Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ambari SSO setup automation

Labels:
avatar
author-rank akanto author-rank
Expert Contributor

Created ‎12-05-2017 08:53 PM

I would like to set up Ambari SSO in an automated way, but it seems the 'ambari-server setup-sso' does not support it. If I switch on the silent mode then I got a not supported error message, without silent mode it is quite hard to automate since it asks quite a few questions.

# Silent mode
$> ambari-server setup-sso --silent
Using python  /usr/bin/python
Setting up SSO authentication properties...
WARNING: setup-sso is not enabled in silent mode.
Ambari Server 'setup-sso' completed with warnings.


# Interactive mode
$> ambari-server setup-sso
Using python  /usr/bin/python
Setting up SSO authentication properties...
Do you want to configure SSO authentication [y/n] (y)?
Provider URL [URL] (http://example.com):https://somehost:8443/gw-os06/knoxsso/api/v1/websso
Public Certificate pem (empty) (empty line to finish input):
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==

Do you want to configure advanced properties [y/n] (n) ?
Ambari Server 'setup-sso' completed successfully.

Is there a simple/elegant way to automate it?

Thanks,

Attila

5,674 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank adoroszlai
New Member

Created ‎12-05-2017 11:25 PM 

$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

View solution in original post

5,362 Views
6 REPLIES 6

avatar
author-rank rlevas
Guru

Created ‎12-05-2017 09:19 PM

It appears the ambari-server script does not support setting option via the command line when setting up SSO.

I do not think that there is a workaround for this and the interactive mode must be used to set the SSO options.

5,362 Views
0 Kudos

avatar
author-rank oszabo author-rank
Contributor

Created ‎12-05-2017 09:22 PM

@Attila Kanto , I think you can do something like that in a script:

#!/usr/bin/expect
spawn ambari-server setup-sso
expect "Some question:"
send "answer\r"

...

expect eof
5,362 Views

avatar
dgrinenko author-rank
Cloudera Employee

Created ‎12-05-2017 11:17 PM

This answer is close to @Olivér Szabó

Even if it not possible to pass arguments to the script, could be used notation as follow:

ambari-server setup-sso <<EOF

....each answer on new line....

EOF

Sample: 

read a <<EOF
test out 
EOF

echo $a
5,362 Views

avatar
author-rank adoroszlai
New Member

Created ‎12-05-2017 11:25 PM 

$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

5,363 Views

avatar
dgrinenko author-rank
Cloudera Employee

Created ‎12-05-2017 11:27 PM

i would not recommend to use this hack, as the way in which feature may be configured is subject to change

5,362 Views
0 Kudos

avatar
author-rank akanto author-rank
Expert Contributor

Created ‎12-07-2017 09:18 AM

Thanks, for answers. I voted up all of them, since all of them are very useful, but I have accepted the answer of @Doroszlai, Attila since that is quite simple to automate from Ansible and SaltStack since both of them are providing built-in solutions for file manipulation.

5,362 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements