROPERTY, "true")
else:
print "Ambari database consistency check started..."
if options.fix_database_consistency:
jvm_args += " -DfixDatabaseConsistency"
properties.process_pair(CHECK_DATABASE_SKIPPED_PROPERTY, "false")
update_properties(properties)
param_list = generate_child_process_param_list(ambari_user, java_exe,
class_path, debug_start,
suspend_mode)
# The launched shell process and sub-processes should have a group id that
# is different from the parent.
def make_process_independent():
if IS_FOREGROUND: # upstart script is not able to track process from different pgid.
return
processId = os.getpid()
if processId > 0:
try:
os.setpgid(processId, processId)
except OSError, e:
print_warning_msg('setpgid({0}, {0}) failed - {1}'.format(
pidJava, str(e)))
pass
def server_process_main(options, scmStatus=None):
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg("The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
is_active_instance = get_is_active_instance()
if not is_active_instance:
print_warning_msg("This instance of ambari server is not designated as active. Cannot start ambari server.")
err = "This is not an active instance. Shutting down..."
raise FatalException(1, err)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("Ambari Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
class_path = get_conf_dir()
class_path = os.path.abspath(class_path) + os.pathsep + get_ambari_classpath()
jdbc_driver_path = get_jdbc_driver_path(options, properties)
if jdbc_driver_path not in class_path:
class_path = class_path + os.pathsep + jdbc_driver_path
if SERVER_CLASSPATH_KEY in os.environ:
class_path = os.environ[SERVER_CLASSPATH_KEY] + os.pathsep + class_path
native_libs_path = get_native_libs_path(options, properties)
if native_libs_path is not None:
if LIBRARY_PATH_KEY in os.environ:
native_libs_path = os.environ[LIBRARY_PATH_KEY] + os.pathsep + native_libs_path
os.environ[LIBRARY_PATH_KEY] = native_libs_path
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
param_list = generate_child_process_param_list(ambari_user, java_exe,
class_path, debug_start,
suspend_mode)
environ = generate_env(ambari_user, current_user)
if not os.path.exists(configDefaults.PID_DIR):
os.makedirs(configDefaults.PID_DIR, 0755)
print_info_msg("Running server: " + str(param_list))
procJava = subprocess.Popen(param_list, env=environ)
pidJava = procJava.pid
if pidJava <= 0:
procJava.terminate()
exitcode = procJava.returncode
exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
save_pid(exitcode, exitfile)
if scmStatus is not None:
scmStatus.reportStopPending()
raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
else:
# Change the group id to the process id of the parent so that the launched
# process and sub-processes have a group id that is different from the parent.
try:
os.setpgid(pidJava, 0)
except OSError, e:
print_warning_msg('setpgid({0}, 0) failed - {1}'.format(pidJava, str(e)))
pass
pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
save_pid(pidJava, pidfile)
print "Server PID at: "+pidfile
print "Server out at: "+configDefaults.SERVER_OUT_FILE
print "Server log at: "+configDefaults.SERVER_LOG_FILE
wait_for_server_start(pidfile, scmStatus)
def upgrade(args):
if not is_root():
err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
raise FatalException(4, err)
print 'Updating properties in ' + AMBARI_PROPERTIES_FILE + ' ...'
retcode = update_ambari_properties()
if not retcode == 0:
err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
try:
update_database_name_property(upgrade=True)
except FatalException:
return -1
# Ignore the server version & database options passed via command-line arguments
parse_properties_file(args)
#TODO check database version
change_objects_owner(args)
retcode = run_schema_upgrade()
if not retcode == 0:
print_error_msg(
"Ambari server upgrade failed. Please look at {0}, for more details."
.format(configDefaults.SERVER_LOG_FILE))
raise FatalException(11, 'Schema upgrade failed.')
user = read_ambari_user()
if user is None:
warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
print_warning_msg(warn)
else:
adjust_directory_permissions(user)
# local repo
upgrade_local_repo(args)
# create jdbc symlinks if jdbc drivers are available in resources
check_jdbc_drivers(args)
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
print_error_msg(err)
raise FatalException(-1, err)
# Move *.py files from custom_actions to custom_actions/scripts
# This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
ambari_version = get_ambari_version(properties)
if ambari_version is None:
args.warnings.append(
"*.py files were not moved from custom_actions to custom_actions/scripts."
