def do_checks(self): try: user = read_ambari_user() create_user = False update_user_setting = False if user is not None: create_user = get_YN_input(self.NR_USER_CHANGE_PROMPT.format(user), False) update_user_setting = create_user # Only if we will create another user else: # user is not configured yet update_user_setting = True # Write configuration anyway create_user = get_YN_input(self.NR_USER_CUSTOMIZE_PROMPT, False) if not create_user: user = self.NR_DEFAULT_USER if create_user: (retcode, user) = self._create_custom_user() if retcode != 0: return retcode if update_user_setting: write_property(NR_USER_PROPERTY, user) adjust_directory_permissions(user) except OSError as e: print_error_msg("Failed: %s" % str(e)) return 4 except Exception as e: print_error_msg("Unexpected error %s" % str(e)) return 1 return 0
def run_db_cleanup(options): if validate_args(options): return 1 db_title = get_db_type(get_ambari_properties()).title confirmBackup = get_YN_input("Ambari Server configured for {0}. Confirm you have made a backup of the Ambari Server database [y/n]".format( db_title), True) if not confirmBackup: print_info_msg("Ambari Server Database cleanup aborted") return 0 status, stateDesc = is_server_runing() if status: print_error_msg("The database cleanup cannot proceed while Ambari Server is running. Please shut down Ambari first.") return 1 confirm = get_YN_input( "Ambari server is using db type {0}. Cleanable database entries older than {1} will be cleaned up. Proceed [y/n]".format( db_title, options.cleanup_from_date), True) if not confirm: print_info_msg("Ambari Server Database cleanup aborted") return 0 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" command to install a JDK automatically or install any " "JDK manually to {0}".format(configDefaults.JDK_INSTALL_DIR)); return 1 ensure_jdbc_driver_is_installed(options, get_ambari_properties()) serverClassPath = ServerClassPath(get_ambari_properties(), options) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell() ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(options, ambari_user, current_user) print "Cleaning up the database ..." command = DB_CLEANUP_CMD.format(jdk_path, class_path, options.cluster_name, options.cleanup_from_date) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg("Return code from database cleanup command, retcode = " + str(retcode)) if stdout: print "Console output from database cleanup command:" print stdout print if stderr: print "Error output from database cleanup command:" print stderr print if retcode > 0: print_error_msg("Error wncountered while cleaning up the Ambari Server Database. Check the ambari-server.log for details.") else: print "Cleanup completed. Check the ambari-server.log for details." return retcode
def setup_component_https(component, command, property, alias): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() use_https = properties.get_property(property) in ['true'] if use_https: if get_YN_input( "Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False): truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_component_https_cmd( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) properties.process_pair(property, "false") else: return else: if get_YN_input( "Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_os_command( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to " + component + " Certificate: ", \ "Certificate not found") run_component_https_cmd( get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) properties.process_pair(property, "true") else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server " + command + "' command") else: print command + " is not enabled in silent mode."
def setup_https(args): if not is_root(): err = 'ambari-server setup-https should be run with ' \ 'root-level privileges' raise FatalException(4, err) args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] client_api_ssl_port_old_value = properties.get_property(SSL_API_PORT) api_ssl_old_value = properties.get_property(SSL_API) cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import=False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-https' command") if api_ssl_old_value != properties.get_property(SSL_API) \ or client_api_ssl_port_old_value != properties.get_property(SSL_API_PORT): print "Ambari server URL changed. To make use of the Tez View in Ambari " \ "please update the property tez.tez-ui.history-url.base in tez-site" ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def ensure_jdbc_driver_installed(self, properties): server_jdbc_path = properties.get_property(JDBC_DRIVER_PATH_PROPERTY) if server_jdbc_path and os.path.isfile(server_jdbc_path): return True default_driver_path = self._get_default_driver_path(properties) if default_driver_path and os.path.isfile(default_driver_path): ambari_should_use_existing_default_jdbc = get_YN_input( "Should ambari use existing default jdbc {0} [y/n] (y)? ". format(default_driver_path), True) if ambari_should_use_existing_default_jdbc: properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, default_driver_path) update_properties(properties) return True path_to_custom_jdbc_driver = get_validated_string_input( "Enter full path to custom jdbc driver: ", None, None, None, False, False) if path_to_custom_jdbc_driver and os.path.isfile( path_to_custom_jdbc_driver): try: custom_jdbc_name = os.path.basename(path_to_custom_jdbc_driver) if not path_to_custom_jdbc_driver == os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name): if os.path.isfile( os.path.join(configDefaults.JAVA_SHARE_PATH, custom_jdbc_name)): replace_jdbc_in_share_dir = get_YN_input( "You already have file {0} in /usr/share/java/. Should it be replaced? [y/n] (y)? " .format(custom_jdbc_name), True) if replace_jdbc_in_share_dir: try: os.remove( os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name)) except Exception, ee: err = 'ERROR: Could not remove jdbc file. %s' % os.path.join( configDefaults.JAVA_SHARE_PATH, custom_jdbc_name) raise FatalException(1, err) shutil.copy(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH) print "Copying {0} to {1}".format( path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH) except Exception, e: err = "Can not copy file {0} to {1} due to: {2} . Please check file " \ "permissions and free disk space.".format(path_to_custom_jdbc_driver, configDefaults.JAVA_SHARE_PATH, str(e)) raise FatalException(1, err) properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, path_to_custom_jdbc_driver) update_properties(properties) return True
def setup_https(args): if not is_root(): warn = 'ambari-server setup-https is run as ' \ 'non-root user, some sudo privileges might be required' print warn args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import = False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action( security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action( security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-https' command") ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def setup_sso(options): print_info_msg("Setup SSO.") server_status, pid = is_server_runing() if not server_status: err = 'Ambari Server is not running.' raise FatalException(1, err) if not get_silent(): validate_options(options) ambari_properties = get_ambari_properties() admin_login, admin_password = get_ambari_admin_username_password_pair(options) properties = get_sso_properties(ambari_properties, admin_login, admin_password) if not options.sso_enabled: sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None) if sso_enabled: sso_status = "enabled" if sso_enabled == "true" else "disabled" else: sso_status = "not configured" sys.stdout.write("\nSSO is currently %s\n" % sso_status) if sso_status == "enabled": enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False) else: if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True): enable_sso = True else: return False else: enable_sso = options.sso_enabled == 'true' services = None if enable_sso: populate_sso_provider_url(options, properties) populate_sso_public_cert(options, properties) populate_jwt_cookie_name(options, properties) populate_jwt_audiences(options, properties) services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password) enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services) properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false" properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false" properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else "" update_sso_conf(ambari_properties, properties, admin_login, admin_password) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def setup_truststore(options, import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() truststore_confirm = True if options.trust_store_path is not None and options.trust_store_path else False truststore_reconfigure = True if options.trust_store_reconfigure is not None else False if truststore_confirm or get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): #Re-configuration enabled only for option "Setup truststore" if not import_cert and properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)\ and (truststore_reconfigure or get_YN_input( "The truststore is already configured. Do you want to re-configure " "the truststore [y/n] (y)? ", True)): properties.removeProp(SSL_TRUSTSTORE_TYPE_PROPERTY) properties.removeProp(SSL_TRUSTSTORE_PATH_PROPERTY) properties.removeProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY) truststore_type = get_and_persist_truststore_type(properties, options) truststore_path = get_and_persist_truststore_path(properties, options) truststore_password = get_and_persist_truststore_password(properties, options) if import_cert: import_cert_confirm = True if options.import_cert_path is not None else get_YN_input("Do you want to import a certificate [y/n] (y)? ", True) if import_cert_confirm: aliasOption = options.import_cert_alias if options.import_cert_alias is not None and options.import_cert_alias else None alias = aliasOption if aliasOption is not None \ else get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input("Enter path to certificate: ", "Certificate not found", answer=options.import_cert_path) run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def setup_truststore(import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) if import_cert: if get_YN_input( "Do you want to import a certificate [y/n] (y)? ", True): alias = get_validated_string_input( "Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command( get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to certificate: ", \ "Certificate not found") run_component_https_cmd( get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def setup_https(args): if not is_root(): err = 'tbds-server setup-https should be run with ' \ 'root-level privileges' raise FatalException(4, err) args.exit_message = None if not get_silent(): properties = get_ambari_properties() try: security_server_keys_dir = properties.get_property(SSL_KEY_DIR) client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \ else properties.get_property(SSL_API_PORT) api_ssl = properties.get_property(SSL_API) in ['true'] cert_was_imported = False cert_must_import = True if api_ssl: if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False): properties.process_pair(SSL_API, "false") cert_must_import=False else: properties.process_pair(SSL_API_PORT, \ get_validated_string_input( \ "SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), \ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True): properties.process_pair(SSL_API_PORT, \ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port)) cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties) else: return False if cert_must_import and not cert_was_imported: print 'Setup of HTTPS failed. Exiting.' return False conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'tbds-server setup-https' command") ambari_user = read_ambari_user() if ambari_user: adjust_directory_permissions(ambari_user) return True except (KeyError), e: err = 'Property ' + str(e) + ' is not defined' raise FatalException(1, err)
def check_gpl_license_approved(upgrade_response): if 'lzo_enabled' not in upgrade_response or upgrade_response['lzo_enabled'].lower() != "true": set_property(GPL_LICENSE_ACCEPTED_PROPERTY, "false", rewrite=False) return while not write_gpl_license_accepted(text = LZO_ENABLED_GPL_TEXT) and not get_YN_input(INSTALLED_LZO_WITHOUT_GPL_TEXT, False): pass
def setup_pam(): if not is_root(): err = 'Ambari-server setup-pam should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() if get_value_from_properties(properties, CLIENT_SECURITY_KEY, "") == 'ldap': err = "LDAP is configured. Can not setup PAM." raise FatalException(1, err) pam_property_value_map = {} pam_property_value_map[CLIENT_SECURITY_KEY] = 'pam' pamConfig = get_validated_string_input("Enter PAM configuration file: ", PAM_CONFIG_FILE, REGEX_ANYTHING, "Invalid characters in the input!", False, False) pam_property_value_map[PAM_CONFIG_FILE] = pamConfig if get_YN_input( "Do you want to allow automatic group creation [y/n] (y)? ", True): pam_property_value_map[AUTO_GROUP_CREATION] = 'true' else: pam_property_value_map[AUTO_GROUP_CREATION] = 'false' update_properties_2(properties, pam_property_value_map) print 'Saving...done' return 0
def run_schema_upgrade(): db_title = get_db_type(get_ambari_properties()).title confirm = get_YN_input("Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 print 'Upgrading database schema' command = SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, get_full_ambari_classpath()) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg("Return code from schema upgrade command, retcode = " + str(retcode)) if retcode > 0: print_error_msg("Error executing schema upgrade, please check the server logs.") else: print_info_msg('Schema upgrade completed') return retcode
