def do_checks(self):
try:
user = read_ambari_user()
create_user = False
update_user_setting = False
if user is not None:
create_user = get_YN_input(self.NR_USER_CHANGE_PROMPT.format(user), False)
update_user_setting = create_user # Only if we will create another user
else: # user is not configured yet
update_user_setting = True # Write configuration anyway
create_user = get_YN_input(self.NR_USER_CUSTOMIZE_PROMPT, False)
if not create_user:
user = self.NR_DEFAULT_USER
if create_user:
(retcode, user) = self._create_custom_user()
if retcode != 0:
return retcode
if update_user_setting:
write_property(NR_USER_PROPERTY, user)
adjust_directory_permissions(user)
except OSError as e:
print_error_msg("Failed: %s" % str(e))
return 4
except Exception as e:
print_error_msg("Unexpected error %s" % str(e))
return 1
return 0
def run_db_cleanup(options):
if validate_args(options):
return 1
db_title = get_db_type(get_ambari_properties()).title
confirmBackup = get_YN_input("Ambari Server configured for {0}. Confirm you have made a backup of the Ambari Server database [y/n]".format(
db_title), True)
if not confirmBackup:
print_info_msg("Ambari Server Database cleanup aborted")
return 0
status, stateDesc = is_server_runing()
if status:
print_error_msg("The database cleanup cannot proceed while Ambari Server is running. Please shut down Ambari first.")
return 1
confirm = get_YN_input(
"Ambari server is using db type {0}. Cleanable database entries older than {1} will be cleaned up. Proceed [y/n]".format(
db_title, options.cleanup_from_date), True)
if not confirm:
print_info_msg("Ambari Server Database cleanup aborted")
return 0
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" command to install a JDK automatically or install any "
"JDK manually to {0}".format(configDefaults.JDK_INSTALL_DIR));
return 1
ensure_jdbc_driver_is_installed(options, get_ambari_properties())
serverClassPath = ServerClassPath(get_ambari_properties(), options)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(options, ambari_user, current_user)
print "Cleaning up the database ..."
command = DB_CLEANUP_CMD.format(jdk_path, class_path, options.cluster_name, options.cleanup_from_date)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
print_info_msg("Return code from database cleanup command, retcode = " + str(retcode))
if stdout:
print "Console output from database cleanup command:"
print stdout
print
if stderr:
print "Error output from database cleanup command:"
print stderr
print
if retcode > 0:
print_error_msg("Error wncountered while cleaning up the Ambari Server Database. Check the ambari-server.log for details.")
else:
print "Cleanup completed. Check the ambari-server.log for details."
return retcode
def setup_component_https(component, command, property, alias):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
use_https = properties.get_property(property) in ['true']
if use_https:
if get_YN_input(
"Do you want to disable HTTPS for " + component +
" [y/n] (n)? ", False):
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_component_https_cmd(
get_delete_cert_command(jdk_path, alias, truststore_path,
truststore_password))
properties.process_pair(property, "false")
else:
return
else:
if get_YN_input(
"Do you want to configure HTTPS for " + component +
" [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_os_command(
get_delete_cert_command(jdk_path, alias, truststore_path,
truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to " + component + " Certificate: ", \
"Certificate not found")
run_component_https_cmd(
get_import_cert_command(jdk_path, alias, truststore_type,
import_cert_path, truststore_path,
truststore_password))
properties.process_pair(property, "true")
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server " + command + "' command")
else:
print command + " is not enabled in silent mode."
def setup_https(args):
if not is_root():
err = 'ambari-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT)
api_ssl_old_value = properties.get_property(SSL_API)
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-https' command")
if api_ssl_old_value != properties.get_property(SSL_API) \
or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT):
print "Ambari server URL changed. To make use of the Tez View in Ambari " \
"please update the property tez.tez-ui.history-url.base in tez-site"
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def ensure_jdbc_driver_installed(self, properties):
server_jdbc_path = properties.get_property(JDBC_DRIVER_PATH_PROPERTY)
if server_jdbc_path and os.path.isfile(server_jdbc_path):
return True
default_driver_path = self._get_default_driver_path(properties)
if default_driver_path and os.path.isfile(default_driver_path):
ambari_should_use_existing_default_jdbc = get_YN_input(
"Should ambari use existing default jdbc {0} [y/n] (y)? ".
format(default_driver_path), True)
if ambari_should_use_existing_default_jdbc:
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY,
default_driver_path)
update_properties(properties)
return True
path_to_custom_jdbc_driver = get_validated_string_input(
"Enter full path to custom jdbc driver: ", None, None, None, False,
False)
if path_to_custom_jdbc_driver and os.path.isfile(
path_to_custom_jdbc_driver):
try:
custom_jdbc_name = os.path.basename(path_to_custom_jdbc_driver)
if not path_to_custom_jdbc_driver == os.path.join(
configDefaults.JAVA_SHARE_PATH, custom_jdbc_name):
if os.path.isfile(
os.path.join(configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name)):
replace_jdbc_in_share_dir = get_YN_input(
"You already have file {0} in /usr/share/java/. Should it be replaced? [y/n] (y)? "
.format(custom_jdbc_name), True)
if replace_jdbc_in_share_dir:
try:
os.remove(
os.path.join(
configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name))
except Exception, ee:
err = 'ERROR: Could not remove jdbc file. %s' % os.path.join(
configDefaults.JAVA_SHARE_PATH,
custom_jdbc_name)
raise FatalException(1, err)
shutil.copy(path_to_custom_jdbc_driver,
configDefaults.JAVA_SHARE_PATH)
print "Copying {0} to {1}".format(
path_to_custom_jdbc_driver,
configDefaults.JAVA_SHARE_PATH)
except Exception, e:
err = "Can not copy file {0} to {1} due to: {2} . Please check file " \
"permissions and free disk space.".format(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH, str(e))
raise FatalException(1, err)
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY,
path_to_custom_jdbc_driver)
update_properties(properties)
return True
def setup_https(args):
if not is_root():
warn = 'ambari-server setup-https is run as ' \
'non-root user, some sudo privileges might be required'
print warn
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ",
False):
properties.process_pair(SSL_API, "false")
cert_must_import = False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ",
True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(
security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def setup_sso(options):
print_info_msg("Setup SSO.")
