Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ambari SSO setup automation

Labels:
avatar
author-rank akanto
Expert Contributor

Created ‎12-05-2017 08:53 PM

I would like to set up Ambari SSO in an automated way, but it seems the 'ambari-server setup-sso' does not support it. If I switch on the silent mode then I got a not supported error message, without silent mode it is quite hard to automate since it asks quite a few questions.

# Silent mode
$> ambari-server setup-sso --silent
Using python  /usr/bin/python
Setting up SSO authentication properties...
WARNING: setup-sso is not enabled in silent mode.
Ambari Server 'setup-sso' completed with warnings.


# Interactive mode
$> ambari-server setup-sso
Using python  /usr/bin/python
Setting up SSO authentication properties...
Do you want to configure SSO authentication [y/n] (y)?
Provider URL [URL] (http://example.com):https://somehost:8443/gw-os06/knoxsso/api/v1/websso
Public Certificate pem (empty) (empty line to finish input):
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==

Do you want to configure advanced properties [y/n] (n) ?
Ambari Server 'setup-sso' completed successfully.

Is there a simple/elegant way to automate it?

Thanks,

Attila

3,487 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank adoroszlai
Explorer

Created ‎12-05-2017 11:25 PM 

$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

View solution in original post

3,175 Views
6 REPLIES 6

avatar
author-rank rlevas
Guru

Created ‎12-05-2017 09:19 PM

It appears the ambari-server script does not support setting option via the command line when setting up SSO.

I do not think that there is a workaround for this and the interactive mode must be used to set the SSO options.

3,175 Views
0 Kudos

avatar
author-rank oszabo author-rank
Contributor

Created ‎12-05-2017 09:22 PM

@Attila Kanto , I think you can do something like that in a script:

#!/usr/bin/expect
spawn ambari-server setup-sso
expect "Some question:"
send "answer\r"

...

expect eof
3,175 Views

avatar
dgrinenko author-rank
Cloudera Employee

Created ‎12-05-2017 11:17 PM

This answer is close to @Olivér Szabó

Even if it not possible to pass arguments to the script, could be used notation as follow:

ambari-server setup-sso <<EOF

....each answer on new line....

EOF

Sample: 

read a <<EOF
test out 
EOF

echo $a
3,175 Views

avatar
author-rank adoroszlai
Explorer

Created ‎12-05-2017 11:25 PM 

$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

3,176 Views

avatar
dgrinenko author-rank
Cloudera Employee

Created ‎12-05-2017 11:27 PM

i would not recommend to use this hack, as the way in which feature may be configured is subject to change

3,175 Views
0 Kudos

avatar
author-rank akanto
Expert Contributor

Created ‎12-07-2017 09:18 AM

Thanks, for answers. I voted up all of them, since all of them are very useful, but I have accepted the answer of @Doroszlai, Attila since that is quite simple to automate from Ansible and SaltStack since both of them are providing built-in solutions for file manipulation.

3,175 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements