Ambari Security Guide
Also available as:
PDF
loading table of contents...

Optional: Encrypt Database and LDAP Passwords

If you plan to configure Ambari to retain the Kerberos KDC Admin Account credentials when Configuring Kerberos, or you wish to encrypt the Ambari database and LDAP server passwords, you need to setup encryption for the passwords stored in the Ambari database.

Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits.

  1. On the Ambari Server, run the special setup command and answer the prompts:

    ambari-server setup-security

    1. When prompted, select Option 2 to "Encrypt the passwords stored in ambari.properties file".

    2. Provide a master key for encrypting the passwords. You are prompted to enter the key twice for accuracy.

    3. Once the passwords are encrypted, you need access to the master key to start Ambari Server. You have three options for maintaining the master key:

      • Persist it to a file on the server by pressing y at the prompt.

      • Create an environment variable AMBARI_SECURITY_MASTER_KEY and set it to the key.

      • Provide the key manually at the prompt on server start up.

    4. Start the Ambari Server:

      ambari-server start