)
elif compare_versions(ambari_version, "2.0.0") == 0:
move_user_custom_actions()
# Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
admin_views_dirs = get_admin_views_dir(properties)
for admin_views_dir in admin_views_dirs:
shutil.rmtree(admin_views_dir)
# check if ambari has obsolete LDAP configuration
if properties.get_property(
LDAP_PRIMARY_URL_PROPERTY
) and not properties.get_property(IS_LDAP_CONFIGURED):
args.warnings.append(
"Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
)
def sync_ldap(options):
if not is_root():
err = 'Ambari-server sync-ldap should be run with ' \
'root-level privileges'
raise FatalException(4, err)
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
properties = get_ambari_properties()
if properties == -1:
raise FatalException(1, "Failed to read properties file.")
ldap_configured = properties.get_property(IS_LDAP_CONFIGURED)
if ldap_configured != 'true':
err = "LDAP is not configured. Run 'ambari-server setup-ldap' first."
raise FatalException(1, err)
# set ldap sync options
ldap_sync_options = LdapSyncOptions(options)
if ldap_sync_options.no_ldap_sync_options_set():
err = 'Must specify a sync option (all, existing, users or groups). Please invoke ambari-server.py --help to print the options.'
raise FatalException(1, err)
admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: "******"Enter Ambari Admin password: "******"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]
elif ldap_sync_options.ldap_sync_existing:
sys.stdout.write('Syncing existing.')
bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"existing"},{"principal_type":"groups","sync_type":"existing"}]}}]
else:
sys.stdout.write('Syncing specified users and groups.')
bodies = [{"Event":{"specs":[]}}]
body = bodies[0]
events = body['Event']
specs = events['specs']
if ldap_sync_options.ldap_sync_users is not None:
new_specs = [{"principal_type":"users","sync_type":"specific","names":""}]
get_ldap_event_spec_names(ldap_sync_options.ldap_sync_users, specs, new_specs)
if ldap_sync_options.ldap_sync_groups is not None:
new_specs = [{"principal_type":"groups","sync_type":"specific","names":""}]
get_ldap_event_spec_names(ldap_sync_options.ldap_sync_groups, specs, new_specs)
if get_verbose():
sys.stdout.write('\nCalling API ' + url + ' : ' + str(bodies) + '\n')
request.add_data(json.dumps(bodies))
request.get_method = lambda: 'POST'
try:
response = urllib2.urlopen(request)
except Exception as e:
err = 'Sync event creation failed. Error details: %s' % e
raise FatalException(1, err)
response_status_code = response.getcode()
if response_status_code != 201:
err = 'Error during syncing. Http status code - ' + str(response_status_code)
raise FatalException(1, err)
response_body = json.loads(response.read())
url = response_body['resources'][0]['href']
request = urllib2.Request(url)
request.add_header('Authorization', 'Basic %s' % admin_auth)
request.add_header('X-Requested-By', 'ambari')
body = [{"LDAP":{"synced_groups":"*","synced_users":"*"}}]
request.add_data(json.dumps(body))
request.get_method = lambda: 'GET'
request_in_progress = True
while request_in_progress:
sys.stdout.write('.')
sys.stdout.flush()
try:
response = urllib2.urlopen(request)
except Exception as e:
request_in_progress = False
err = 'Sync event check failed. Error details: %s' % e
raise FatalException(1, err)
response_status_code = response.getcode()
if response_status_code != 200:
err = 'Error during syncing. Http status code - ' + str(response_status_code)
raise FatalException(1, err)
response_body = json.loads(response.read())
sync_info = response_body['Event']
if sync_info['status'] == 'ERROR':
raise FatalException(1, str(sync_info['status_detail']))
elif sync_info['status'] == 'COMPLETE':
print '\n\nCompleted LDAP Sync.'
print 'Summary:'
for principal_type, summary in sync_info['summary'].iteritems():
print ' {0}:'.format(principal_type)
for action, amount in summary.iteritems():
print ' {0} = {1!s}'.format(action, amount)
request_in_progress = False
else:
time.sleep(1)
sys.stdout.write('\n')
sys.stdout.flush()
def generate_child_process_param_list(ambari_user, current_user, java_exe,
class_path, debug_start, suspend_mode):
from ambari_commons.os_linux import ULIMIT_CMD
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
environ = os.environ.copy()
# Need to handle master key not persisted scenario
if isSecure and not masterKeyFile:
prompt = False
masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
if masterKey is not None and masterKey != "":
pass
else:
keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
if keyLocation is not None:
try:
# Verify master key can be read by the java process
with open(keyLocation, 'r'):
pass
except IOError:
print_warning_msg(
"Cannot read Master key from path specified in "
"environemnt.")
prompt = True
else:
# Key not provided in the environment
prompt = True
if prompt:
import pwd
masterKey = get_original_master_key(properties)
tempDir = tempfile.gettempdir()
tempFilePath = tempDir + os.sep + "masterkey"
save_master_key(masterKey, tempFilePath, True)
if ambari_user != current_user:
uid = pwd.getpwnam(ambari_user).pw_uid
gid = pwd.getpwnam(ambari_user).pw_gid
os.chown(tempFilePath, uid, gid)
else:
os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
if tempFilePath is not None:
environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
ulimit_cmd = "%s %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)))
command = command_base.format(
java_exe, ambari_provider_module_option, jvm_args, class_path,
configDefaults.SERVER_OUT_FILE,
os.path.join(configDefaults.PID_DIR, EXITCODE_NAME), suspend_mode)
# required to start properly server instance
os.chdir(configDefaults.ROOT_FS_PATH)
#For properly daemonization server should be started using shell as parent
param_list = [locate_file('sh', '/bin'), "-c"]
if is_root() and ambari_user != "root":
# To inherit exported environment variables (especially AMBARI_PASSPHRASE),
# from subprocess, we have to skip --login option of su command. That's why
# we change dir to / (otherwise subprocess can face with 'permission denied'
# errors while trying to list current directory
cmd = "{ulimit_cmd} ; {su} {ambari_user} -s {sh_shell} -c '{command}'".format(
ulimit_cmd=ulimit_cmd,
su=locate_file('su', '/bin'),
ambari_user=ambari_user,
sh_shell=locate_file('sh', '/bin'),
command=command)
else:
cmd = "{ulimit_cmd} ; {command}".format(ulimit_cmd=ulimit_cmd,
command=command)
param_list.append(cmd)
return (param_list, environ)
def ensure_server_security_is_configured():
if not is_root():
print "Unable to check firewall status when starting without root privileges."
print "Please do not forget to disable or adjust firewall if needed"
def setup(options):
if options.only_silent:
if check_setup_already_done():
print "Nothing was done. Ambari Setup already performed and cannot re-run setup in silent mode. Use \"ambari-server setup\" command without -s option to change Ambari setup."
sys.exit(0)
retcode = verify_setup_allowed(options)
if not retcode == 0:
raise FatalException(1, None)
if not is_root():
err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
raise FatalException(4, err)
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
return
(retcode, err) = disable_security_enhancements()
if not retcode == 0:
raise FatalException(retcode, err)
#Create ambari user, if needed
(retcode, register_service, svc_user, svc_password) = check_ambari_user(options)
if not retcode == 0:
err = 'Failed to create user. Exiting.'
raise FatalException(retcode, err)
print configDefaults.MESSAGE_CHECK_FIREWALL
check_firewall()
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
print 'Checking JDK...'
try:
download_and_install_jdk(options)
except FatalException as e:
err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
raise FatalException(e.code, err)
print 'Completing setup...'
retcode = configure_os_settings()
if not retcode == 0:
err = 'Configure of OS settings in ambari.properties failed. Exiting.'
raise FatalException(retcode, err)
print 'Configuring database...'
prompt_db_properties(options)
#DB setup should be done last after doing any setup.
_setup_database(options)
check_jdbc_drivers(options)
print 'Extracting system views...'
retcode = extract_views()
if not retcode == 0:
err = 'Error while extracting system views. Exiting'
raise FatalException(retcode, err)
# we've already done this, but new files were created so run it one time.
adjust_directory_permissions(svc_user)
service_setup(register_service, svc_user, svc_password)
def server_process_main(options, scmStatus=None):
# debug mode, including stop Java process at startup
try:
set_debug_mode_from_options(options)
except AttributeError:
pass
if not check_reverse_lookup():
print_warning_msg(
"The hostname was not found in the reverse DNS lookup. "
"This may result in incorrect behavior. "
"Please check the DNS setup and fix the issue.")
check_database_name_property()
parse_properties_file(options)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
print_info_msg("Ambari Server is not running...")
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
# Preparations
if is_root():
print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
ensure_jdbc_driver_is_installed(options, properties)
ensure_dbms_is_running(options, properties, scmStatus)
if scmStatus is not None:
scmStatus.reportStartPending()
refresh_stack_hash(properties)
if scmStatus is not None:
scmStatus.reportStartPending()
ensure_server_security_is_configured()
if scmStatus is not None:
scmStatus.reportStartPending()
java_exe = get_java_exe_path()
class_path = get_conf_dir()
class_path = os.path.abspath(
class_path) + os.pathsep + get_ambari_classpath()
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SERVER_START_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
(param_list,
environ) = generate_child_process_param_list(ambari_user, current_user,
java_exe, class_path,
debug_start, suspend_mode)
if not os.path.exists(configDefaults.PID_DIR):
os.makedirs(configDefaults.PID_DIR, 0755)
print_info_msg("Running server: " + str(param_list))
procJava = subprocess.Popen(param_list, env=environ)
pidJava = procJava.pid
if pidJava <= 0:
procJava.terminate()
exitcode = procJava.returncode
exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
save_pid(exitcode, exitfile)
if scmStatus is not None:
scmStatus.reportStopPending()
raise FatalException(
-1,
AMBARI_SERVER_DIE_MSG.format(exitcode,
configDefaults.SERVER_OUT_FILE))
else:
pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
save_pid(pidJava, pidfile)
print "Server PID at: " + pidfile
print "Server out at: " + configDefaults.SERVER_OUT_FILE
print "Server log at: " + configDefaults.SERVER_LOG_FILE
wait_for_server_start(pidfile, scmStatus)
if scmStatus is not None:
scmStatus.reportStarted()
return procJava
def ensure_server_security_is_configured():
if not is_root():
print "Unable to check firewall status when starting without root privileges."
print "Please do not forget to disable or adjust firewall if needed"
def upgrade(args):
print_info_msg("Upgrade Ambari Server", True)
if not is_root():
err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
raise FatalException(4, err)
print_info_msg(
'Updating Ambari Server properties in {0} ...'.format(
AMBARI_PROPERTIES_FILE), True)
retcode = update_ambari_properties()
if not retcode == 0:
err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
print_info_msg(
'Updating Ambari Server properties in {0} ...'.format(AMBARI_ENV_FILE),
True)
retcode = update_ambari_env()
if not retcode == 0:
err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
retcode = update_krb_jaas_login_properties()
if retcode == -2:
pass # no changes done, let's be silent
elif retcode == 0:
print_info_msg("File {0} updated.".format(AMBARI_KRB_JAAS_LOGIN_FILE),
True)
elif not retcode == 0:
err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
restore_custom_services()
replay_mpack_logs()
try:
update_database_name_property(upgrade=True)
except FatalException:
return -1
# Ignore the server version & database options passed via command-line arguments
parse_properties_file(args)
#TODO check database version
change_objects_owner(args)
retcode = run_schema_upgrade(args)
if not retcode == 0:
print_error_msg(
"Ambari server upgrade failed. Please look at {0}, for more details."
.format(configDefaults.SERVER_LOG_FILE))
raise FatalException(11, 'Schema upgrade failed.')
user = read_ambari_user()
if user is None:
warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
print_warning_msg(warn)
else:
adjust_directory_permissions(user)
# create jdbc symlinks if jdbc drivers are available in resources
check_jdbc_drivers(args)
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
print_error_msg(err)
raise FatalException(-1, err)
# Move *.py files from custom_actions to custom_actions/scripts
# This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
ambari_version = get_ambari_version(properties)
if ambari_version is None:
args.warnings.append(
"*.py files were not moved from custom_actions to custom_actions/scripts."
)
elif compare_versions(ambari_version, "2.0.0") == 0:
move_user_custom_actions()
# Move files installed by package to default views directory to a custom one
for views_dir in get_views_dir(properties):
root_views_dir = views_dir + "/../"
if os.path.samefile(root_views_dir, get_default_views_dir()):
continue
for file in glob.glob(get_default_views_dir() + '/*'):
shutil.move(file, root_views_dir)
# Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
admin_views_dirs = get_admin_views_dir(properties)
for admin_views_dir in admin_views_dirs:
shutil.rmtree(admin_views_dir)
# Modify timestamp of views jars to current time
views_jars = get_views_jars(properties)
for views_jar in views_jars:
os.utime(views_jar, None)
# check if ambari is configured to use LDAP authentication
if properties.get_property(CLIENT_SECURITY) == "ldap":
args.warnings.append(
"LDAP authentication is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration."
)
# adding custom jdbc name and previous custom jdbc properties
# we need that to support new dynamic jdbc names for upgraded ambari
add_jdbc_properties(properties)
json_url = get_json_url_from_repo_file()
if json_url:
print "Ambari repo file contains latest json url {0}, updating stacks repoinfos with it...".format(
json_url)
properties = get_ambari_properties()
stack_root = get_stack_location(properties)
update_latest_in_repoinfos_for_stacks(stack_root, json_url)
else:
print "Ambari repo file doesn't contain latest json url, skipping repoinfos modification"
def upgrade(args):
if not is_root():
err = configDefaults.MESSAGE_ERROR_UPGRADE_NOT_ROOT
raise FatalException(4, err)
print 'Updating properties in ' + AMBARI_PROPERTIES_FILE + ' ...'
retcode = update_ambari_properties()
if not retcode == 0:
err = AMBARI_PROPERTIES_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
retcode = update_ambari_env()
if not retcode == 0:
err = AMBARI_ENV_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
retcode = update_krb_jaas_login_properties()
if retcode == -2:
pass # no changes done, let's be silent
elif retcode == 0:
print 'File ' + AMBARI_KRB_JAAS_LOGIN_FILE + ' updated.'
elif not retcode == 0:
err = AMBARI_KRB_JAAS_LOGIN_FILE + ' file can\'t be updated. Exiting'
raise FatalException(retcode, err)
restore_custom_services()
try:
update_database_name_property(upgrade=True)
except FatalException:
return -1
# Ignore the server version & database options passed via command-line arguments
parse_properties_file(args)
#TODO check database version
change_objects_owner(args)
retcode = run_schema_upgrade(args)
if not retcode == 0:
print_error_msg("Ambari server upgrade failed. Please look at {0}, for more details.".format(configDefaults.SERVER_LOG_FILE))
raise FatalException(11, 'Schema upgrade failed.')
user = read_ambari_user()
if user is None:
warn = "Can not determine custom ambari user.\n" + SETUP_OR_UPGRADE_MSG
print_warning_msg(warn)
else:
adjust_directory_permissions(user)
# local repo
upgrade_local_repo(args)
# create jdbc symlinks if jdbc drivers are available in resources
check_jdbc_drivers(args)
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
print_error_msg(err)
raise FatalException(-1, err)
# Move *.py files from custom_actions to custom_actions/scripts
# This code exists for historic reasons in which custom action python scripts location changed from Ambari 1.7.0 to 2.0.0
ambari_version = get_ambari_version(properties)
if ambari_version is None:
args.warnings.append("*.py files were not moved from custom_actions to custom_actions/scripts.")
elif compare_versions(ambari_version, "2.0.0") == 0:
move_user_custom_actions()
# Remove ADMIN_VIEW directory for upgrading Admin View on Ambari upgrade from 1.7.0 to 2.0.0
admin_views_dirs = get_admin_views_dir(properties)
for admin_views_dir in admin_views_dirs:
shutil.rmtree(admin_views_dir)
# Remove ambari views directory for the rest of the jars, at the time of upgrade. At restart all jars present in Ambari will be extracted into work directory
views_dir = get_views_dir(properties)
for views in views_dir:
shutil.rmtree(views)
# check if ambari has obsolete LDAP configuration
if properties.get_property(LDAP_PRIMARY_URL_PROPERTY) and not properties.get_property(IS_LDAP_CONFIGURED):
args.warnings.append("Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration.")
def setup(options):
modifyGlobalConstant(options.use_default)
retcode = verify_setup_allowed()
if not retcode == 0:
raise FatalException(1, None)
if not is_root():
err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
raise FatalException(4, err)
if _check_repo_options(options):
configureRepoURL(options.repo_url)
if _check_hostname(options):
configureHostname(options.hostname)
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
return
(retcode, err) = disable_security_enhancements()
if not retcode == 0:
raise FatalException(retcode, err)
#Create tbds user, if needed
retcode = check_ambari_user()
if not retcode == 0:
err = 'Failed to create user. Exiting.'
raise FatalException(retcode, err)
print configDefaults.MESSAGE_CHECK_FIREWALL
check_firewall()
# proceed jdbc properties if they were set
if _check_jdbc_options(options):
proceedJDBCProperties(options)
print 'Checking JDK...'
try:
download_and_install_jdk(options)
except FatalException as e:
err = 'Downloading or installing JDK failed: {0}. Exiting.'.format(e)
raise FatalException(e.code, err)
print 'Completing setup...'
retcode = configure_os_settings()
if not retcode == 0:
err = 'Configure of OS settings in tbds.properties failed. Exiting.'
raise FatalException(retcode, err)
print 'Configuring database...'
prompt_db_properties(options)
#DB setup should be done last after doing any setup.
_setup_database(options)
check_jdbc_drivers(options)
print 'Extracting system views...'
retcode = extract_views()
if not retcode == 0:
err = 'Error while extracting system views. Exiting'
raise FatalException(retcode, err)
# we've already done this, but new files were created so run it one time.
adjust_directory_permissions(read_ambari_user())