Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari SSO setup automation

Solved Go to solution
Highlighted

Ambari SSO setup automation

Expert Contributor

I would like to set up Ambari SSO in an automated way, but it seems the 'ambari-server setup-sso' does not support it. If I switch on the silent mode then I got a not supported error message, without silent mode it is quite hard to automate since it asks quite a few questions.

# Silent mode
$> ambari-server setup-sso --silent
Using python  /usr/bin/python
Setting up SSO authentication properties...
WARNING: setup-sso is not enabled in silent mode.
Ambari Server 'setup-sso' completed with warnings.


# Interactive mode
$> ambari-server setup-sso
Using python  /usr/bin/python
Setting up SSO authentication properties...
Do you want to configure SSO authentication [y/n] (y)?
Provider URL [URL] (http://example.com):https://somehost:8443/gw-os06/knoxsso/api/v1/websso
Public Certificate pem (empty) (empty line to finish input):
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==

Do you want to configure advanced properties [y/n] (n) ?
Ambari Server 'setup-sso' completed successfully.

Is there a simple/elegant way to automate it?

Thanks,

Attila

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ambari SSO setup automation

Explorer
$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

View solution in original post

6 REPLIES 6
Highlighted

Re: Ambari SSO setup automation

It appears the ambari-server script does not support setting option via the command line when setting up SSO.

I do not think that there is a workaround for this and the interactive mode must be used to set the SSO options.

Highlighted

Re: Ambari SSO setup automation

Explorer

@Attila Kanto , I think you can do something like that in a script:

#!/usr/bin/expect
spawn ambari-server setup-sso
expect "Some question:"
send "answer\r"

...

expect eof
Highlighted

Re: Ambari SSO setup automation

Cloudera Employee

This answer is close to @Olivér Szabó

Even if it not possible to pass arguments to the script, could be used notation as follow:

ambari-server setup-sso <<EOF

....each answer on new line....

EOF

Sample:

read a <<EOF
test out 
EOF

echo $a  
Highlighted

Re: Ambari SSO setup automation

Explorer
$ grep authentication.jwt /etc/ambari-server/conf/ambari.properties
authentication.jwt.enabled=true
authentication.jwt.providerUrl=https://somehost:8443/gw-os06/knoxsso/api/v1/websso
authentication.jwt.publicKey=/etc/ambari-server/conf/jwt-cert.pem
$ cat /etc/ambari-server/conf/jwt-cert.pem
-----BEGIN CERTIFICATE-----
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
-----END CERTIFICATE----

Adding the above to ambari.properties and creating the certificate file jwt-cert.pem has the same effect as running ambari-server setup-sso interactively.

For complete list of properties, including "advanced" ones, see https://github.com/apache/ambari/blob/release-2.6.0/ambari-server/src/main/python/ambari_server/setu...

View solution in original post

Highlighted

Re: Ambari SSO setup automation

Cloudera Employee

i would not recommend to use this hack, as the way in which feature may be configured is subject to change

Re: Ambari SSO setup automation

Expert Contributor

Thanks, for answers. I voted up all of them, since all of them are very useful, but I have accepted the answer of @Doroszlai, Attila since that is quite simple to automate from Ansible and SaltStack since both of them are providing built-in solutions for file manipulation.

Don't have an account?
Coming from Hortonworks? Activate your account here