$JAVA_HOME/bin/keytool -export -alias gateway-identity -rfc -file /opt/key/cert.pem -keystore /usr/hdp/current/knox-server/data/security/keystores/gateway.jks 2 ambari-server
ambari-server setup-sso Using python /usr/bin/python Setting up SSO authentication properties... Enter Ambari Admin login: admin Enter Ambari Admin password: SSO is currently not configured Do you want to configure SSO authentication [y/n] (y)? y Provider URL (https://knox.example.com:8443/gateway/knoxsso/api/v1/websso): https://bg8.test.com.cn:8443/gateway/knoxsso/api/v1/websso Public Certificate PEM (empty line to finish input): 这里knox中cert.pem的内容都复制过来就可以 Use SSO for Ambari [y/n] (n)? y Manage SSO configurations for eligible services [y/n] (n)? y Use SSO for all services [y/n] (n)? y JWT Cookie name (hadoop-jwt): JWT audiences list (comma-separated), empty for any (): Ambari Server 'setup-sso' completed successfully. You have new mail in /var/spool/mail/root # 设置完毕后,重启一下 ambari-server restart 关闭掉setup-sso,也很简单。只是我找了半天,没人发表过类似,无意间发现的。
[root@bg2 scrpits]# ambari-server setup-sso Using python /usr/bin/python Setting up SSO authentication properties... Enter Ambari Admin login: admin Enter Ambari Admin password: SSO is currently enabled Do you want to disable SSO authentication [y/n] (n)? y Ambari Server 'setup-sso' completed successfully. cd /usr/hdp/current/knox-server/bin/ ./ldap.sh start 经过研究发现,这里的admin应该是ldap的管理员用户 sh [root@bg2 scrpits]# ambari-server setup-ldap Using python /usr/bin/python Enter Ambari Admin login: admin Enter Ambari Admin password: Fetching LDAP configuration from DB. Primary LDAP Host (bg8.test.com.cn): Primary LDAP Port (33389): Secondary LDAP Host
: Secondary LDAP Port
: Use SSL [true/false] (false): User object class (super): person User ID attribute (dengjun): uid Group object class (groupofnames): Group name attribute (super): cn Group member attribute (memberUid): member Distinguished name attribute (hadoop): cn Search Base (dc=hadoop,dc=apache,dc=org): dc=hadoop,dc=apache,dc=org Referral method [follow/ignore] (ignore): follow Bind anonymously [true/false] (false): Bind DN (uid=hello,ou=test,dc=hadoop,dc=apache,dc=org): uid=admin,ou=people,dc=hadoop,dc=apache,dc=org Enter Bind DN Password: Confirm Bind DN Password: Handling behavior for username collisions [convert/skip] for LDAP sync (convert): convert Force lower-case user names [true/false] (true):true Results from LDAP are paginated when requested [true/false] (true):false ==================== Review Settings ==================== Primary LDAP Host (bg8.test.com.cn): bg8.test.com.cn Primary LDAP Port (33389): 33389 Use SSL [true/false] (false): false User object class (super): person User ID attribute (hello): uid Group object class (groupofnames): groupofnames Group name attribute (super): cn Group member attribute (memberUid): member Distinguished name attribute (hadoop): cn Search Base (dc=hadoop,dc=apache,dc=org): dc=hadoop,dc=apache,dc=org Referral method [follow/ignore] (ignore): follow Bind anonymously [true/false] (false): false Handling behavior for username collisions [convert/skip] for LDAP sync (convert): convert Force lower-case user names [true/false] (true): true Results from LDAP are paginated when requested [true/false] (true): false ambari.ldap.connectivity.bind_dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org ambari.ldap.connectivity.bind_password: * Save settings [y/n] (y)? y Saving LDAP properties... Saving LDAP properties finished Ambari Server 'setup-ldap' completed successfully. You have new mail in /var/spool/mail/root [root@bg2 scrpits]# ambari-server restart Using python /usr/bin/python Restarting ambari-server Waiting for server stop... Ambari Server stopped Ambari Server running with administrator privileges. Organizing resource files at /var/lib/ambari-server/resources... Ambari database consistency check started... Server PID at: /var/run/ambari-server/ambari-server.pid Server out at: /appdata/home/hadoop/logs/ambari-server/ambari-server.out Server log at: /appdata/home/hadoop/logs/ambari-server/ambari-server.log Waiting for server start............................... Server started listening on 8080 DB configs consistency check found warnings. See /appdata/home/hadoop/logs/ambari-server/ambari-server-check-database.log for more details. You have new mail in /var/spool/mail/root
接着,在ldapadmin中创建用户,执行下面的命令就可以同步到ambari的数据库中,ambari的用户存在mysql,但是这个时候同步过来用户是没有权限了,故而事先需要在ambari中将groups中analyst,scientist设置对应ambari的角色,这样人同步过来了,相应的权限也就有了
# [root@bg2 scrpits]# vi users.txt hello,testuser [root@bg2 scrpits]# cat groups.txt analyst,scientist [root@bg2 scrpits]# ambari-server sync-ldap --users users.txt --groups groups.txt Using python /usr/bin/python Syncing with LDAP... Enter Ambari Admin login: admin Enter Ambari Admin password: Fetching LDAP configuration from DB. Syncing specified users and groups... Completed LDAP Sync. Summary: memberships: removed = 0 created = 3 users: skipped = 0 removed = 0 updated = 0 created = 4 groups: updated = 0 removed = 0 created = 2 Ambari Server 'sync-ldap' completed successfully 版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/203019.html原文链接:https://javaforall.net
