Support Questions

sonnyheer · ‎02-21-2017

Encrypting passwords. I'm trying to install hdp via blueprints (with kerberos). I need to call ambari-server setup-security then option #2 (pass/pass). Is there a way to script this? I'm doing this so i can pass PERSISTED for kerberos cred

sonnyheer · ‎02-22-2017

Unfortunately I'm not able to upgrade. Somewhat of a hack, but i put together an 'expect' script. In case someone else is stuck in similar situation. 🙂

#!/usr/bin/env expect

spawn ambari-server setup-security
sleep 0.5
set timeout 3

expect {

  "*Choose one of the following options:*" { send "2\r" }

  timeout

}

expect {

  -re "Please provide master key for locking the credential store:" { send "dev\r" }

  timeout

}

expect {

  -re "Re-enter master key:" { send "dev\r" }

  timeout

}

expect {

  "Do you want to persist master key.*" { send "y\r" }

}

expect eof

This is obviously not great, but does work given no other option ...

View solution in original post

sonnyheer · ‎02-21-2017

Has anyone been able to automate ambari-server commands ? e.g. ssl / encryption setup etc.

jsensharma · ‎02-22-2017

@Sonny Heer

If you are using Ambari 2.4 then you can use the automated way to setup security as mentioned in:

https://issues.apache.org/jira/browse/AMBARI-14627

Example:

ambari-server setup-security --security-option=encrypt-passwords --master-key=masterkey --master-key-persist=true

.

sonnyheer · ‎02-22-2017

Thanks for the response. we are actually stuck on 2.2.x

jsensharma · ‎02-22-2017

@Sonny Heer

Unfortunately this feature is available since Ambari 2.4 onwards. Is there any possibility for you to try upgrading to ambari 2.4 it has lots of improvements in terms of Views, also has a lots of bug fixes and new features to make things more easy. Upgrading to ambari 2.4 will be quite easy though.

jsensharma · ‎02-22-2017

@Sonny Heer

I have written a very simple article on this feature for enabling HTTPs you can refer to the same as well:

https://community.hortonworks.com/articles/84861/how-to-generate-the-ambaris-setup-security-options....

- I would suggest you to use the "ambari-server --help" to get more information about those arguments, there might be slight changes in the argument names.

sonnyheer · ‎02-22-2017

Unfortunately I'm not able to upgrade. Somewhat of a hack, but i put together an 'expect' script. In case someone else is stuck in similar situation. 🙂

#!/usr/bin/env expect

spawn ambari-server setup-security
sleep 0.5
set timeout 3

expect {

  "*Choose one of the following options:*" { send "2\r" }

  timeout

}

expect {

  -re "Please provide master key for locking the credential store:" { send "dev\r" }

  timeout

}

expect {

  -re "Re-enter master key:" { send "dev\r" }

  timeout

}

expect {

  "Do you want to persist master key.*" { send "y\r" }

}

expect eof

This is obviously not great, but does work given no other option ...

Cloudera Community

Support Questions

Automatically calling ambari setup-security #2