Support Questions

Find answers, ask questions, and share your expertise

Automatically calling ambari setup-security #2

avatar
Contributor

Encrypting passwords. I'm trying to install hdp via blueprints (with kerberos). I need to call ambari-server setup-security then option #2 (pass/pass). Is there a way to script this? I'm doing this so i can pass PERSISTED for kerberos cred

1 ACCEPTED SOLUTION

avatar
Contributor

Unfortunately I'm not able to upgrade. Somewhat of a hack, but i put together an 'expect' script. In case someone else is stuck in similar situation. 🙂

#!/usr/bin/env expect

spawn ambari-server setup-security
sleep 0.5
set timeout 3

expect {

  "*Choose one of the following options:*" { send "2\r" }

  timeout

}

expect {

  -re "Please provide master key for locking the credential store:" { send "dev\r" }

  timeout

}

expect {

  -re "Re-enter master key:" { send "dev\r" }

  timeout

}

expect {

  "Do you want to persist master key.*" { send "y\r" }

}

expect eof

This is obviously not great, but does work given no other option ...

View solution in original post

6 REPLIES 6

avatar
Contributor

Has anyone been able to automate ambari-server commands ? e.g. ssl / encryption setup etc.

avatar
Master Mentor

@Sonny Heer

If you are using Ambari 2.4 then you can use the automated way to setup security as mentioned in:

https://issues.apache.org/jira/browse/AMBARI-14627

Example:

ambari-server setup-security --security-option=encrypt-passwords --master-key=masterkey --master-key-persist=true

.

avatar
Contributor

Thanks for the response. we are actually stuck on 2.2.x

avatar
Master Mentor

@Sonny Heer

Unfortunately this feature is available since Ambari 2.4 onwards. Is there any possibility for you to try upgrading to ambari 2.4 it has lots of improvements in terms of Views, also has a lots of bug fixes and new features to make things more easy. Upgrading to ambari 2.4 will be quite easy though.

avatar
Master Mentor

@Sonny Heer

I have written a very simple article on this feature for enabling HTTPs you can refer to the same as well:

https://community.hortonworks.com/articles/84861/how-to-generate-the-ambaris-setup-security-options....

- I would suggest you to use the "ambari-server --help" to get more information about those arguments, there might be slight changes in the argument names.

avatar
Contributor

Unfortunately I'm not able to upgrade. Somewhat of a hack, but i put together an 'expect' script. In case someone else is stuck in similar situation. 🙂

#!/usr/bin/env expect

spawn ambari-server setup-security
sleep 0.5
set timeout 3

expect {

  "*Choose one of the following options:*" { send "2\r" }

  timeout

}

expect {

  -re "Please provide master key for locking the credential store:" { send "dev\r" }

  timeout

}

expect {

  -re "Re-enter master key:" { send "dev\r" }

  timeout

}

expect {

  "Do you want to persist master key.*" { send "y\r" }

}

expect eof

This is obviously not great, but does work given no other option ...