At present, after setup_cluster.sh is run, the UIDs and GIDs across the cluster are always inconsistent. This means that the solution does not work after installation and the user has to manually remediate the cluster to create UID/GID consistency, which is a lot of work and prone to error. We need to modify setup_cluster to incorporate the usage of LDAP, the script should support 3 options: - If the customer has an existing LDAP server: Via documentation, instruct the user which users and groups to create in their LDAP repository prior to running the script. Provide an option for the user to pass in the existing LDAP Server as a parameter to the setup_cluster script and the script will configure the cluster to use that LDAP Server for Identity and Authorization. The script will provide a notice to the user that it is going to do this before executing these steps. - (Default Option) If the customer has no existing LDAP server: The setup_cluster script will auto install an LDAP server on the Ambari server and auto configure the required users and groups within its LDAP repository. The script will also configure each server within the cluster to use the new LDAP server for Identity and Authorization. The script will provide a notice to the user that it is going to do this before executing these steps. - If the customer has no existing LDAP Server and DOES NOT WANT ONE installed: The script does nothing additional. We provide a UID/GID consistency check at the end of the installation and the documentation describes how to manually remediate inconsistent UID/GIDs.
new, optional "--ldap [user-list]" feature added. Default is that setup_cluster.sh does nothing related to creating the required hadoop users (mapred, yarn, hcat, hive). However, if --ldap is specified then setup_cluster will create a simple ldap/ipa server on the management node. All storage nodes and the yarn-master node will be setup as ldap/ipa clients. If <user-list> is included then those additional users will also be added.
We've decided to not automate ldap/ipa installation with the installer tool for teh Denali release. Therefore the various user related options for setup_cluster have been removed and the usage text updated.
(In reply to Jeff Vance from comment #3) > We've decided to not automate ldap/ipa installation with the installer tool > for teh Denali release. Therefore the various user related options for > setup_cluster have been removed and the usage text updated. I think, that there should not be any LDAP related file in rhs-hadoop-install package. # rpm -ql rhs-hadoop-install | grep ldap /usr/share/rhs-hadoop-install/bin/ldap_clients.sh /usr/share/rhs-hadoop-install/bin/ldap_server.sh >> ASSIGNED
We can leave this open since this bug is now simply a request to remove the old LDAP logic out of the code. I've changed the priority and severity to low to reflect that. I don't think we will fix this for Denali as there are higher priority issues and I'm loathe to introduce the risk of code changes so close to release. As such, I've removed "Denali" from the Internal Whiteboard as well.
Jeff removed the LDAP options from the setup_cluster command line and thereby removed the ability to invoke the code that handles LDAP options
all ldap/ipa related logic has been removed from the execution path of the GA installer in version 1.27 and several versions earlier.
removed the 2 ldpa related scripts from bin/ fixed in version 1.32
I have deleted all code related to creating the hadoop users. Fixed in version 1.34.
Tested with: rhs-hadoop-install-1_34-1.el6rhs.src.rpm (https://brewweb.devel.redhat.com/buildinfo?buildID=371877) Flag SETUP_LDAP is not present in setup_cluster.sh anymore. Also, parameters --deploy-ldap-srv and --ext-ldap-srv which seted up this flag are not accepted now. Files ldap_clients.sh and ldap_server.sh are deleted. All code related with unsupported ldap option is gone. There is absolutely no reference about ldap in version 1.34-1: grep -r "ldap" rhs-hadoop-install-1_34: (no result) This issue is fixed -> VERIFIED.