Apache Ambari - What's New in 1.2.5
of 12
/12
-
Upload
hortonworks -
Category
Technology
-
view
1.039 -
download
2
Embed Size (px)
description
Transcript of Apache Ambari - What's New in 1.2.5
© Hortonworks Inc. 2013
Apache Ambari
1.2.5
August 2013
Page
© Hortonworks Inc. 2013
What’s New in Ambari 1.2.5
• Manage Kerberos Secure Cluster• Customizable Dashboard Widgets• Improved Service Controls• Expanded Host Checks• Reduced “root” requirements• Core Security Enhancements
–Setup Ambari Server HTTPS–Master Key Property Encryption–Optional Server-Agent SSL Communication–Optional Ganglia and Nagios SSL
Page 2
© Hortonworks Inc. 2013
Manage Kerberos Secured Cluster
Page 3
• Run “Security Wizard”• Download-able CSV of
necessary principals & keytabs• Applies configuration properties
and restarts Services
© Hortonworks Inc. 2013
Customizable Dashboard Widgets
Page 4
© Hortonworks Inc. 2013
Improved Service Controls
• Start All and Stop All Service Controls• Live Component Status
Page 5
© Hortonworks Inc. 2013
Expanded Host Checks
• During “cluster install” or add hosts”, more host checks and script-able report
/var/lib/ambari-agent/data/hostcheck.result
Page 6
© Hortonworks Inc. 2013
Reduced “root” requirements
• Run “Ambari Server” as root or non-root account
Page 7
AMBARISERVER
AMBARI WEB
RDBMS
root or non-root
HADOOP
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
AMBARIAGENT
HOST
Run as…
© Hortonworks Inc. 2013
Ambari Server HTTPS
Page 8
• Configure SSL for Ambari• Provide Certificate during “setup”
© Hortonworks Inc. 2013
Learn More
Page 9
Resource Location
Apache Ambari Project Page http://incubator.apache.org/ambari/
Mailing Lists http://incubator.apache.org/ambari/mail-lists.html
Ambari Wiki https://cwiki.apache.org/confluence/display/AMBARI
Ambari JIRA https://issues.apache.org/jira/browse/AMBARI
© Hortonworks Inc. 2013
AppendixTwo-Way SSL for Server-Agent Communication
Page 10
© Hortonworks Inc. 2013
Secure Server-Agent Communication
Page 11
Ambari Server Ambari Agent
11) Agent Heartbeat Begins
1) Connect on Handshake port 8441
4) Sign Agent Cert
2) Download Server Cert
6) Connect on Registration port 8440
7) Perform 2WAY auth using Agent Cert
10) Complete Host Registration
Agent Host
8) Get FQDN
9) Register host
3) Request to Sign Agent Cert
5) Download Agent Cert + Disconnect
© Hortonworks Inc. 2013
Flow Details
Page 12
Operation Description
1 Connect on Handshake port 8441 Ambari Agent connects to Ambari Server on the handshake port.
2 Download Server Certificate Ambari Agent downloads the Server Certificate.
3 Request to sign Agent Certificate Ambari Agent requests for Ambari Server to sign the Agent Certificate.
4 Sign Agent Cert Ambari Server signs Agent Certificate with password.
5 Download Agent Cert and Disconnect Ambar Agent downloads Agent Certificate and disconnects.
6 Connect on Registration port 8440 Ambari Agent connects to Ambari Server on the registration port.
7 Perform 2WAY auth using Agent Cert 2WAY authentication between Agent and Server.
8 Get FQDN Ambari Agent host gets the Fully Qualified Domain Name (FQDN) for the Agent host. Note: (8a) In case the host has multiple hostnames, use the host script to echo the hostname to use for registration.
9 Register Host Using the FQDN, the Agent host registers with the Ambari Server.
10 Complete Host Registration Ambari Server completes the host registration by adding the host to the Ambari DB.
11 Agent Heartbeat Begins Ambari Agent starts heartbeat to Ambari Server, checking for commands to execute.