def do_checks(self): try: user = read_ambari_user() if not user: user = self.NR_DEFAULT_USER if self.user is not None: #Command-line parameter is the default update_user_setting = True prompt_msg = self.NR_USER_CUSTOMIZE_PROMPT.format('y') else: update_user_setting = False if user != self.NR_DEFAULT_USER: prompt_msg = self.NR_USER_CHANGE_PROMPT.format(user, 'n') else: prompt_msg = self.NR_USER_CUSTOMIZE_PROMPT.format('n') self.user = user if user else self.NR_DEFAULT_USER self.register_service = get_YN_input(prompt_msg, update_user_setting) if self.register_service: retcode = self._create_custom_user() if retcode != 0: return retcode adjust_directory_permissions(self.user) except OSError as e: print_error_msg("Failed: %s" % str(e)) return 4 except Exception as e: print_error_msg("Unexpected error %s" % str(e)) return 1 return 0
def reset(options): if not is_root(): err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT raise FatalException(4, err) status, stateDesc = is_server_runing() if status: err = 'Ambari-server must be stopped to reset' raise FatalException(1, err) #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" choice = get_YN_input("**** WARNING **** You are about to reset and clear the " "Ambari Server database. This will remove all cluster " "host and configuration information from the database. " "You will be required to re-configure the Ambari server " "and re-run the cluster wizard. \n" "Are you SURE you want to perform the reset " "[yes/no] ({0})? ".format(default), get_silent()) okToRun = choice if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) _reset_database(options) pass
def check_selinux(): try: retcode, out, err = run_os_command(GET_SE_LINUX_ST_CMD) se_status = re.search('(disabled|enabled)', out).group(0) print "SELinux status is '" + se_status + "'" if se_status == SE_STATUS_DISABLED: return 0 else: try: se_mode = re.search('(enforcing|permissive)', out).group(0) except AttributeError: err = "Error determining SELinux mode. Exiting." raise FatalException(1, err) print "SELinux mode is '" + se_mode + "'" if se_mode == SE_MODE_ENFORCING: print "Temporarily disabling SELinux" run_os_command(SE_SETENFORCE_CMD) print_warning_msg( "SELinux is set to 'permissive' mode and temporarily disabled.") ok = get_YN_input("OK to continue [y/n] (y)? ", True) if not ok: raise FatalException(1, None) return 0 except OSError: print_warning_msg("Could not run {0}: OK".format(GET_SE_LINUX_ST_CMD)) return 0
def setup_kerberos(options): logger.info("Setting up Kerberos authentication...") if not is_root(): err = "ambari-server setup-kerberos should be run with root-level privileges" raise FatalException(4, err) properties = get_ambari_properties() kerberos_property_list_required = init_kerberos_properties_list( properties, options) kerberos_property_value_map = {} for kerberos_property in kerberos_property_list_required: input = get_validated_string_input( kerberos_property.kerberos_prop_val_prompt, kerberos_property.kerberos_prop_name, kerberos_property.prompt_regex, "Invalid characters in the input!", False, kerberos_property.allow_empty_prompt) if input is not None and input != "": kerberos_property_value_map[kerberos_property.prop_name] = input print "Properties to be updated / written into ambari properties:" pp = pprint.PrettyPrinter() pp.pprint(kerberos_property_value_map) save = get_YN_input("Save settings [y/n] (y)? ", True) if save: update_properties_2(properties, kerberos_property_value_map) print "Kerberos authentication settings successfully saved. Please restart the server in order for the new settings to take effect." else: print "Kerberos authentication settings aborted." return 0
def setup_sso(options): logger.info("Setup SSO.") if not is_root(): raise FatalException( 4, 'ambari-server setup-sso should be run with root-level privileges') if not get_silent(): validateOptions(options) properties = get_ambari_properties() must_setup_params = False if not options.sso_enabled: sso_enabled = properties.get_property( JWT_AUTH_ENBABLED).lower() in ['true'] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False else: properties.process_pair(JWT_AUTH_ENBABLED, options.sso_enabled) must_setup_params = options.sso_enabled == 'true' if must_setup_params: populateSsoProviderUrl(options, properties) populateSsoPublicCert(options, properties) populateJwtCookieName(options, properties) populateJwtAudiences(options, properties) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass
def run_schema_upgrade(args): db_title = get_db_type(get_ambari_properties()).title confirm = get_YN_input( "Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg( "No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 ensure_jdbc_driver_is_installed(args, get_ambari_properties()) print_info_msg('Upgrading database schema', True) serverClassPath = ServerClassPath(get_ambari_properties(), args) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell( validate_classpath=True) set_debug_mode_from_options(args) debug_mode = get_debug_mode() debug_start = (debug_mode & 1) or SCHEMA_UPGRADE_DEBUG suspend_start = (debug_mode & 2) or SUSPEND_START_MODE suspend_mode = 'y' if suspend_start else 'n' command = SCHEMA_UPGRADE_HELPER_CMD_DEBUG.format( jdk_path, class_path, suspend_mode) if debug_start else SCHEMA_UPGRADE_HELPER_CMD.format( jdk_path, class_path) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(args, ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg( "Return code from schema upgrade command, retcode = {0}".format( str(retcode)), True) if stdout: print_info_msg("Console output from schema upgrade command:", True) print_info_msg(stdout, True) print if retcode > 0: print_error_msg( "Error executing schema upgrade, please check the server logs.") if stderr: print_error_msg("Error output from schema upgrade command:") print_error_msg(stderr) print else: print_info_msg('Schema upgrade completed', True) return retcode
def check_gpl_license_approved(upgrade_response): if 'lzo_enabled' not in upgrade_response or upgrade_response[ 'lzo_enabled'].lower() != "true": return while not write_gpl_license_accepted() and not get_YN_input( INSALLED_LZO_WITHOUT_GPL_TEXT, False): pass
def setup_component_https(component, command, property, alias): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"tbds-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() use_https = properties.get_property(property) in ['true'] if use_https: if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False): truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) properties.process_pair(property, "false") else: return else: if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to " + component + " Certificate: ", \ "Certificate not found") run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) properties.process_pair(property, "true") else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'tbds-server " + command + "' command") else: print command + " is not enabled in silent mode."
def validate_purge(options, purge_list, mpack_dir, mpack_metadata, replay_mode=False): """ Validate purge options :param purge_list: List of resources to purge :param mpack_metadata: Management pack metadata :param replay_mode: Flag to indicate if purging in replay mode """ # Get ambari mpacks config properties stack_location, extension_location, service_definitions_location, mpacks_staging_location = get_mpack_properties( ) if not purge_list: return if STACK_DEFINITIONS_RESOURCE_NAME in purge_list: mpack_stacks = [] for artifact in mpack_metadata.artifacts: if artifact.type == STACK_DEFINITIONS_ARTIFACT_NAME: artifact_source_dir = os.path.join(mpack_dir, artifact.source_dir) for file in sorted(os.listdir(artifact_source_dir)): if os.path.isdir(os.path.join(artifact_source_dir, file)): stack_name = file mpack_stacks.append(stack_name) if not mpack_stacks: # Don't purge stacks accidentally when installing add-on mpacks err = "The management pack you are attempting to install does not contain {0}. Since this management pack " \ "does not contain a stack, the --purge option with --purge-list={1} would cause your existing Ambari " \ "installation to be unusable. Due to that we cannot install this management pack.".format( RESOURCE_FRIENDLY_NAMES[STACK_DEFINITIONS_RESOURCE_NAME], purge_list) print_error_msg(err) raise FatalException(1, err) else: # Valid that there are no clusters deployed with a stack that is not included in the management pack (retcode, stdout, stderr) = run_mpack_install_checker(options, mpack_stacks) if retcode > 0: print_error_msg(stderr) raise FatalException(1, stderr) if not replay_mode: purge_resources = set((v) for k, v in RESOURCE_FRIENDLY_NAMES.iteritems() if k in purge_list) warn_msg = "CAUTION: You have specified the --purge option with --purge-list={0}. " \ "This will replace all existing {1} currently installed.\n" \ "Are you absolutely sure you want to perform the purge [yes/no]? (no)".format( purge_list, ", ".join(purge_resources)) okToPurge = get_YN_input(warn_msg, False) if not okToPurge: err = "Management pack installation cancelled by user" raise FatalException(1, err)
def _setup_remote_db(self): setup_msg = "Before starting Ambari Server, you must run the following DDL " \ "against the database to create the schema: {0}".format(self.init_script_file) print_warning_msg(setup_msg) proceed = get_YN_input("Proceed with configuring remote database connection properties [y/n] (y)? ", True) retCode = 0 if proceed else -1 return retCode
def get_services_requires_sso(options, ambari_properties, admin_login, admin_password): if not options.sso_enabled_services: configure_for_all_services = get_YN_input("Use SSO for all services [y/n] (n): ", False) if configure_for_all_services: services = [WILDCARD_FOR_ALL_SERVICES] else: services = [] cluster_name = get_cluster_name(ambari_properties, admin_login, admin_password) if cluster_name: eligible_services = get_eligible_services(ambari_properties, admin_login, admin_password, cluster_name) if eligible_services: for service in eligible_services: question = "Use SSO for {0} [y/n] (y): ".format(service) if get_YN_input(question, True): services.append(service) else: services = options.sso_enabled_services.upper().split(',') if options.sso_enabled_services else [] return services
def prompt_db_properties(options): ok = False if options.must_set_database_options: ok = get_YN_input("Enter advanced database configuration [y/n] (n)? ", False) print 'Configuring database...' factory = DBMSConfigFactory() options.must_set_database_options = ok options.database_index = factory.select_dbms(options)
def migrate_ldap_pam(args): properties = get_ambari_properties() if get_value_from_properties(properties,CLIENT_SECURITY,"") != 'pam': err = "PAM is not configured. Please configure PAM authentication first." raise FatalException(1, err) db_title = get_db_type(properties).title confirm = get_YN_input("Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 # At this point, the args does not have the ambari database information. # Augment the args with the correct ambari database information parse_properties_file(args) ensure_jdbc_driver_is_installed(args, properties) print 'Migrating LDAP Users & Groups to PAM' serverClassPath = ServerClassPath(properties, args) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell() command = LDAP_TO_PAM_MIGRATION_HELPER_CMD.format(jdk_path, class_path) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(args, ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg("Return code from LDAP to PAM migration command, retcode = " + str(retcode)) if stdout: print "Console output from LDAP to PAM migration command:" print stdout print if stderr: print "Error output from LDAP to PAM migration command:" print stderr print if retcode > 0: print_error_msg("Error executing LDAP to PAM migration, please check the server logs.") else: print_info_msg('LDAP to PAM migration completed') return retcode
def populate_ambari_requires_sso(options, properties): if options.sso_enabled_ambari is None: enabled = get_boolean_from_dictionary(properties, AMBARI_SSO_AUTH_ENABLED, False) enabled = get_YN_input( "Use SSO for Ambari [y/n] ({0})? ".format('y' if enabled else 'n'), enabled) else: enabled = 'true' == options.sso_enabled_ambari properties[AMBARI_SSO_AUTH_ENABLED] = 'true' if enabled else 'false'
def check_firewall(): firewall_obj = Firewall().getFirewallObject() firewall_on = firewall_obj.check_firewall() if firewall_obj.stderrdata and len(firewall_obj.stderrdata) > 0: print firewall_obj.stderrdata if firewall_on: print_warning_msg("%s is running. Confirm the necessary Ambari ports are accessible. " % firewall_obj.FIREWALL_SERVICE_NAME + "Refer to the Ambari documentation for more details on ports.") ok = get_YN_input("OK to continue [y/n] (y)? ", True) if not ok: raise FatalException(1, None)
