cloudera-labs · wmudge · Apr 28, 2023 · Apr 5, 2023 · Apr 15, 2023 · Apr 15, 2023
diff --git a/.gitignore b/.gitignore
@@ -162,3 +162,4 @@ dmypy.json
 # Cython debug symbols
 cython_debug/
 
+.DS_Store
diff --git a/roles/cloudera_manager/autotls/defaults/main.yml b/roles/cloudera_manager/autotls/defaults/main.yml
@@ -16,3 +16,4 @@
 
 host_ssh_username: root
 host_ssh_password: cloudera
+sudoerUser: centos
diff --git a/roles/cloudera_manager/autotls/tasks/main.yml b/roles/cloudera_manager/autotls/tasks/main.yml
@@ -48,7 +48,7 @@
 
 - name: Set node_key on one line
   set_fact:
-    node_key_one_line: "{{ lookup('file', '~/node_key' ) | replace('\n', '\\n') | replace('\"', '\\\"' ) }}"
+    node_key_one_line: "{{ lookup('file', private_key_path ) | replace('\n', '\\n') | replace('\"', '\\\"' ) }}"
   when: not use_password
 
 - name: DEBUG Auto-TLS using key

diff --git a/roles/cloudera_manager/autotls/templates/auto-tls-key.json b/roles/cloudera_manager/autotls/templates/auto-tls-key.json
@@ -3,7 +3,7 @@
     "configureAllServices" : "true",
     "sshPort" : 22,
     {% if freeipa_activated %}"trustedCaCerts" : "/etc/ipa/ca.crt",{% endif %}
-    "userName" : "root",
-    "privateKey": "{{ node_key_one_line }}"
-} 
-    
+    "userName" : "{{ sudoerUser|default("root") }}",
+    "privateKey": "{{ node_key_one_line|default('~/node_key') }}"
+    "passphrase": "{{ passphrase|default("") }}"
+} 
diff --git a/roles/cloudera_manager/common/defaults/main.yml b/roles/cloudera_manager/common/defaults/main.yml
@@ -27,6 +27,6 @@ cloudera_manager_database_type: "{{ database_type }}"
 cloudera_manager_database_name: scm
 cloudera_manager_database_user: scm
 cloudera_manager_database_password: changeme
-cloudera_manager_database_port: "{{ database_port | cloudera.cluster.default_database_port }}"
+cloudera_manager_database_port: "{{ database_type | cloudera.cluster.default_database_port }}"
 cloudera_manager_agent_lib_directory: /var/lib/cloudera-scm-agent
 cloudera_manager_cmf_java_opts_default: "-Xmx4G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp"
diff --git a/roles/cloudera_manager/external_auth/defaults/main.yml b/roles/cloudera_manager/external_auth/defaults/main.yml
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,31 +13,5 @@
 # limitations under the License.
 
 ---
-cloudera_manager_external_auth:
-  provider: "{{ 'FreeIPA' if freeipa_activated == true else omit }}"
-  external_first: no
-  external_only: no
-  external_set: "{{ 'yes' if freeipa_activated == true else 'no' }}"
-  role_mappings: "{{ default_free_ipa_role_mappings if freeipa_activated == true else omit }}"
 
-default_free_ipa_role_mappings:
-  - group: admins
-    roles: [ ROLE_ADMIN ]
-  - group: auditors
-    roles: [ ROLE_AUDITOR ]
-  - group: users
-    roles: [ ROLE_USER ]
-
-auth_providers:
-  FreeIPA:
-    type: LDAP
-    ldap_url: "{{ ipa_ldap_url }}"
-    ldap_base_dn:
-    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
-    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
-    ldap_search_base:
-      user: "{{ ipa_ldap_user_search_base }}"
-      group: "{{ ipa_ldap_group_search_base }}"
-    ldap_search_filter:
-      user: "{{ ipa_ldap_user_search_filter }}"
-      group: "{{ ipa_ldap_user_group_filter }}"
+freeipa_activated: False
diff --git a/roles/cloudera_manager/external_auth/tasks/main.yml b/roles/cloudera_manager/external_auth/tasks/main.yml
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,15 @@
 
 ---
 
+- name: Conditionally load in variables for initializing IPA
+  ansible.builtin.include_vars:
+    file: freeipa.yml
+  when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+
 - name: Select external auth provider details
   set_fact:
     auth_provider: "{{ auth_providers[cloudera_manager_external_auth.provider] }}"

diff --git a/roles/cloudera_manager/external_auth/vars/freeipa.yml b/roles/cloudera_manager/external_auth/vars/freeipa.yml
@@ -0,0 +1,44 @@
+# Copyright 2023 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+default_free_ipa_role_mappings:
+  - group: admins
+    roles: [ ROLE_ADMIN ]
+  - group: auditors
+    roles: [ ROLE_AUDITOR ]
+  - group: users
+    roles: [ ROLE_USER ]
+
+cloudera_manager_external_auth:
+  provider: "FreeIPA"
+  external_first: no
+  external_only: no
+  external_set: yes
+  role_mappings: "{{ default_free_ipa_role_mappings }}"
+
+auth_providers:
+  FreeIPA:
+    type: LDAP
+    ldap_url: "{{ ipa_ldap_url }}"
+    ldap_base_dn:
+    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
+    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
+    ldap_search_base:
+      user: "{{ ipa_ldap_user_search_base }}"
+      group: "{{ ipa_ldap_group_search_base }}"
+    ldap_search_filter:
+      user: "{{ ipa_ldap_user_search_filter }}"
+      group: "{{ ipa_ldap_user_group_filter }}"
diff --git a/roles/cloudera_manager/external_auth/vars/main.yml b/roles/cloudera_manager/external_auth/vars/main.yml
@@ -29,3 +29,44 @@ auth_role_display_names:
   ROLE_OPERATOR: Operator
   ROLE_USER: Read-Only
   ROLE_USER_ADMIN: User Administrator
+
+default_free_ipa_role_mappings:
+  - group: admins
+    roles: [ ROLE_ADMIN ]
+  - group: auditors
+    roles: [ ROLE_AUDITOR ]
+  - group: users
+    roles: [ ROLE_USER ]
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+cloudera_manager_external_auth:
+  provider: "FreeIPA"
+  external_first: no
+  external_only: no
+  external_set: yes
+  role_mappings: "{{ default_free_ipa_role_mappings }}"
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+auth_providers:
+  FreeIPA:
+    type: LDAP
+    ldap_url: "{{ ipa_ldap_url }}"
+    ldap_base_dn:
+    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
+    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
+    ldap_search_base:
+      user: "{{ ipa_ldap_user_search_base }}"
+      group: "{{ ipa_ldap_group_search_base }}"
+    ldap_search_filter:
+      user: "{{ ipa_ldap_user_search_filter }}"
+      group: "{{ ipa_ldap_user_group_filter }}"
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
diff --git a/roles/config/services/mgmt/tasks/main.yml b/roles/config/services/mgmt/tasks/main.yml
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@
 # This variable is used by other roles
 # please take care when changing it
 - set_fact:
-    databases: "{{ database_defaults | combine(definition.mgmt.databases | default({}), recursive=True) }}"
+    databases: "{{ databases_cm_svcs | combine(definition.mgmt.databases | default({}), recursive=True) }}"
 
 - name: Reset custom configuration dictionary
   set_fact:
@@ -35,4 +35,4 @@
 # please take care when changing it
 - name: Merge custom configurations
   set_fact:
-    merged_configs: "{{ custom_configs | combine(definition.mgmt.configs | default({}), recursive=True) }}"
+    merged_configs: "{{ custom_configs | combine(definition.mgmt.configs | default({}), recursive=True) }}"
diff --git a/roles/deployment/databases/tasks/mysql.yml b/roles/deployment/databases/tasks/mysql.yml
@@ -0,0 +1,44 @@
+# Copyright 2023 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: Create databases
+  mysql_db:
+    name: "{{ databases[service].name }}"
+    encoding: "{{ service | cloudera.cluster.get_database_encoding_mysql }}"
+    collation: "{{ service | cloudera.cluster.get_database_collation_mysql }}"
+  become: yes
+  loop: "{{ databases }}"
+  loop_control:
+    loop_var: service
+  delegate_to: "{{ databases[service].host }}"
+  connection: ssh
+  when: databases[service].host in groups.db_server
+
+- name: Create database users
+  mysql_user:
+    name: "{{ databases[service].user }}"
+    password: "{{ databases[service].password }}"
+    update_password: always
+    host: '%'
+    priv: "{{ databases[service].name }}.*:ALL"
+  no_log: yes
+  become: yes
+  loop: "{{ databases }}"
+  loop_control:
+    loop_var: service
+  delegate_to: "{{ databases[service].host }}"
+  connection: ssh
+  when: databases[service].host in groups.db_server
Original file line number	Diff line number	Diff line change
Expand Up		@@ -162,3 +162,4 @@ dmypy.json
		# Cython debug symbols
		cython_debug/

		.DS_Store
Original file line number	Diff line number	Diff line change
Expand Up		@@ -16,3 +16,4 @@

		host_ssh_username: root
		host_ssh_password: cloudera
		sudoerUser: centos