server_status, pid = is_server_runing()
if not server_status:
err = 'Ambari Server is not running.'
raise FatalException(1, err)
if not get_silent():
validate_options(options)
ambari_properties = get_ambari_properties()
admin_login, admin_password = get_ambari_admin_username_password_pair(options)
properties = get_sso_properties(ambari_properties, admin_login, admin_password)
if not options.sso_enabled:
sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None)
if sso_enabled:
sso_status = "enabled" if sso_enabled == "true" else "disabled"
else:
sso_status = "not configured"
sys.stdout.write("\nSSO is currently %s\n" % sso_status)
if sso_status == "enabled":
enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False)
else:
if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True):
enable_sso = True
else:
return False
else:
enable_sso = options.sso_enabled == 'true'
services = None
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password)
enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services)
properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false"
properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false"
properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else ""
update_sso_conf(ambari_properties, properties, admin_login, admin_password)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def setup_truststore(options, import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False
truststore_reconfigure = True if options.trust_store_reconfigure is not None else False
if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
#Re-configuration enabled only for option "Setup truststore"
if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\
and (truststore_reconfigure or get_YN_input(
"The truststore is already configured. Do you want to re-configure "
"the truststore [y/n] (y)? ", True)):
properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
truststore_type = get_and_persist_truststore_type(properties, options)
truststore_path = get_and_persist_truststore_path(properties, options)
truststore_password = get_and_persist_truststore_password(properties, options)
if import_cert:
import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True)
if import_cert_confirm:
aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None
alias = aliasOption if aliasOption is not None \
else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input("Enter path to certificate: ",
"Certificate not found",
answer=options.import_cert_path)
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def setup_truststore(import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
if get_YN_input("Do you want to configure a truststore [y/n] (y)? ",
True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
if import_cert:
if get_YN_input(
"Do you want to import a certificate [y/n] (y)? ",
True):
alias = get_validated_string_input(
"Please enter an alias for the certificate: ", "",
None, None, False, False)
run_os_command(
get_delete_cert_command(jdk_path, alias,
truststore_path,
truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to certificate: ", \
"Certificate not found")
run_component_https_cmd(
get_import_cert_command(jdk_path, alias,
truststore_type,
import_cert_path,
truststore_path,
truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f,
"Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def setup_https(args):
if not is_root():
err = 'tbds-server setup-https should be run with ' \
'root-level privileges'
raise FatalException(4, err)
args.exit_message = None
if not get_silent():
properties = get_ambari_properties()
try:
security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
else properties.get_property(SSL_API_PORT)
api_ssl = properties.get_property(SSL_API) in ['true']
cert_was_imported = False
cert_must_import = True
if api_ssl:
if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
properties.process_pair(SSL_API, "false")
cert_must_import=False
else:
properties.process_pair(SSL_API_PORT, \
get_validated_string_input( \
"SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), \
"^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
properties.process_pair(SSL_API_PORT, \
get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
else:
return False
if cert_must_import and not cert_was_imported:
print 'Setup of HTTPS failed. Exiting.'
return False
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'tbds-server setup-https' command")
ambari_user = read_ambari_user()
if ambari_user:
adjust_directory_permissions(ambari_user)
return True
except (KeyError), e:
err = 'Property ' + str(e) + ' is not defined'
raise FatalException(1, err)
def check_gpl_license_approved(upgrade_response):
if 'lzo_enabled' not in upgrade_response or upgrade_response['lzo_enabled'].lower() != "true":
set_property(GPL_LICENSE_ACCEPTED_PROPERTY, "false", rewrite=False)
return
while not write_gpl_license_accepted(text = LZO_ENABLED_GPL_TEXT) and not get_YN_input(INSTALLED_LZO_WITHOUT_GPL_TEXT, False):
pass
def setup_pam():
if not is_root():
err = 'Ambari-server setup-pam should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
if get_value_from_properties(properties, CLIENT_SECURITY_KEY,
"") == 'ldap':
err = "LDAP is configured. Can not setup PAM."
raise FatalException(1, err)
pam_property_value_map = {}
pam_property_value_map[CLIENT_SECURITY_KEY] = 'pam'
pamConfig = get_validated_string_input("Enter PAM configuration file: ",
PAM_CONFIG_FILE, REGEX_ANYTHING,
"Invalid characters in the input!",
False, False)
pam_property_value_map[PAM_CONFIG_FILE] = pamConfig
if get_YN_input(
"Do you want to allow automatic group creation [y/n] (y)? ", True):
pam_property_value_map[AUTO_GROUP_CREATION] = 'true'
else:
pam_property_value_map[AUTO_GROUP_CREATION] = 'false'
update_properties_2(properties, pam_property_value_map)
print 'Saving...done'
return 0
def run_schema_upgrade():
db_title = get_db_type(get_ambari_properties()).title
confirm = get_YN_input("Ambari Server configured for %s. Confirm "
"you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True)
if not confirm:
print_error_msg("Database backup is not confirmed")
return 1
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
return 1
print 'Upgrading database schema'
command = SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, get_full_ambari_classpath())
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(ambari_user, current_user)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
print_info_msg("Return code from schema upgrade command, retcode = " + str(retcode))
if retcode > 0:
print_error_msg("Error executing schema upgrade, please check the server logs.")
else:
print_info_msg('Schema upgrade completed')
return retcode
def do_checks(self):
try:
user = read_ambari_user()
if not user:
user = self.NR_DEFAULT_USER
if self.user is not None: #Command-line parameter is the default
update_user_setting = True
prompt_msg = self.NR_USER_CUSTOMIZE_PROMPT.format('y')
else:
update_user_setting = False
if user != self.NR_DEFAULT_USER:
prompt_msg = self.NR_USER_CHANGE_PROMPT.format(user, 'n')
else:
prompt_msg = self.NR_USER_CUSTOMIZE_PROMPT.format('n')
self.user = user if user else self.NR_DEFAULT_USER
self.register_service = get_YN_input(prompt_msg, update_user_setting)
if self.register_service:
retcode = self._create_custom_user()
if retcode != 0:
return retcode
adjust_directory_permissions(self.user)
except OSError as e:
print_error_msg("Failed: %s" % str(e))
return 4
except Exception as e:
print_error_msg("Unexpected error %s" % str(e))
return 1
return 0
def reset(options):
if not is_root():
err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT
raise FatalException(4, err)
status, stateDesc = is_server_runing()
if status:
err = 'Ambari-server must be stopped to reset'
raise FatalException(1, err)
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
choice = get_YN_input("**** WARNING **** You are about to reset and clear the "
"Ambari Server database. This will remove all cluster "
"host and configuration information from the database. "
"You will be required to re-configure the Ambari server "
"and re-run the cluster wizard. \n"
"Are you SURE you want to perform the reset "
"[yes/no] ({0})? ".format(default), get_silent())
okToRun = choice
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
_reset_database(options)
pass
def check_selinux():
try:
retcode, out, err = run_os_command(GET_SE_LINUX_ST_CMD)
se_status = re.search('(disabled|enabled)', out).group(0)
print "SELinux status is '" + se_status + "'"
if se_status == SE_STATUS_DISABLED:
return 0
else:
try:
se_mode = re.search('(enforcing|permissive)', out).group(0)
except AttributeError:
err = "Error determining SELinux mode. Exiting."
raise FatalException(1, err)
print "SELinux mode is '" + se_mode + "'"
if se_mode == SE_MODE_ENFORCING:
print "Temporarily disabling SELinux"
run_os_command(SE_SETENFORCE_CMD)
print_warning_msg(
"SELinux is set to 'permissive' mode and temporarily disabled.")
ok = get_YN_input("OK to continue [y/n] (y)? ", True)
if not ok:
raise FatalException(1, None)
return 0
except OSError:
print_warning_msg("Could not run {0}: OK".format(GET_SE_LINUX_ST_CMD))
return 0
def setup_kerberos(options):
logger.info("Setting up Kerberos authentication...")
if not is_root():
err = "ambari-server setup-kerberos should be run with root-level privileges"
raise FatalException(4, err)
properties = get_ambari_properties()
kerberos_property_list_required = init_kerberos_properties_list(
properties, options)
kerberos_property_value_map = {}
for kerberos_property in kerberos_property_list_required:
input = get_validated_string_input(
kerberos_property.kerberos_prop_val_prompt,
kerberos_property.kerberos_prop_name,
kerberos_property.prompt_regex, "Invalid characters in the input!",
False, kerberos_property.allow_empty_prompt)
if input is not None and input != "":
kerberos_property_value_map[kerberos_property.prop_name] = input
print "Properties to be updated / written into ambari properties:"
pp = pprint.PrettyPrinter()
pp.pprint(kerberos_property_value_map)
save = get_YN_input("Save settings [y/n] (y)? ", True)
if save:
update_properties_2(properties, kerberos_property_value_map)
print "Kerberos authentication settings successfully saved. Please restart the server in order for the new settings to take effect."
else:
print "Kerberos authentication settings aborted."
return 0
def setup_sso(options):
logger.info("Setup SSO.")
if not is_root():
raise FatalException(
4,
'ambari-server setup-sso should be run with root-level privileges')
if not get_silent():
validateOptions(options)
properties = get_ambari_properties()
must_setup_params = False
if not options.sso_enabled:
sso_enabled = properties.get_property(
JWT_AUTH_ENBABLED).lower() in ['true']
if sso_enabled:
if get_YN_input(
"Do you want to disable SSO authentication [y/n] (n)?",
False):
properties.process_pair(JWT_AUTH_ENBABLED, "false")
else:
if get_YN_input(
"Do you want to configure SSO authentication [y/n] (y)?",
True):
properties.process_pair(JWT_AUTH_ENBABLED, "true")
must_setup_params = True
else:
return False
else:
properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled)
must_setup_params = options.sso_enabled == 'true'
if must_setup_params:
populateSsoProviderUrl(options, properties)
populateSsoPublicCert(options, properties)
populateJwtCookieName(options, properties)
populateJwtAudiences(options, properties)
update_properties(properties)
pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
pass
def run_schema_upgrade(args):
db_title = get_db_type(get_ambari_properties()).title
confirm = get_YN_input(
"Ambari Server configured for %s. Confirm "
"you have made a backup of the Ambari Server database [y/n] (y)? " %
db_title, True)
if not confirm:
print_error_msg("Database backup is not confirmed")
return 1
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg(
"No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
return 1
ensure_jdbc_driver_is_installed(args, get_ambari_properties())
print_info_msg('Upgrading database schema', True)
serverClassPath = ServerClassPath(get_ambari_properties(), args)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell(
validate_classpath=True)
set_debug_mode_from_options(args)
debug_mode = get_debug_mode()
debug_start = (debug_mode & 1) or SCHEMA_UPGRADE_DEBUG
suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
suspend_mode = 'y' if suspend_start else 'n'
command = SCHEMA_UPGRADE_HELPER_CMD_DEBUG.format(
jdk_path, class_path,
suspend_mode) if debug_start else SCHEMA_UPGRADE_HELPER_CMD.format(
jdk_path, class_path)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(args, ambari_user, current_user)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
print_info_msg(
"Return code from schema upgrade command, retcode = {0}".format(
str(retcode)), True)
if stdout:
print_info_msg("Console output from schema upgrade command:", True)
print_info_msg(stdout, True)
print
if retcode > 0:
print_error_msg(
"Error executing schema upgrade, please check the server logs.")
if stderr:
print_error_msg("Error output from schema upgrade command:")
print_error_msg(stderr)
print
else:
print_info_msg('Schema upgrade completed', True)
return retcode
def check_gpl_license_approved(upgrade_response):
if 'lzo_enabled' not in upgrade_response or upgrade_response[
'lzo_enabled'].lower() != "true":
return
while not write_gpl_license_accepted() and not get_YN_input(
INSALLED_LZO_WITHOUT_GPL_TEXT, False):
pass
def setup_component_https(component, command, property, alias):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"tbds-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
use_https = properties.get_property(property) in ['true']
if use_https:
if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
properties.process_pair(property, "false")
else:
return
else:
if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to " + component + " Certificate: ", \
"Certificate not found")
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
properties.process_pair(property, "true")
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'tbds-server " + command + "' command")
else:
print command + " is not enabled in silent mode."
def validate_purge(options,
purge_list,
mpack_dir,
mpack_metadata,
replay_mode=False):
"""
Validate purge options
:param purge_list: List of resources to purge
:param mpack_metadata: Management pack metadata
:param replay_mode: Flag to indicate if purging in replay mode
"""
# Get ambari mpacks config properties
stack_location, extension_location, service_definitions_location, mpacks_staging_location = get_mpack_properties(
)
if not purge_list:
return
if STACK_DEFINITIONS_RESOURCE_NAME in purge_list:
mpack_stacks = []
for artifact in mpack_metadata.artifacts:
if artifact.type == STACK_DEFINITIONS_ARTIFACT_NAME:
artifact_source_dir = os.path.join(mpack_dir,
artifact.source_dir)
for file in sorted(os.listdir(artifact_source_dir)):
if os.path.isdir(os.path.join(artifact_source_dir, file)):
stack_name = file
mpack_stacks.append(stack_name)
if not mpack_stacks:
# Don't purge stacks accidentally when installing add-on mpacks
err = "The management pack you are attempting to install does not contain {0}. Since this management pack " \
"does not contain a stack, the --purge option with --purge-list={1} would cause your existing Ambari " \
"installation to be unusable. Due to that we cannot install this management pack.".format(
RESOURCE_FRIENDLY_NAMES[STACK_DEFINITIONS_RESOURCE_NAME], purge_list)
print_error_msg(err)
raise FatalException(1, err)
else:
# Valid that there are no clusters deployed with a stack that is not included in the management pack
(retcode, stdout,
stderr) = run_mpack_install_checker(options, mpack_stacks)
if retcode > 0:
print_error_msg(stderr)
raise FatalException(1, stderr)
if not replay_mode:
purge_resources = set((v)
for k, v in RESOURCE_FRIENDLY_NAMES.iteritems()
if k in purge_list)
warn_msg = "CAUTION: You have specified the --purge option with --purge-list={0}. " \
"This will replace all existing {1} currently installed.\n" \
"Are you absolutely sure you want to perform the purge [yes/no]? (no)".format(
purge_list, ", ".join(purge_resources))
okToPurge = get_YN_input(warn_msg, False)
if not okToPurge:
err = "Management pack installation cancelled by user"
raise FatalException(1, err)
def _setup_remote_db(self):
setup_msg = "Before starting Ambari Server, you must run the following DDL " \
"against the database to create the schema: {0}".format(self.init_script_file)
print_warning_msg(setup_msg)
proceed = get_YN_input("Proceed with configuring remote database connection properties [y/n] (y)? ", True)
retCode = 0 if proceed else -1
return retCode
def _setup_remote_db(self):
setup_msg = "Before starting Ambari Server, you must run the following DDL " \
"against the database to create the schema: {0}".format(self.init_script_file)
print_warning_msg(setup_msg)
proceed = get_YN_input("Proceed with configuring remote database connection properties [y/n] (y)? ", True)
retCode = 0 if proceed else -1
return retCode
def get_services_requires_sso(options, ambari_properties, admin_login, admin_password):
if not options.sso_enabled_services:
configure_for_all_services = get_YN_input("Use SSO for all services [y/n] (n): ", False)
if configure_for_all_services:
services = [WILDCARD_FOR_ALL_SERVICES]
else:
services = []
cluster_name = get_cluster_name(ambari_properties, admin_login, admin_password)
if cluster_name:
eligible_services = get_eligible_services(ambari_properties, admin_login, admin_password, cluster_name)
if eligible_services:
for service in eligible_services:
question = "Use SSO for {0} [y/n] (y): ".format(service)
if get_YN_input(question, True):
services.append(service)
else:
services = options.sso_enabled_services.upper().split(',') if options.sso_enabled_services else []
return services
def prompt_db_properties(options):
ok = False
if options.must_set_database_options:
ok = get_YN_input("Enter advanced database configuration [y/n] (n)? ", False)
print 'Configuring database...'
factory = DBMSConfigFactory()
options.must_set_database_options = ok
options.database_index = factory.select_dbms(options)
def migrate_ldap_pam(args):
properties = get_ambari_properties()
if get_value_from_properties(properties,CLIENT_SECURITY,"") != 'pam':
err = "PAM is not configured. Please configure PAM authentication first."
raise FatalException(1, err)
db_title = get_db_type(properties).title
confirm = get_YN_input("Ambari Server configured for %s. Confirm "
"you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True)
if not confirm:
print_error_msg("Database backup is not confirmed")
return 1
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
return 1
# At this point, the args does not have the ambari database information.
# Augment the args with the correct ambari database information
parse_properties_file(args)
ensure_jdbc_driver_is_installed(args, properties)
print 'Migrating LDAP Users & Groups to PAM'
serverClassPath = ServerClassPath(properties, args)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
command = LDAP_TO_PAM_MIGRATION_HELPER_CMD.format(jdk_path, class_path)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(args, ambari_user, current_user)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
print_info_msg("Return code from LDAP to PAM migration command, retcode = " + str(retcode))
if stdout:
print "Console output from LDAP to PAM migration command:"
print stdout
print
if stderr:
print "Error output from LDAP to PAM migration command:"
print stderr
print
if retcode > 0:
print_error_msg("Error executing LDAP to PAM migration, please check the server logs.")
else:
print_info_msg('LDAP to PAM migration completed')
return retcode
def populate_ambari_requires_sso(options, properties):
if options.sso_enabled_ambari is None:
enabled = get_boolean_from_dictionary(properties,
AMBARI_SSO_AUTH_ENABLED, False)
enabled = get_YN_input(
"Use SSO for Ambari [y/n] ({0})? ".format('y' if enabled else 'n'),
enabled)
else:
enabled = 'true' == options.sso_enabled_ambari
properties[AMBARI_SSO_AUTH_ENABLED] = 'true' if enabled else 'false'
def check_firewall():
firewall_obj = Firewall().getFirewallObject()
firewall_on = firewall_obj.check_firewall()
if firewall_obj.stderrdata and len(firewall_obj.stderrdata) > 0:
print firewall_obj.stderrdata
if firewall_on:
print_warning_msg("%s is running. Confirm the necessary Ambari ports are accessible. " %
firewall_obj.FIREWALL_SERVICE_NAME +
"Refer to the Ambari documentation for more details on ports.")
ok = get_YN_input("OK to continue [y/n] (y)? ", True)
if not ok:
raise FatalException(1, None)
def populate_sso_public_cert(options, properties):
if not options.sso_public_cert_file:
cert = get_value_from_dictionary(properties, SSO_CERTIFICATE)
get_cert = True if not cert else get_YN_input("The SSO provider's public certificate has already set. Do you want to change it [y/n] (n): ", False)
if get_cert:
cert_string = get_multi_line_input("Public Certificate PEM")
properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else ""
else:
cert_path = options.sso_public_cert_file
with open(cert_path) as cert_file:
cert_string = cert_file.read()
properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else ""
def setup_truststore(import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
err = "No JDK found, please run the \"ambari-server setup\" " \
"command to install a JDK automatically or install any " \
"JDK manually to " + configDefaults.JDK_INSTALL_DIR
raise FatalException(1, err)
properties = get_ambari_properties()
if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
truststore_type = get_truststore_type(properties)
truststore_path = get_truststore_path(properties)
truststore_password = get_truststore_password(properties)
if import_cert:
if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
import_cert_path = get_validated_filepath_input( \
"Enter path to certificate: ", \
"Certificate not found")
run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
else:
return
conf_file = find_properties_file()
f = open(conf_file, 'w')
properties.store(f, "Changed by 'ambari-server setup-security' command")
else:
print "setup-security is not enabled in silent mode."
def prompt_db_properties(options):
factory = DBMSConfigFactory()
if not factory.force_dbms_setup():
ok = False
if options.must_set_database_options:
ok = get_YN_input("Enter advanced database configuration [y/n] (n)? ", False)
else:
ok = True
print 'Configuring database...'
