Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Ambari Blueprint


Hello everyone,


Ambari = 2.7.4



We need to install Ambari (HDP stack) on our Production Environment running on Ubuntu 16.  But the production servers dont have internet access and no ports are open, hence Ambari Install Wizard (Web UI) is not accessible. We used local repository menthod to install ambari server and agents on our cluster. Now the cluster setup and service installation/start up is left which is done via Ambari Web UI installation Wizard.


Recently we came across, Ambari Blueprint that uses REST APIs for cluster deployment. However we are skeptical about the foloowing points:


1) How to specify proper custom configirations for various services ( Hive, Ranger, Kerberos, etc. ) in the json files for the blueprint approach as the propeties are not well documented over the internet.


2) Will we be able to manage the cluster like maintaining HA, Kerberos , Ranger security without their respective wizard.


3) As there wont be any alerts/ warnings as we got from Ambari WebUI, how will the proper monitoring of the production cluster be carried out at any point of time.


4) Maintaing cluster health, Log aggregation, Commission/Decommissioning of nodes, Service additon/ deletion be carried out properly.


5) Will the proper functioning as it is achieved through Ambari WebUI, be achieved through the REST APIs.


Also, is the Blueprint deployment approach  recommended for Production environment ( No-Internet access, no port open )?


Please help and thanks in advance!

@jsensharma @Shelton @nsabharwal @KuldeepK 



Master Guru


I think it's better to allow Ambari port in your firewall rules. You can install the cluster with the blueprints(not very straightforward as you will be having custom configs) however monitoring and cluster maintenance will be difficult. 


If security is a concern, you can always configure Ambari with Knox gateway or with SSL etc.