def populate_sso_public_cert(options, properties): if not options.sso_public_cert_file: cert = get_value_from_dictionary(properties, SSO_CERTIFICATE) get_cert = True if not cert else get_YN_input("The SSO provider's public certificate has already set. Do you want to change it [y/n] (n): ", False) if get_cert: cert_string = get_multi_line_input("Public Certificate PEM") properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else "" else: cert_path = options.sso_public_cert_file with open(cert_path) as cert_file: cert_string = cert_file.read() properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else ""
def setup_truststore(import_cert=False): if not get_silent(): jdk_path = find_jdk() if jdk_path is None: err = "No JDK found, please run the \"ambari-server setup\" " \ "command to install a JDK automatically or install any " \ "JDK manually to " + configDefaults.JDK_INSTALL_DIR raise FatalException(1, err) properties = get_ambari_properties() if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True): truststore_type = get_truststore_type(properties) truststore_path = get_truststore_path(properties) truststore_password = get_truststore_password(properties) if import_cert: if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True): alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False) run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password)) import_cert_path = get_validated_filepath_input( \ "Enter path to certificate: ", \ "Certificate not found") run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password)) else: return conf_file = find_properties_file() f = open(conf_file, 'w') properties.store(f, "Changed by 'ambari-server setup-security' command") else: print "setup-security is not enabled in silent mode."
def prompt_db_properties(options): factory = DBMSConfigFactory() if not factory.force_dbms_setup(): ok = False if options.must_set_database_options: ok = get_YN_input("Enter advanced database configuration [y/n] (n)? ", False) else: ok = True print 'Configuring database...' options.must_set_database_options = ok options.database_index = factory.select_dbms(options)
def get_services_requires_sso(options, properties, admin_login, admin_password): if not options.sso_enabled_services: configure_for_all_services = get_YN_input( "Use SSO for all services [y/n] (n): ", False) if configure_for_all_services: services = WILDCARD_FOR_ALL_SERVICES else: cluster_name = get_cluster_name(properties, admin_login, admin_password) eligible_services = get_eligible_services(properties, admin_login, admin_password, cluster_name) services = '' for service in eligible_services: question = "Use SSO for {0} [y/n] (y): ".format(service) if get_YN_input(question, True): if len(services) > 0: services = services + ", " services = services + service else: services = options.sso_enabled_services return services
def add_new_trusted_proxy_config(properties): tproxy_user_name = get_validated_string_input( "The proxy user's (local) username? ", None, REGEX_ANYTHING, "Invalid Trusted Proxy User Name", False, allowEmpty=False) populate_tproxy_configuration_property(properties, tproxy_user_name, PROXYUSER_HOSTS, "hosts") populate_tproxy_configuration_property(properties, tproxy_user_name, PROXYUSER_USERS, "users") populate_tproxy_configuration_property(properties, tproxy_user_name, PROXYUSER_GROUPS, "groups") return get_YN_input("Add another proxy user [y/n] (n)? ", False)
def run_schema_upgrade(args): db_title = get_db_type(get_ambari_properties()).title confirm = get_YN_input("Ambari Server configured for %s. Confirm " "you have made a backup of the Ambari Server database [y/n] (y)? " % db_title, True) if not confirm: print_error_msg("Database backup is not confirmed") return 1 jdk_path = get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) return 1 ensure_jdbc_driver_is_installed(args, get_ambari_properties()) print 'Upgrading database schema' serverClassPath = ServerClassPath(get_ambari_properties(), args) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell() command = SCHEMA_UPGRADE_HELPER_CMD.format(jdk_path, class_path) ambari_user = read_ambari_user() current_user = ensure_can_start_under_current_user(ambari_user) environ = generate_env(args, ambari_user, current_user) (retcode, stdout, stderr) = run_os_command(command, env=environ) print_info_msg("Return code from schema upgrade command, retcode = " + str(retcode)) if stdout: print "Console output from schema upgrade command:" print stdout print if stderr: print "Error output from schema upgrade command:" print stderr print if retcode > 0: print_error_msg("Error executing schema upgrade, please check the server logs.") else: print_info_msg('Schema upgrade completed') return retcode
def _reset_local_database(self): #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" # Run automatic reset only for embedded DB okToRun = get_YN_input( "Confirm server reset [yes/no]({0})? ".format(default), get_silent()) if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) print "Resetting the Server database..." dbname = self.database_name filename = self.drop_tables_script_file username = self.database_username password = self.database_password command = PGConfig.SETUP_DB_CMD[:] command[-1] = command[-1].format(filename, username, password, dbname) drop_retcode, drop_outdata, drop_errdata = run_os_command(command) if not drop_retcode == 0: raise FatalException(1, drop_errdata) if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata: raise FatalException( 1, "Database is in use. Please, make sure all connections to the database are closed" ) if drop_errdata and get_verbose(): print_warning_msg(drop_errdata) print_info_msg("About to run database setup") retcode, outdata, errdata = self._setup_db() if errdata and get_verbose(): print_warning_msg(errdata) if (errdata and 'ERROR' in errdata.upper()) or ( drop_errdata and 'ERROR' in drop_errdata.upper()): err = "Non critical error in DDL" if not get_verbose(): err += ", use --verbose for more information" raise NonFatalException(err)
