Member since
03-08-2016
84
Posts
12
Kudos Received
5
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2750 | 12-18-2017 07:42 PM | |
841 | 04-03-2017 01:28 PM | |
1892 | 02-16-2017 12:40 PM | |
1354 | 02-13-2017 11:58 AM | |
4059 | 01-03-2017 08:49 PM |
03-24-2017
10:04 AM
Thanks for answers. Will try to use API. However had not found any possibility to manage cluster roles with that tool.
... View more
03-24-2017
09:51 AM
Thanks @Jay SenSharma Ambari API is also ok. Is there a possibility to use Blueprints or ambari-server setup utility for this? Looked both but had not found proper option.
... View more
03-24-2017
09:32 AM
Dear community, Is it possible to manage user roles not only from Ambari GUI? Blueprints? Some configs?
... View more
Labels:
- Labels:
-
Apache Ambari
03-20-2017
05:38 PM
Thanks @rnettleton. In my variant I am deploying cluster only via blueprint and no additional configuration is done via Ambari UI. It seems I should access blueprint via "blueprints/$BLUEPRINT_NAME" for blueprint validation that I have in git.
... View more
03-20-2017
01:04 PM
Dear community, I`ve successfully imported blueprint into the cluster, but when I decided to export it back I had received totally different blueprint with some other ordering of resources, names of host groups and some other issues. That makes some problem in verification of blueprints that I have under git and ones that are actually deployed to servers. Best regards, Vladislav
... View more
Labels:
- Labels:
-
Apache Ambari
02-22-2017
08:56 PM
Dear community, Are there any news about Ambari 2.5? Was very excited by this https://community.hortonworks.com/articles/82964/getting-started-with-apache-ambari-workflow-design.html, but had not found anything about Ambari 2.5 in Hortonworks repos?
... View more
Labels:
- Labels:
-
Apache Ambari
02-21-2017
03:00 PM
1 Kudo
for 2.4.2.0-136 several additional parameters should be considered: client.api.ssl.truststore_name=localhost.jks
client.api.ssl.truststore_type=jks
client.api.ssl.keys_dir=/etc/ambari-server/certs/
... View more
02-21-2017
12:33 PM
Unfortunately the method does not work on ambari-server 2.4.2.0-136.
... View more
02-16-2017
12:40 PM
Thanks @Artem Ervit. I had finally found a way how to make it puppet-friendly. There are two groups of parameters that should be considered. Unfortunately not all of them are described in documentation, so had to look here(https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java) and here (https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/python/ambari_server/setupSecurity.py). Also some hints can be found here https://cwiki.apache.org/confluence/display/AMBARI/Enable+HTTPS+and+LDAPS+together. 1) HTTPS itself: api.ssl=true
client.api.ssl.cert_name=localhost.crt
client.api.ssl.key_name=localhost.key
client.api.ssl.port=8443
client.api.ssl.keystore_name=https.keystore.p12
client.api.ssl.keystore_type=pkcs12
client.api.ssl.crt_pass=hadoop
client.api.ssl.cert_pass_file=localhost.pass.txt
security.server.keys_dir=/etc/ambari-server/certs/
2) trusted store: ssl.trustStore.password=hadoop
ssl.trustStore.path=/etc/ambari-server/certs/localhost.truststore.jks
ssl.trustStore.type=jks
If the configuration is done after the ambari-server is configured, then the ambari-server should be restarted. If it is done before, then just normally run ambari-server setup. Notes: 1) No need to change trusted store if host is using some external CA. For instance, letsencrypt. It is already supported in latest versions of java. 2) Option "client.api.ssl.crt_pass" had not been working for me, but "client.api.ssl.cert_pass_file" was ok. 3) The keystore and truststore use different formats, because keytool does not support direct creation of keystore in jks format. Only via import of jks. I was more interested in setting puppet environment. However for setup without "ambari-server setup-security" call one can use following steps: mkdir /etc/ambari-server/certs
cd /etc/ambari-server/certs/
export AMBARI_SERVER_HOSTNAME=localhost
export AMBARI_CERT_PASS=hadoop
----- HTTPS
openssl genrsa -passout pass:$AMBARI_CERT_PASS -out $AMBARI_SERVER_HOSTNAME.key 2048
openssl req -new -key $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.csr -subj "/C=IN/ST=One/L=Two/O=hwx/CN=$AMBARI_SERVER_HOSTNAME"
openssl x509 -req -days 365 -in $AMBARI_SERVER_HOSTNAME.csr -signkey $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.crt
openssl pkcs12 -export -in $AMBARI_SERVER_HOSTNAME.crt -inkey $AMBARI_SERVER_HOSTNAME.key -certfile $AMBARI_SERVER_HOSTNAME.crt -out $AMBARI_SERVER_HOSTNAME.keystore.p12 -password pass:$AMBARI_CERT_PASS
echo "$AMBARI_CERT_PASS" > $AMBARI_SERVER_HOSTNAME.pass.txt
------ Services
keytool -trustcacerts -import -file $AMBARI_SERVER_HOSTNAME.crt -alias ambari-server -keystore $AMBARI_SERVER_HOSTNAME.truststore.jks and add following lines in ambari.properties: api.ssl=true
client.api.ssl.cert_name=localhost.crt
client.api.ssl.key_name=localhost.key
client.api.ssl.port=8443
client.api.ssl.keystore_name=localhost.keystore.p12
client.api.ssl.keystore_type=pkcs12
client.api.ssl.crt_pass=hadoop
client.api.ssl.cert_pass_file=localhost.pass.txt
security.server.keys_dir=/etc/ambari-server/certs/
ssl.trustStore.password=hadoop
ssl.trustStore.path=/etc/ambari-server/certs/localhost.truststore.jks
ssl.trustStore.type=jks
... View more
02-15-2017
07:50 PM
Thanks @rnettleton. I`ve checked the reasons you mentioned. Everything looks correct. 1. The validation is enabled. 2. The stack definitions are also ok. Will try to make some manual verification.
... View more