Ambari service for easily installing and managing OpenLDAP on HDP cluster
This can be used in conjunction with other security related Ambari services to setup security on a cluster
- Steps on how to use Ambari services to automate the install of OpenLDAP, KDC, nslcd/SSSD on existing cluster, and then running Ambari kerberos wizard
- Steps on how to use blueprints to deploy a cluster with OpenLDAP, KDC, nslcd/SSSD, and then run Ambari kerberos wizard
Limitations:
- This is not an officially supported service and is not meant to be deployed in production systems. It is only meant for testing demo/purposes
- It does not support Ambari/HDP upgrade process and will cause upgrade problems if not removed prior to upgrade
Author: Ali Bajwa
- Download HDP 2.2 sandbox VM image (Sandbox_HDP_2.2_VMware.ova) from Hortonworks website
- Import Sandbox_HDP_2.2_VMware.ova into VMWare and set the VM memory size to 8GB
- Now start the VM
- After it boots up, find the IP address of the VM and add an entry into your machines hosts file e.g.
192.168.191.241 sandbox.hortonworks.com sandbox
- Connect to the VM via SSH (password hadoop) and start Ambari server
ssh root@sandbox.hortonworks.com
/root/start_ambari.sh
- To download the OpenLDAP service folder, run below
VERSION=`hdp-select status hadoop-client | sed 's/hadoop-client - \([0-9]\.[0-9]\).*/\1/'`
sudo git clone https://github.com/hortonworks-gallery/ambari-openldap-service /var/lib/ambari-server/resources/stacks/HDP/$VERSION/services/OPENLDAP-DEMO
-
To customize the default users/groups, you can modify the base.ldif/groups.ldif/users.ldif files under
/var/lib/ambari-server/resources/stacks/HDP/$VERSION/services/OPENLDAP-DEMO/package/scripts/ldifsdir. -
Restart Ambari
sudo service ambari-server restart
- Then you can click on 'Add Service' from the 'Actions' dropdown menu in the bottom left of the Ambari dashboard:
On bottom left -> Actions -> Add service -> check openLDAP server -> Next -> Next -> Enter password -> Next -> Deploy
-
On successful deployment you will see the openLDAP service as part of Ambari stack and will be able to start/stop the service from here:
-
When you've completed the install process, openLDAP server will appear in Ambari
-
You can see the parameters you configured under 'Configs' tab
-
One benefit to wrapping the component in Ambari service is that you can now monitor/manage this service remotely via REST API
export SERVICE=OPENLDAP
export PASSWORD=admin
export AMBARI_HOST=localhost
export CLUSTER=Sandbox
#get service status
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X GET http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
#start service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Start $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "STARTED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
#stop service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Stop $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "INSTALLED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
-
You can browse the groups/users in OpenLDAP using any LDAP browser like JXplorer
-
The OpenLDAP webUI login page should come up at the below link: http://sandbox.hortonworks.com/ldapadmin
-
You can also open it from within Ambari via iFrame view
- To remove the openLDAP service:
-
Stop the service via Ambari
-
Unregister the service
-
export SERVICE=OPENLDAP
export PASSWORD=admin
export AMBARI_HOST=localhost
export CLUSTER=Sandbox
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X DELETE http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
```
- Clear LDAP dir to reset the data in LDAP
rm -rf /var/lib/ldap/*