def _reset_local_database(self): #force reset if silent option provided if get_silent(): default = "yes" else: default = "no" # Run automatic reset only for embedded DB okToRun = get_YN_input("Confirm server reset [yes/no]({0})? ".format(default), get_silent()) if not okToRun: err = "Ambari Server 'reset' cancelled" raise FatalException(1, err) print "Resetting the Server database..." dbname = self.database_name filename = self.drop_tables_script_file username = self.database_username password = self.database_password command = PGConfig.SETUP_DB_CMD[:] command[-1] = command[-1].format(filename, username, password, dbname) drop_retcode, drop_outdata, drop_errdata = run_os_command(command) if not drop_retcode == 0: raise FatalException(1, drop_errdata) if drop_errdata and PGConfig.PG_ERROR_BLOCKED in drop_errdata: raise FatalException(1, "Database is in use. Please, make sure all connections to the database are closed") if drop_errdata and get_verbose(): print_warning_msg(drop_errdata) print_info_msg("About to run database setup") retcode, outdata, errdata = self._setup_db() if errdata and get_verbose(): print_warning_msg(errdata) if (errdata and 'ERROR' in errdata.upper()) or (drop_errdata and 'ERROR' in drop_errdata.upper()): err = "Non critical error in DDL" if not get_verbose(): err += ", use --verbose for more information" raise NonFatalException(err)
def download_and_install_jdk(self, args, properties): conf_file = properties.fileName jcePolicyWarn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts." if args.java_home: #java_home was specified among the command-line arguments. Use it as custom JDK location. if not validate_jdk(args.java_home): err = "Path to java home " + args.java_home + " or java binary file does not exists" raise FatalException(1, err) print_warning_msg("JAVA_HOME " + args.java_home + " must be valid on ALL hosts") print_warning_msg(jcePolicyWarn) IS_CUSTOM_JDK = True properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return java_home_var = get_JAVA_HOME() if OS_FAMILY == OSConst.WINSRV_FAMILY: progress_func = None else: progress_func = download_progress if get_silent(): if not java_home_var: #No java_home_var set, detect if java is already installed if os.environ.has_key(JAVA_HOME): args.java_home = os.environ[JAVA_HOME] properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) self.jdk_index = self.custom_jdk_number return else: # For now, changing the existing JDK to make sure we use a supported one pass if java_home_var: change_jdk = get_YN_input("Do you want to change Oracle JDK [y/n] (n)? ", False) if not change_jdk: self._ensure_java_home_env_var_is_set(java_home_var) self.jdk_index = self.custom_jdk_number return #Continue with the normal setup, taking the first listed JDK version as the default option jdk_num = str(self.jdk_index + 1) (self.jdks, jdk_choice_prompt, jdk_valid_choices, self.custom_jdk_number) = self._populate_jdk_configs(properties, jdk_num) jdk_num = get_validated_string_input( jdk_choice_prompt, jdk_num, jdk_valid_choices, "Invalid number.", False ) self.jdk_index = int(jdk_num) - 1 if self.jdk_index == self.custom_jdk_number: print_warning_msg("JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.") print_warning_msg(jcePolicyWarn) args.java_home = get_validated_string_input("Path to JAVA_HOME: ", None, None, None, False, False) if not os.path.exists(args.java_home) or not os.path.isfile(os.path.join(args.java_home, "bin", self.JAVA_BIN)): err = "Java home path or java binary file is unavailable. Please put correct path to java home." raise FatalException(1, err) print "Validating JDK on Ambari Server...done." properties.process_pair(JAVA_HOME_PROPERTY, args.java_home) properties.removeOldProp(JDK_NAME_PROPERTY) properties.removeOldProp(JCE_NAME_PROPERTY) # Make sure any previously existing JDK and JCE name properties are removed. These will # confuse things in a Custom JDK scenario properties.removeProp(JDK_NAME_PROPERTY) properties.removeProp(JCE_NAME_PROPERTY) self._ensure_java_home_env_var_is_set(args.java_home) return jdk_cfg = self.jdks[self.jdk_index] resources_dir = get_resources_location(properties) dest_file = os.path.abspath(os.path.join(resources_dir, jdk_cfg.dest_file)) if os.path.exists(dest_file): print "JDK already exists, using " + dest_file elif properties[JDK_DOWNLOAD_SUPPORTED_PROPERTY].upper() == "FALSE": print "ERROR: Oracle JDK is not found in {1}. JDK download is not supported in this distribution. Please download Oracle JDK " \ "archive ({0}) manually from Oracle site, place it into {1} and re-run this script.".format(jdk_cfg.dest_file, dest_file) print "NOTE: If you have already downloaded the file, please verify if the name is exactly same as {0}.".format(jdk_cfg.dest_file) print 'Exiting...' sys.exit(1) else: ok = get_YN_input("To download the Oracle JDK and the Java Cryptography Extension (JCE) " "Policy Files you must accept the " "license terms found at " "http://www.oracle.com/technetwork/java/javase/" "terms/license/index.html and not accepting will " "cancel the Ambari Server setup and you must install the JDK and JCE " "files manually.