About vladislav_falfu

vladislav_falfu · ‎03-24-2017

Thanks for answers. Will try to use API. However had not found any possibility to manage cluster roles with that tool.

vladislav_falfu · ‎03-24-2017

Thanks @Jay SenSharma Ambari API is also ok. Is there a possibility to use Blueprints or ambari-server setup utility for this? Looked both but had not found proper option.

vladislav_falfu · ‎03-24-2017

Dear community, Is it possible to manage user roles not only from Ambari GUI? Blueprints? Some configs?

vladislav_falfu · ‎03-20-2017

Thanks @rnettleton. In my variant I am deploying cluster only via blueprint and no additional configuration is done via Ambari UI. It seems I should access blueprint via "blueprints/$BLUEPRINT_NAME" for blueprint validation that I have in git.

vladislav_falfu · ‎03-20-2017

Dear community, I`ve successfully imported blueprint into the cluster, but when I decided to export it back I had received totally different blueprint with some other ordering of resources, names of host groups and some other issues. That makes some problem in verification of blueprints that I have under git and ones that are actually deployed to servers. Best regards, Vladislav

vladislav_falfu · ‎02-22-2017

Dear community, Are there any news about Ambari 2.5? Was very excited by this https://community.hortonworks.com/articles/82964/getting-started-with-apache-ambari-workflow-design.html, but had not found anything about Ambari 2.5 in Hortonworks repos?

vladislav_falfu · ‎02-21-2017

for 2.4.2.0-136 several additional parameters should be considered: client.api.ssl.truststore_name=localhost.jks client.api.ssl.truststore_type=jks client.api.ssl.keys_dir=/etc/ambari-server/certs/

vladislav_falfu · ‎02-21-2017

Unfortunately the method does not work on ambari-server 2.4.2.0-136.

vladislav_falfu · ‎02-16-2017

Thanks @Artem Ervit. I had finally found a way how to make it puppet-friendly. There are two groups of parameters that should be considered. Unfortunately not all of them are described in documentation, so had to look here(https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java) and here (https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/python/ambari_server/setupSecurity.py). Also some hints can be found here https://cwiki.apache.org/confluence/display/AMBARI/Enable+HTTPS+and+LDAPS+together. 1) HTTPS itself: api.ssl=true client.api.ssl.cert_name=localhost.crt client.api.ssl.key_name=localhost.key client.api.ssl.port=8443 client.api.ssl.keystore_name=https.keystore.p12 client.api.ssl.keystore_type=pkcs12 client.api.ssl.crt_pass=hadoop client.api.ssl.cert_pass_file=localhost.pass.txt security.server.keys_dir=/etc/ambari-server/certs/ 2) trusted store: ssl.trustStore.password=hadoop ssl.trustStore.path=/etc/ambari-server/certs/localhost.truststore.jks ssl.trustStore.type=jks If the configuration is done after the ambari-server is configured, then the ambari-server should be restarted. If it is done before, then just normally run ambari-server setup. Notes: 1) No need to change trusted store if host is using some external CA. For instance, letsencrypt. It is already supported in latest versions of java. 2) Option "client.api.ssl.crt_pass" had not been working for me, but "client.api.ssl.cert_pass_file" was ok. 3) The keystore and truststore use different formats, because keytool does not support direct creation of keystore in jks format. Only via import of jks. I was more interested in setting puppet environment. However for setup without "ambari-server setup-security" call one can use following steps: mkdir /etc/ambari-server/certs cd /etc/ambari-server/certs/ export AMBARI_SERVER_HOSTNAME=localhost export AMBARI_CERT_PASS=hadoop ----- HTTPS openssl genrsa -passout pass:$AMBARI_CERT_PASS -out $AMBARI_SERVER_HOSTNAME.key 2048 openssl req -new -key $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.csr -subj "/C=IN/ST=One/L=Two/O=hwx/CN=$AMBARI_SERVER_HOSTNAME" openssl x509 -req -days 365 -in $AMBARI_SERVER_HOSTNAME.csr -signkey $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.crt openssl pkcs12 -export -in $AMBARI_SERVER_HOSTNAME.crt -inkey $AMBARI_SERVER_HOSTNAME.key -certfile $AMBARI_SERVER_HOSTNAME.crt -out $AMBARI_SERVER_HOSTNAME.keystore.p12 -password pass:$AMBARI_CERT_PASS echo "$AMBARI_CERT_PASS" > $AMBARI_SERVER_HOSTNAME.pass.txt ------ Services keytool -trustcacerts -import -file $AMBARI_SERVER_HOSTNAME.crt -alias ambari-server -keystore $AMBARI_SERVER_HOSTNAME.truststore.jks and add following lines in ambari.properties: api.ssl=true client.api.ssl.cert_name=localhost.crt client.api.ssl.key_name=localhost.key client.api.ssl.port=8443 client.api.ssl.keystore_name=localhost.keystore.p12 client.api.ssl.keystore_type=pkcs12 client.api.ssl.crt_pass=hadoop client.api.ssl.cert_pass_file=localhost.pass.txt security.server.keys_dir=/etc/ambari-server/certs/ ssl.trustStore.password=hadoop ssl.trustStore.path=/etc/ambari-server/certs/localhost.truststore.jks ssl.trustStore.type=jks

vladislav_falfu · ‎02-15-2017

Thanks @rnettleton. I`ve checked the reasons you mentioned. Everything looks correct. 1. The validation is enabled. 2. The stack definitions are also ok. Will try to make some manual verification.

Online	Offline
Last Visited	‎07-20-2018 02:22 PM

Member Since	‎03-08-2016 01:52 PM
Last Visited	‎07-20-2018 02:22 PM
Posts	84
Kudos received	12

Cloudera Community

Re: Putting data from apache nifi to OCI(Oracle cl...

Re: Error when using default java trusted store wi...

Re: puppet setup of Ambari ssl

Re: Ambari fails with strange error while deployin...

Re: Unable to connect to apache phoenix remotely u...

Re: Manage Ambari user roles

Re: Manage Ambari user roles

Manage Ambari user roles

Re: Ambari blueprints export problems

Ambari blueprints export problems

Apache Ambari 2.5

Re: puppet setup of Ambari ssl

Re: puppet setup of Ambari ssl

Re: puppet setup of Ambari ssl

Re: Blueprints dry-run/validation