Skip to content

Latest commit

 

History

History
105 lines (76 loc) · 4.75 KB

README.md

File metadata and controls

105 lines (76 loc) · 4.75 KB

An Ambari Service for OpenLDAP

Ambari service for easily installing and managing OpenLDAP on HDP cluster

This can be used in conjunction with other security related Ambari services to setup security on a cluster

  • Steps on how to use Ambari services to automate the install of OpenLDAP, KDC, nslcd/SSSD on existing cluster, and then running Ambari kerberos wizard
  • Steps on how to use blueprints to deploy a cluster with OpenLDAP, KDC, nslcd/SSSD, and then run Ambari kerberos wizard

Limitations:

  • This is not an officially supported service and is not meant to be deployed in production systems. It is only meant for testing demo/purposes
  • It does not support Ambari/HDP upgrade process and will cause upgrade problems if not removed prior to upgrade

Author: Ali Bajwa

Setup

  • Download HDP 2.2 sandbox VM image (Sandbox_HDP_2.2_VMware.ova) from Hortonworks website
  • Import Sandbox_HDP_2.2_VMware.ova into VMWare and set the VM memory size to 8GB
  • Now start the VM
  • After it boots up, find the IP address of the VM and add an entry into your machines hosts file e.g.
192.168.191.241 sandbox.hortonworks.com sandbox    
  • Connect to the VM via SSH (password hadoop) and start Ambari server
ssh [email protected]
/root/start_ambari.sh
  • To download the OpenLDAP service folder, run below
VERSION=`hdp-select status hadoop-client | sed 's/hadoop-client - \([0-9]\.[0-9]\).*/\1/'`
sudo git clone https://github.com/hortonworks-gallery/ambari-openldap-service   /var/lib/ambari-server/resources/stacks/HDP/$VERSION/services/OPENLDAP-DEMO 
  • To customize the default users/groups, you can modify the base.ldif/groups.ldif/users.ldif files under /var/lib/ambari-server/resources/stacks/HDP/$VERSION/services/OPENLDAP-DEMO/package/scripts/ldifs dir.

  • Restart Ambari

sudo service ambari-server restart
  • Then you can click on 'Add Service' from the 'Actions' dropdown menu in the bottom left of the Ambari dashboard:

On bottom left -> Actions -> Add service -> check openLDAP server -> Next -> Next -> Enter password -> Next -> Deploy Image

  • On successful deployment you will see the openLDAP service as part of Ambari stack and will be able to start/stop the service from here: Image

  • When you've completed the install process, openLDAP server will appear in Ambari Image

  • You can see the parameters you configured under 'Configs' tab Image

  • One benefit to wrapping the component in Ambari service is that you can now monitor/manage this service remotely via REST API

export SERVICE=OPENLDAP
export PASSWORD=admin
export AMBARI_HOST=localhost
export CLUSTER=Sandbox

#get service status
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X GET http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE

#start service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Start $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "STARTED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE

#stop service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Stop $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "INSTALLED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE

Browse users

Remove service

  • To remove the openLDAP service:
    • Stop the service via Ambari

    • Unregister the service

export SERVICE=OPENLDAP export PASSWORD=admin export AMBARI_HOST=localhost export CLUSTER=Sandbox
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X DELETE http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE ```

  • Clear LDAP dir to reset the data in LDAP
rm -rf /var/lib/ldap/*