Apache Ambari Security
Also available as:
PDF
loading table of contents...

Optional: Storing Component Passwords In Credential Store

Ambari supports storing component passwords in credential stores, when supported by the underlying service itself. The following services support passwords stored in credential stores.

  • Hive

  • Oozie

  • Ranger

  • Ambari Log Search

When Ambari and HDP are freshly installed, credential stores will be used by default. When Ambari has been upgraded from a previous release, the use of credential stores must be enabled explicitly.

Enabling Credential Stores After Ambari Server Upgrade

Ranger and Ambari Log Search will use credential stores by default on upgrade, but Hive and Oozie must be enabled explicitly using the Ambari Server API.

Hive

For Hive, the use of a credential store is disabled by default on upgrade and can only be enabled/disabled using the following API calls:

  • Enable Storing Passwords In Credential Stores:

    curl -k -u <AMBARI_USER>:<AMBARI_PASSWORD> -H "X-Requested-By: <AMBARI_USER>" -X PUT -d '{"ServiceInfo": {"credential_store_enabled": "true"}}' http://<AMBARI_HOST>:<AMBARI_PORT>/api/v1/clusters/<CLUSTER_NAME>/services/HIVE
  • Disable Storing Passwords In Credential Stores:

    curl -k -u <AMBARI_USER>:<AMBARI_PASSWORD> -H "X-Requested-By: <AMBARI_USER>" -X PUT -d '{"ServiceInfo": {"credential_store_enabled": "false"}}' http://<AMBARI_HOST>:<AMBARI_PORT>/api/v1/clusters/<CLUSTER_NAME>/services/HIVE

Oozie

For Oozie, the use of a credential store is disabled by default on upgrade and can only be enabled/disabled using the following API calls:

  • Enable Storing Passwords In Credential Stores:

    curl -k -u <AMBARI_USER>:<AMBARI_PASSWORD> -H "X-Requested-By: <AMBARI_USER>" -X PUT -d '{"ServiceInfo": {"credential_store_enabled": "true"}}' http://<AMBARI_HOST>:<AMBARI_PORT>/api/v1/clusters/<CLUSTER_NAME>/services/OOZIE
  • Disable Storing Passwords In Credential Stores:

    curl -k -u <AMBARI_USER>:<AMBARI_PASSWORD> -H "X-Requested-By: <AMBARI_USER>" -X PUT -d '{"ServiceInfo": {"credential_store_enabled": "false"}}' http://<AMBARI_HOST>:<AMBARI_PORT>/api/v1/clusters/<CLUSTER_NAME>/services/OOZIE