\nDo you accept the " "Oracle Binary Code License Agreement [y/n] (y)? ", True) if not ok: print 'Exiting...' sys.exit(1) jdk_url = jdk_cfg.url print 'Downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file, progress_func) try: (retcode, out, java_home_dir) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK has failed: %s\n" % str(e) file_exists = os.path.isfile(dest_file) if file_exists: ok = get_YN_input("JDK found at " + dest_file + ". " "Would you like to re-download the JDK [y/n] (y)? ", not get_silent()) if not ok: err = "Unable to install JDK. Please remove JDK file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err) else: jdk_url = jdk_cfg.url print 'Re-downloading JDK from ' + jdk_url + ' to ' + dest_file self._download_jdk(jdk_url, dest_file, progress_func) print 'Successfully re-downloaded JDK distribution to ' + dest_file try: (retcode, out) = self._install_jdk(dest_file, jdk_cfg) except Exception, e: print "Installation of JDK was failed: %s\n" % str(e) err = "Unable to install JDK. Please remove JDK, file found at " + \ dest_file + " and re-run Ambari Server setup" raise FatalException(1, err)
def update_host_names(args, options): services_stopped = userInput.get_YN_input("Please, confirm Ambari services are stopped [y/n] (n)? ", False) if not services_stopped: print 'Exiting...' sys.exit(1) pending_commands = userInput.get_YN_input("Please, confirm there are no pending commands on cluster [y/n] (n)? ", False) if not pending_commands: print 'Exiting...' sys.exit(1) db_backup_done = userInput.get_YN_input("Please, confirm you have made backup of the Ambari db [y/n] (n)? ", False) if not db_backup_done: print 'Exiting...' sys.exit(1) status, pid = serverUtils.is_server_runing() if status: raise FatalException(1, "Ambari Server should be stopped") try: host_mapping_file_path = args[1] except IndexError: #host_mapping file is mandatory raise FatalException(1, "Invalid number of host update arguments. Probably, you forgot to add json file with " "host changes.") if not os.path.isfile(host_mapping_file_path): raise FatalException(1, "Invalid file path or file doesn't exist") if not os.access(host_mapping_file_path, os.R_OK): raise FatalException(1, "File is not readable") jdk_path = serverConfiguration.get_java_exe_path() if jdk_path is None: print_error_msg("No JDK found, please run the \"setup\" " "command to install a JDK automatically or install any " "JDK manually to " + configDefaults.JDK_INSTALL_DIR) sys.exit(1) properties = serverConfiguration.get_ambari_properties() serverConfiguration.parse_properties_file(options) options.database_index = LINUX_DBMS_KEYS_LIST.index(properties[JDBC_DATABASE_PROPERTY]) dbConfiguration.ensure_jdbc_driver_is_installed(options, serverConfiguration.get_ambari_properties()) serverClassPath = ServerClassPath(serverConfiguration.get_ambari_properties(), options) class_path = serverClassPath.get_full_ambari_classpath_escaped_for_shell() command = HOST_UPDATE_HELPER_CMD.format(jdk_path, class_path, host_mapping_file_path) ambari_user = serverConfiguration.read_ambari_user() current_user = setupSecurity.ensure_can_start_under_current_user(ambari_user) environ = setupSecurity.generate_env(options, ambari_user, current_user) (retcode, stdout, stderr) = os_utils.run_os_command(command, env=environ) print_info_msg("Return code from update host names command, retcode = " + str(retcode)) if retcode > 0: print_error_msg("Error executing update host names, please check the server logs.") raise FatalException(1, 'Host names update failed.') else: print_info_msg('Host names update completed successfully')
def setup_master_key(): if not is_root(): err = 'Ambari-server setup should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() if properties == -1: raise FatalException(1, "Failed to read properties file.") db_windows_auth_prop = properties.get_property(JDBC_USE_INTEGRATED_AUTH_PROPERTY) db_sql_auth = False if db_windows_auth_prop and db_windows_auth_prop.lower() == 'true' else True db_password = properties.get_property(JDBC_PASSWORD_PROPERTY) # Encrypt passwords cannot be called before setup if db_sql_auth and not db_password: print 'Please call "setup" before "encrypt-passwords". Exiting...' return 1 # Check configuration for location of master key isSecure = get_is_secure(properties) (isPersisted, masterKeyFile) = get_is_persisted(properties) # Read clear text DB password from file if db_sql_auth and not is_alias_string(db_password) and os.path.isfile(db_password): with open(db_password, 'r') as passwdfile: db_password = passwdfile.read() ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY) if ldap_password: # Read clear text LDAP password from file if not is_alias_string(ldap_password) and os.path.isfile(ldap_password): with open(ldap_password, 'r') as passwdfile: ldap_password = passwdfile.read() ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY) resetKey = False masterKey = None if isSecure: print "Password encryption is enabled." resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False) # For encrypting of only unencrypted passwords without resetting the key ask # for master key if not persisted. if isSecure and not isPersisted and not resetKey: print "Master Key not persisted." masterKey = get_original_master_key(properties) pass # Make sure both passwords are clear-text if master key is lost if resetKey: if not isPersisted: print "Master Key not persisted." masterKey = get_original_master_key(properties) # Unable get the right master key or skipped question <enter> if not masterKey: print "To disable encryption, do the following:" print "- Edit " + find_properties_file() + \ " and set " + SECURITY_IS_ENCRYPTION_ENABLED + " = " + "false." err = "{0} is already encrypted. Please call {1} to store unencrypted" \ " password and call 'encrypt-passwords' again." if db_sql_auth and db_password and is_alias_string(db_password): print err.format('- Database password', "'" + SETUP_ACTION + "'") if ldap_password and is_alias_string(ldap_password): print err.format('- LDAP manager password', "'" + LDAP_SETUP_ACTION + "'") if ts_password and is_alias_string(ts_password): print err.format('TrustStore password', "'" + LDAP_SETUP_ACTION + "'") return 1 pass pass pass # Read back any encrypted passwords if db_sql_auth and db_password and is_alias_string(db_password): db_password = read_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, masterKey) if ldap_password and is_alias_string(ldap_password): ldap_password = read_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, masterKey) if ts_password and is_alias_string(ts_password): ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey) # Read master key, if non-secure or reset is true if resetKey or not isSecure: masterKey = read_master_key(resetKey) persist = get_YN_input("Do you want to persist master key. If you choose " \ "not to persist, you need to provide the Master " \ "Key while starting the ambari server as an env " \ "variable named " + SECURITY_KEY_ENV_VAR_NAME + \ " or the start will prompt for the master key." " Persist [y/n] (y)? ", True) if persist: save_master_key(masterKey, get_master_key_location(properties) + os.sep + SECURITY_MASTER_KEY_FILENAME, persist) elif not persist and masterKeyFile: try: os.remove(masterKeyFile) print_info_msg("Deleting master key file at location: " + str( masterKeyFile)) except Exception, e: print 'ERROR: Could not remove master key file. %s' % e # Blow up the credential store made with previous key, if any store_file = get_credential_store_location(properties) if os.path.exists(store_file): try: os.remove(store_file) except: print_warning_msg("Failed to remove credential store file.") pass pass
def setup_ldap(): if not is_root(): err = 'Ambari-server setup-ldap should be run with ' \ 'root-level privileges' raise FatalException(4, err) properties = get_ambari_properties() isSecure = get_is_secure(properties) ldap_property_list_reqd = init_ldap_properties_list_reqd(properties) ldap_property_list_opt = ["authentication.ldap.managerDn", LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY] LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0]) SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks") SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY) ldap_property_value_map = {} for ldap_prop in ldap_property_list_reqd: input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex, "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt) if input is not None and input != "": ldap_property_value_map[ldap_prop.prop_name] = input bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"] anonymous = (bindAnonymously and bindAnonymously.lower() == 'true') mgr_password = None # Ask for manager credentials only if bindAnonymously is false if not anonymous: username = get_validated_string_input("Manager DN* {0}: ".format( get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*", "Invalid characters in the input!", False, False) ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username mgr_password = configure_ldap_password() ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password useSSL = ldap_property_value_map["authentication.ldap.useSSL"] ldaps = (useSSL and useSSL.lower() == 'true') ts_password = None if ldaps: truststore_default = "n" truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT) if truststore_set: truststore_default = "y" custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?". format(truststore_default), truststore_set) if custom_trust_store: ts_type = get_validated_string_input( "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)), SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False) ts_path = None while True: ts_path = get_validated_string_input( "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)), SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False) if os.path.exists(ts_path): break else: print 'File not found.' ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password") ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password pass else: properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY) properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY) pass pass print '=' * 20 print 'Review Settings' print '=' * 20 for property in ldap_property_list_reqd: if property in ldap_property_value_map: print("%s: %s" % (property, ldap_property_value_map[property])) for property in ldap_property_list_opt: if ldap_property_value_map.has_key(property): if property not in ldap_property_list_passwords: print("%s: %s" % (property, ldap_property_value_map[property])) else: print("%s: %s" % (property, BLIND_PASSWORD)) save_settings = get_YN_input("Save settings [y/n] (y)? ", True) if save_settings: ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap' if isSecure: if mgr_password: encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password) if mgr_password != encrypted_passwd: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd pass if ts_password: encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password) if ts_password != encrypted_passwd: ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd pass pass # Persisting values ldap_property_value_map[IS_LDAP_CONFIGURED] = "true" if mgr_password: ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME) update_properties_2(properties, ldap_property_value_map) print 'Saving...done' return 0