Installing HDP via Ambari without having Sudo/Root privileges

awatson — Thu, 01 Oct 2015 05:36:43 GMT

I have a locked down environment where I can't have sudo/root privileges. Am I still available to install Ambari and HDP? If so, how?

I was able to create a local repo following the docs. Furthermore I have created a user called 'Ambari' to run the Ambari service as.

Re: Installing HDP via Ambari without having Sudo/Root privileges

abajwa — Thu, 01 Oct 2015 05:40:13 GMT

This link may be useful

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.1.0/bk_Ambari_Security_Guide/content/_configuring_ambari_for_non-root.html

Re: Installing HDP via Ambari without having Sudo/Root privileges

pcodding — Thu, 01 Oct 2015 06:19:34 GMT

Andrew you have to have at least sudo access to install the RPM. Same goes for Ambari Server setup. Once Ambari has been configured to run as a non-root user and the agents have been configured as well, and sudo configuration for the agents have been deployed then you won't need root access.

Re: Installing HDP via Ambari without having Sudo/Root privileges

skumpf — Thu, 01 Oct 2015 07:14:28 GMT

The ambari user must be configured for sudo access, but the required access can be restricted.

Take careful note of the ambari user's PATH (echo $PATH as ambari), you may need to change the full path of the sudo entires below (mkdir, cat, etc) as Ambari doesn't use fully qualified paths when executing commands.

Note that the Default lines need to appear after other Default lines in /etc/sudoers (easiest to just put this at the end).

# Add Sudo Rules
ambari ALL=(ALL) NOPASSWD:SETENV: /bin/su hdfs *, /usr/bin/su hdfs *, /bin/su ambari-qa *, /usr/bin/su ambari-qa *, /bin/su ranger *, /usr/bin/su ranger *, /bin/su zookeeper *, /usr/bin/su zookeeper *, /bin/su knox *, /usr/bin/su knox *, /bin/su falcon *, /usr/bin/su falcon *, /bin/su ams *, /usr/bin/su ams *, /bin/su flume *, /usr/bin/su flume *, /bin/su hbase *, /usr/bin/su hbase *, /bin/su spark *, /usr/bin/su spark *, /bin/su accumulo *, /usr/bin/su accumulo *, /bin/su hive *, /usr/bin/su hive *, /bin/su hcat *, /usr/bin/su hcat *, /bin/su kafka *, /usr/bin/su kafka *, /bin/su mapred *, /usr/bin/su mapred *, /bin/su oozie *, /usr/bin/su oozie *, /bin/su sqoop *, /usr/bin/su sqoop *, /bin/su storm *, /usr/bin/su storm *, /bin/su tez *, /usr/bin/su tez *, /bin/su atlas *, /usr/bin/su atlas *, /bin/su yarn *, /usr/bin/su yarn *, /bin/su kms *, /usr/bin/su kms *, /bin/su mysql *, /usr/bin/su mysql *, /usr/bin/yum, /usr/bin/zypper, /usr/bin/apt-get, /bin/mkdir, /usr/bin/mkdir, /usr/bin/test, /bin/ln, /usr/bin/ln, /bin/chown, /usr/bin/chown, /bin/chmod, /usr/bin/chmod, /bin/chgrp, /usr/bin/chgrp, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod, /bin/cp, /usr/bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /usr/bin/mv, /bin/sed, /usr/bin/sed, /bin/rm, /usr/bin/rm, /bin/kill, /usr/bin/kill, /bin/readlink, /usr/bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tar, /usr/bin/tee, /bin/touch, /usr/bin/touch, /usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh, /usr/lib/hadoop/bin/hadoop-daemon.sh, /usr/lib/hadoop/sbin/hadoop-daemon.sh, /sbin/chkconfig gmond off, /sbin/chkconfig gmetad off, /etc/init.d/httpd *, /sbin/service hdp-gmetad start, /sbin/service hdp-gmond start, /usr/sbin/gmond, /usr/sbin/update-rc.d ganglia-monitor *, /usr/sbin/update-rc.d gmetad *, /etc/init.d/apache2 *, /usr/sbin/service hdp-gmond *, /usr/sbin/service hdp-gmetad *, /sbin/service mysqld *, /usr/bin/python2.6 /var/lib/ambari-agent/data/tmp/validateKnoxStatus.py *, /usr/hdp/current/knox-server/bin/knoxcli.sh *, /usr/hdp/*/ranger-usersync/setup.sh, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start, /usr/hdp/*/ranger-admin/setup.sh *, /usr/hdp/*/ranger-knox-plugin/disable-knox-plugin.sh *, /usr/hdp/*/ranger-storm-plugin/disable-storm-plugin.sh *, /usr/hdp/*/ranger-hbase-plugin/disable-hbase-plugin.sh *, /usr/hdp/*/ranger-hdfs-plugin/disable-hdfs-plugin.sh *, /usr/hdp/current/ranger-admin/ranger_credential_helper.py, /usr/hdp/current/ranger-kms/ranger_credential_helper.py
Defaults exempt_group = ambari
Defaults !env_reset,env_delete-=PATH
Defaults: ambari !requiretty

You will also want to manually install Ambari Agent on all nodes and modify the agent configuration BEFORE starting Ambari Agent for the first time. Otherwise, the agent will start as root and you will need to manually fix the ownership of several directories (don't let Ambari Server install the agents via ssh). In /etc/ambari-agent/conf/ambari-agent.ini modify the run_as_user and server properties and start the agents.

Use the manual registeration option when going through the cluster install wizard.

I've used the above several times now with success.

question Re: Installing HDP via Ambari without having Sudo/Root privileges in Archives of Support Questions (Read Only)

Installing HDP via Ambari without having Sudo/Root privileges

Re: Installing HDP via Ambari without having Sudo/Root privileges

Re: Installing HDP via Ambari without having Sudo/Root privileges

Re: Installing HDP via Ambari without having Sudo/Root privileges