options.must_set_database_options = ok
options.database_index = factory.select_dbms(options)
def get_services_requires_sso(options, properties, admin_login,
admin_password):
if not options.sso_enabled_services:
configure_for_all_services = get_YN_input(
"Use SSO for all services [y/n] (n): ", False)
if configure_for_all_services:
services = WILDCARD_FOR_ALL_SERVICES
else:
cluster_name = get_cluster_name(properties, admin_login,
admin_password)
eligible_services = get_eligible_services(properties, admin_login,
admin_password,
cluster_name)
services = ''
for service in eligible_services:
question = "Use SSO for {0} [y/n] (y): ".format(service)
if get_YN_input(question, True):
if len(services) > 0:
services = services + ", "
services = services + service
else:
services = options.sso_enabled_services
return services
def add_new_trusted_proxy_config(properties):
tproxy_user_name = get_validated_string_input(
"The proxy user's (local) username? ",
None,
REGEX_ANYTHING,
"Invalid Trusted Proxy User Name",
False,
allowEmpty=False)
populate_tproxy_configuration_property(properties, tproxy_user_name,
PROXYUSER_HOSTS, "hosts")
populate_tproxy_configuration_property(properties, tproxy_user_name,
PROXYUSER_USERS, "users")
populate_tproxy_configuration_property(properties, tproxy_user_name,
PROXYUSER_GROUPS, "groups")
return get_YN_input("Add another proxy user [y/n] (n)? ", False)
def run_schema_upgrade(args):
db_title = get_db_type(get_ambari_properties()).title
confirm = get_YN_input("Ambari Server configured for %s. Confirm "
"you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True)
if not confirm:
print_error_msg("Database backup is not confirmed")
return 1
jdk_path = get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
return 1
ensure_jdbc_driver_is_installed(args, get_ambari_properties())
print 'Upgrading database schema'
serverClassPath = ServerClassPath(get_ambari_properties(), args)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
command = SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, class_path)
ambari_user = read_ambari_user()
current_user = ensure_can_start_under_current_user(ambari_user)
environ = generate_env(args, ambari_user, current_user)
(retcode, stdout, stderr) = run_os_command(command, env=environ)
print_info_msg("Return code from schema upgrade command, retcode = " + str(retcode))
if stdout:
print "Console output from schema upgrade command:"
print stdout
print
if stderr:
print "Error output from schema upgrade command:"
print stderr
print
if retcode > 0:
print_error_msg("Error executing schema upgrade, please check the server logs.")
else:
print_info_msg('Schema upgrade completed')
return retcode
def _reset_local_database(self):
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
# Run automatic reset only for embedded DB
okToRun = get_YN_input(
"Confirm server reset [yes/no]({0})? ".format(default),
get_silent())
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
print "Resetting the Server database..."
dbname = self.database_name
filename = self.drop_tables_script_file
username = self.database_username
password = self.database_password
command = PGConfig.SETUP_DB_CMD[:]
command[-1] = command[-1].format(filename, username, password, dbname)
drop_retcode, drop_outdata, drop_errdata = run_os_command(command)
if not drop_retcode == 0:
raise FatalException(1, drop_errdata)
if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata:
raise FatalException(
1,
"Database is in use. Please, make sure all connections to the database are closed"
)
if drop_errdata and get_verbose():
print_warning_msg(drop_errdata)
print_info_msg("About to run database setup")
retcode, outdata, errdata = self._setup_db()
if errdata and get_verbose():
print_warning_msg(errdata)
if (errdata and 'ERROR' in errdata.upper()) or (
drop_errdata and 'ERROR' in drop_errdata.upper()):
err = "Non critical error in DDL"
if not get_verbose():
err += ", use --verbose for more information"
raise NonFatalException(err)
def _reset_local_database(self):
#force reset if silent option provided
if get_silent():
default = "yes"
else:
default = "no"
# Run automatic reset only for embedded DB
okToRun = get_YN_input("Confirm server reset [yes/no]({0})? ".format(default), get_silent())
if not okToRun:
err = "Ambari Server 'reset' cancelled"
raise FatalException(1, err)
print "Resetting the Server database..."
dbname = self.database_name
filename = self.drop_tables_script_file
username = self.database_username
password = self.database_password
command = PGConfig.SETUP_DB_CMD[:]
command[-1] = command[-1].format(filename, username, password, dbname)
drop_retcode, drop_outdata, drop_errdata = run_os_command(command)
if not drop_retcode == 0:
raise FatalException(1, drop_errdata)
if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata:
raise FatalException(1, "Database is in use. Please, make sure all connections to the database are closed")
if drop_errdata and get_verbose():
print_warning_msg(drop_errdata)
print_info_msg("About to run database setup")
retcode, outdata, errdata = self._setup_db()
if errdata and get_verbose():
print_warning_msg(errdata)
if (errdata and 'ERROR' in errdata.upper()) or (drop_errdata and 'ERROR' in drop_errdata.upper()):
err = "Non critical error in DDL"
if not get_verbose():
err += ", use --verbose for more information"
raise NonFatalException(err)
def download_and_install_jdk(self, args, properties):
conf_file = properties.fileName
jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
"please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
if args.java_home:
#java_home was specified among the command-line arguments. Use it as custom JDK location.
if not validate_jdk(args.java_home):
err = "Path to java home " + args.java_home + " or java binary file does not exists"
raise FatalException(1, err)
print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts")
print_warning_msg(jcePolicyWarn)
IS_CUSTOM_JDK = True
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
java_home_var = get_JAVA_HOME()
if OS_FAMILY == OSConst.WINSRV_FAMILY:
progress_func = None
else:
progress_func = download_progress
if get_silent():
if not java_home_var:
#No java_home_var set, detect if java is already installed
if os.environ.has_key(JAVA_HOME):
args.java_home = os.environ[JAVA_HOME]
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
self.jdk_index = self.custom_jdk_number
return
else:
# For now, changing the existing JDK to make sure we use a supported one
pass
if java_home_var:
change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False)
if not change_jdk:
self._ensure_java_home_env_var_is_set(java_home_var)
self.jdk_index = self.custom_jdk_number
return
#Continue with the normal setup, taking the first listed JDK version as the default option
jdk_num = str(self.jdk_index + 1)
(self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num)
jdk_num = get_validated_string_input(
jdk_choice_prompt,
jdk_num,
jdk_valid_choices,
"Invalid number.",
False
)
self.jdk_index = int(jdk_num) - 1
if self.jdk_index == self.custom_jdk_number:
print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.")
print_warning_msg(jcePolicyWarn)
args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False)
if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)):
err = "Java home path or java binary file is unavailable. Please put correct path to java home."
raise FatalException(1, err)
print "Validating JDK on Ambari Server...done."
properties.process_pair(JAVA_HOME_PROPERTY, args.java_home)
properties.removeOldProp(JDK_NAME_PROPERTY)
properties.removeOldProp(JCE_NAME_PROPERTY)
# Make sure any previously existing JDK and JCE name properties are removed. These will
# confuse things in a Custom JDK scenario
properties.removeProp(JDK_NAME_PROPERTY)
properties.removeProp(JCE_NAME_PROPERTY)
self._ensure_java_home_env_var_is_set(args.java_home)
return
jdk_cfg = self.jdks[self.jdk_index]
resources_dir = get_resources_location(properties)
dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file))
if os.path.exists(dest_file):
print "JDK already exists, using " + dest_file
elif properties[JDK_DOWNLOAD_SUPPORTED_PROPERTY].upper() == "FALSE":
print "ERROR: Oracle JDK is not found in {1}. JDK download is not supported in this distribution. Please download Oracle JDK " \
"archive ({0}) manually from Oracle site, place it into {1} and re-run this script.".format(jdk_cfg.dest_file, dest_file)
print "NOTE: If you have already downloaded the file, please verify if the name is exactly same as {0}.".format(jdk_cfg.dest_file)
print 'Exiting...'
sys.exit(1)
else:
ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) "
"Policy Files you must accept the "
"license terms found at "
"http://www.oracle.com/technetwork/java/javase/"
"terms/license/index.html and not accepting will "
"cancel the Ambari Server setup and you must install the JDK and JCE "
"files manually.\nDo you accept the "
"Oracle Binary Code License Agreement [y/n] (y)? ", True)
if not ok:
print 'Exiting...'
sys.exit(1)
jdk_url = jdk_cfg.url
print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file, progress_func)
try:
(retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK has failed: %s\n" % str(e)
file_exists = os.path.isfile(dest_file)
if file_exists:
ok = get_YN_input("JDK found at " + dest_file + ". "
"Would you like to re-download the JDK [y/n] (y)? ", not get_silent())
if not ok:
err = "Unable to install JDK. Please remove JDK file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
else:
jdk_url = jdk_cfg.url
print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file
self._download_jdk(jdk_url, dest_file, progress_func)
print 'Successfully re-downloaded JDK distribution to ' + dest_file
try:
(retcode, out) = self._install_jdk(dest_file, jdk_cfg)
except Exception, e:
print "Installation of JDK was failed: %s\n" % str(e)
err = "Unable to install JDK. Please remove JDK, file found at " + \
dest_file + " and re-run Ambari Server setup"
raise FatalException(1, err)
def update_host_names(args, options):
services_stopped = userInput.get_YN_input("Please, confirm Ambari services are stopped [y/n] (n)? ", False)
if not services_stopped:
print 'Exiting...'
sys.exit(1)
pending_commands = userInput.get_YN_input("Please, confirm there are no pending commands on cluster [y/n] (n)? ", False)
if not pending_commands:
print 'Exiting...'
sys.exit(1)
db_backup_done = userInput.get_YN_input("Please, confirm you have made backup of the Ambari db [y/n] (n)? ", False)
if not db_backup_done:
print 'Exiting...'
sys.exit(1)
status, pid = serverUtils.is_server_runing()
if status:
raise FatalException(1, "Ambari Server should be stopped")
try:
host_mapping_file_path = args[1]
except IndexError:
#host_mapping file is mandatory
raise FatalException(1, "Invalid number of host update arguments. Probably, you forgot to add json file with "
"host changes.")
if not os.path.isfile(host_mapping_file_path):
raise FatalException(1, "Invalid file path or file doesn't exist")
if not os.access(host_mapping_file_path, os.R_OK):
raise FatalException(1, "File is not readable")
jdk_path = serverConfiguration.get_java_exe_path()
if jdk_path is None:
print_error_msg("No JDK found, please run the \"setup\" "
"command to install a JDK automatically or install any "
"JDK manually to " + configDefaults.JDK_INSTALL_DIR)
sys.exit(1)
properties = serverConfiguration.get_ambari_properties()
serverConfiguration.parse_properties_file(options)
options.database_index = LINUX_DBMS_KEYS_LIST.index(properties[JDBC_DATABASE_PROPERTY])
dbConfiguration.ensure_jdbc_driver_is_installed(options, serverConfiguration.get_ambari_properties())
serverClassPath = ServerClassPath(serverConfiguration.get_ambari_properties(), options)
class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
command = HOST_UPDATE_HELPER_CMD.format(jdk_path, class_path, host_mapping_file_path)
ambari_user = serverConfiguration.read_ambari_user()
current_user = setupSecurity.ensure_can_start_under_current_user(ambari_user)
environ = setupSecurity.generate_env(options, ambari_user, current_user)
(retcode, stdout, stderr) = os_utils.run_os_command(command, env=environ)
print_info_msg("Return code from update host names command, retcode = " + str(retcode))
if retcode > 0:
print_error_msg("Error executing update host names, please check the server logs.")
raise FatalException(1, 'Host names update failed.')
else:
print_info_msg('Host names update completed successfully')
def setup_master_key():
if not is_root():
err = 'Ambari-server setup should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
if properties == -1:
raise FatalException(1, "Failed to read properties file.")
db_windows_auth_prop = properties.get_property(JDBC_USE_INTEGRATED_AUTH_PROPERTY)
db_sql_auth = False if db_windows_auth_prop and db_windows_auth_prop.lower() == 'true' else True
db_password = properties.get_property(JDBC_PASSWORD_PROPERTY)
# Encrypt passwords cannot be called before setup
if db_sql_auth and not db_password:
print 'Please call "setup" before "encrypt-passwords". Exiting...'
