Ambari Security 开启步骤
# 一、概述
Ambari 提供了 ambari-server setup-security 作为安全能力的统一入口,主要用于:
- 配置 Ambari 服务端的 HTTPS
- 启用密码加密(Credential Store)
- 生成 Kerberos JAAS 配置
- TrustStore 配置与证书导入
不同选项适用于不同的安全场景,是否启用可根据实际需求决定。
# 二、执行 setup-security
运行安全配置入口:
ambari-server setup-security
1
执行后将出现安全菜单:
菜单内容如下:
ambari-server setup-security
Using python /usr/bin/python3
Security setup options...
===========================================================================
Choose one of the following options:
[1] Enable HTTPS for Ambari server.
[2] Encrypt passwords managed by Ambari.
[3] Setup Ambari kerberos JAAS configuration.
[4] Setup truststore.
[5] Import certificate to truststore.
===========================================================================
Enter choice, (1-5): 2
Please provide master key for locking the credential store:
Re-enter master key:
Do you want to persist master key. If you choose not to persist, you need to provide the Master Key while starting the ambari server as an env variable named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. Persist [y/n] (y)? y
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 三、示例:启用密码加密(选项 2)
选项 2 用于初始化 Credential Store,Ambari 会要求设置 Master Key:
Enter choice, (1-5): 2
Please provide master key for locking the credential store:
Re-enter master key:
1
2
3
2
3
完成确认后,可选择是否持久化 Master Key:
Persist [y/n] (y)? y
1
随后 Ambari 会更新相关配置并输出提示信息:
# 四、重启 Ambari Server
配置应用需要重启:
ambari-server restart
1