return 1
# Check configuration for location of master key
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
# Read clear text DB password from file
if db_sql_auth and not is_alias_string(db_password) and os.path.isfile(db_password):
with open(db_password, 'r') as passwdfile:
db_password = passwdfile.read()
ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY)
if ldap_password:
# Read clear text LDAP password from file
if not is_alias_string(ldap_password) and os.path.isfile(ldap_password):
with open(ldap_password, 'r') as passwdfile:
ldap_password = passwdfile.read()
ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
resetKey = False
masterKey = None
if isSecure:
print "Password encryption is enabled."
resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
# For encrypting of only unencrypted passwords without resetting the key ask
# for master key if not persisted.
if isSecure and not isPersisted and not resetKey:
print "Master Key not persisted."
masterKey = get_original_master_key(properties)
pass
# Make sure both passwords are clear-text if master key is lost
if resetKey:
if not isPersisted:
print "Master Key not persisted."
masterKey = get_original_master_key(properties)
# Unable get the right master key or skipped question <enter>
if not masterKey:
print "To disable encryption, do the following:"
print "- Edit " + find_properties_file() + \
" and set " + SECURITY_IS_ENCRYPTION_ENABLED + " = " + "false."
err = "{0} is already encrypted. Please call {1} to store unencrypted" \
" password and call 'encrypt-passwords' again."
if db_sql_auth and db_password and is_alias_string(db_password):
print err.format('- Database password', "'" + SETUP_ACTION + "'")
if ldap_password and is_alias_string(ldap_password):
print err.format('- LDAP manager password', "'" + LDAP_SETUP_ACTION + "'")
if ts_password and is_alias_string(ts_password):
print err.format('TrustStore password', "'" + LDAP_SETUP_ACTION + "'")
return 1
pass
pass
pass
# Read back any encrypted passwords
if db_sql_auth and db_password and is_alias_string(db_password):
db_password = read_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, masterKey)
if ldap_password and is_alias_string(ldap_password):
ldap_password = read_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, masterKey)
if ts_password and is_alias_string(ts_password):
ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
# Read master key, if non-secure or reset is true
if resetKey or not isSecure:
masterKey = read_master_key(resetKey)
persist = get_YN_input("Do you want to persist master key. If you choose " \
"not to persist, you need to provide the Master " \
"Key while starting the ambari server as an env " \
"variable named " + SECURITY_KEY_ENV_VAR_NAME + \
" or the start will prompt for the master key."
" Persist [y/n] (y)? ", True)
if persist:
save_master_key(masterKey, get_master_key_location(properties) + os.sep +
SECURITY_MASTER_KEY_FILENAME, persist)
elif not persist and masterKeyFile:
try:
os.remove(masterKeyFile)
print_info_msg("Deleting master key file at location: " + str(
masterKeyFile))
except Exception, e:
print 'ERROR: Could not remove master key file. %s' % e
# Blow up the credential store made with previous key, if any
store_file = get_credential_store_location(properties)
if os.path.exists(store_file):
try:
os.remove(store_file)
except:
print_warning_msg("Failed to remove credential store file.")
pass
pass
def setup_ldap():
if not is_root():
err = 'Ambari-server setup-ldap should be run with ' \
'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)
ldap_property_list_opt = ["authentication.ldap.managerDn",
LDAP_MGR_PASSWORD_PROPERTY,
SSL_TRUSTSTORE_TYPE_PROPERTY,
SSL_TRUSTSTORE_PATH_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY,
SSL_TRUSTSTORE_PATH_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
ldap_property_value_map = {}
for ldap_prop in ldap_property_list_reqd:
input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
"Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
if input is not None and input != "":
ldap_property_value_map[ldap_prop.prop_name] = input
bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
mgr_password = None
# Ask for manager credentials only if bindAnonymously is false
if not anonymous:
username = get_validated_string_input("Manager DN* {0}: ".format(
get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
"Invalid characters in the input!", False, False)
ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
mgr_password = configure_ldap_password()
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
ldaps = (useSSL and useSSL.lower() == 'true')
ts_password = None
if ldaps:
truststore_default = "n"
truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
if truststore_set:
truststore_default = "y"
custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
format(truststore_default),
truststore_set)
if custom_trust_store:
ts_type = get_validated_string_input(
"TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
SSL_TRUSTSTORE_TYPE_DEFAULT,
"^(jks|jceks|pkcs12)?$", "Wrong type", False)
ts_path = None
while True:
ts_path = get_validated_string_input(
"Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
SSL_TRUSTSTORE_PATH_DEFAULT,
".*", False, False)
if os.path.exists(ts_path):
break
else:
print 'File not found.'
ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
pass
else:
properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
pass
pass
print '=' * 20
print 'Review Settings'
print '=' * 20
for property in ldap_property_list_reqd:
if property in ldap_property_value_map:
print("%s: %s" % (property, ldap_property_value_map[property]))
for property in ldap_property_list_opt:
if ldap_property_value_map.has_key(property):
if property not in ldap_property_list_passwords:
print("%s: %s" % (property, ldap_property_value_map[property]))
else:
print("%s: %s" % (property, BLIND_PASSWORD))
save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
if save_settings:
ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
if isSecure:
if mgr_password:
encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
if mgr_password != encrypted_passwd:
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
pass
if ts_password:
encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
if ts_password != encrypted_passwd:
ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
pass
pass
# Persisting values
ldap_property_value_map[IS_LDAP_CONFIGURED] = "true"
if mgr_password:
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME)
update_properties_2(properties, ldap_property_value_map)
print 'Saving...done'
return 0
