cloudera-labs
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/cloudera_manager/autotls/defaults/main.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/cloudera_manager/autotls/defaults/main.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/cloudera_manager/autotls/tasks/main.yml‎
Lines changed: 1 addition & 1 deletion b/‎roles/cloudera_manager/autotls/tasks/main.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎roles/cloudera_manager/autotls/templates/auto-tls-key.json‎
Lines changed: 4 additions & 4 deletions b/‎roles/cloudera_manager/autotls/templates/auto-tls-key.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎roles/cloudera_manager/common/defaults/main.yml‎
Lines changed: 1 addition & 1 deletion b/‎roles/cloudera_manager/common/defaults/main.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎roles/cloudera_manager/external_auth/defaults/main.yml‎
Lines changed: 2 additions & 28 deletions b/‎roles/cloudera_manager/external_auth/defaults/main.yml‎
Lines changed: 2 additions & 28 deletions
diff --git a/‎roles/cloudera_manager/external_auth/tasks/main.yml‎
Lines changed: 10 additions & 1 deletion b/‎roles/cloudera_manager/external_auth/tasks/main.yml‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎roles/cloudera_manager/external_auth/vars/freeipa.yml‎
Lines changed: 44 additions & 0 deletions b/‎roles/cloudera_manager/external_auth/vars/freeipa.yml‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎roles/cloudera_manager/external_auth/vars/main.yml‎
Lines changed: 41 additions & 0 deletions b/‎roles/cloudera_manager/external_auth/vars/main.yml‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎roles/config/services/mgmt/tasks/main.yml‎
Lines changed: 3 additions & 3 deletions b/‎roles/config/services/mgmt/tasks/main.yml‎
Lines changed: 3 additions & 3 deletions
@@ -162,3 +162,4 @@ dmypy.json
 # Cython debug symbols
 cython_debug/
 
+.DS_Store
@@ -16,3 +16,4 @@
 
 host_ssh_username: root
 host_ssh_password: cloudera
+sudoerUser: centos
@@ -48,7 +48,7 @@
 
 - name: Set node_key on one line
   set_fact:
-    node_key_one_line: "{{ lookup('file', '~/node_key' ) | replace('\n', '\\n') | replace('\"', '\\\"' ) }}"
+    node_key_one_line: "{{ lookup('file', private_key_path ) | replace('\n', '\\n') | replace('\"', '\\\"' ) }}"
   when: not use_password
 
 - name: DEBUG Auto-TLS using key
 
@@ -3,7 +3,7 @@
     "configureAllServices" : "true",
     "sshPort" : 22,
     {% if freeipa_activated %}"trustedCaCerts" : "/etc/ipa/ca.crt",{% endif %}
-    "userName" : "root",
-    "privateKey": "{{ node_key_one_line }}"
-} 
-    
+    "userName" : "{{ sudoerUser|default("root") }}",
+    "privateKey": "{{ node_key_one_line|default('~/node_key') }}"
+    "passphrase": "{{ passphrase|default("") }}"
+} 
@@ -27,6 +27,6 @@ cloudera_manager_database_type: "{{ database_type }}"
 cloudera_manager_database_name: scm
 cloudera_manager_database_user: scm
 cloudera_manager_database_password: changeme
-cloudera_manager_database_port: "{{ database_port | cloudera.cluster.default_database_port }}"
+cloudera_manager_database_port: "{{ database_type | cloudera.cluster.default_database_port }}"
 cloudera_manager_agent_lib_directory: /var/lib/cloudera-scm-agent
 cloudera_manager_cmf_java_opts_default: "-Xmx4G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp"
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,31 +13,5 @@
 # limitations under the License.
 
 ---
-cloudera_manager_external_auth:
-  provider: "{{ 'FreeIPA' if freeipa_activated == true else omit }}"
-  external_first: no
-  external_only: no
-  external_set: "{{ 'yes' if freeipa_activated == true else 'no' }}"
-  role_mappings: "{{ default_free_ipa_role_mappings if freeipa_activated == true else omit }}"
 
-default_free_ipa_role_mappings:
-  - group: admins
-    roles: [ ROLE_ADMIN ]
-  - group: auditors
-    roles: [ ROLE_AUDITOR ]
-  - group: users
-    roles: [ ROLE_USER ]
-
-auth_providers:
-  FreeIPA:
-    type: LDAP
-    ldap_url: "{{ ipa_ldap_url }}"
-    ldap_base_dn:
-    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
-    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
-    ldap_search_base:
-      user: "{{ ipa_ldap_user_search_base }}"
-      group: "{{ ipa_ldap_group_search_base }}"
-    ldap_search_filter:
-      user: "{{ ipa_ldap_user_search_filter }}"
-      group: "{{ ipa_ldap_user_group_filter }}"
+freeipa_activated: False
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,15 @@
 
 ---
 
+- name: Conditionally load in variables for initializing IPA
+  ansible.builtin.include_vars:
+    file: freeipa.yml
+  when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+
 - name: Select external auth provider details
   set_fact:
     auth_provider: "{{ auth_providers[cloudera_manager_external_auth.provider] }}"
 
@@ -0,0 +1,44 @@
+# Copyright 2023 Cloudera, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+default_free_ipa_role_mappings:
+  - group: admins
+    roles: [ ROLE_ADMIN ]
+  - group: auditors
+    roles: [ ROLE_AUDITOR ]
+  - group: users
+    roles: [ ROLE_USER ]
+
+cloudera_manager_external_auth:
+  provider: "FreeIPA"
+  external_first: no
+  external_only: no
+  external_set: yes
+  role_mappings: "{{ default_free_ipa_role_mappings }}"
+
+auth_providers:
+  FreeIPA:
+    type: LDAP
+    ldap_url: "{{ ipa_ldap_url }}"
+    ldap_base_dn:
+    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
+    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
+    ldap_search_base:
+      user: "{{ ipa_ldap_user_search_base }}"
+      group: "{{ ipa_ldap_group_search_base }}"
+    ldap_search_filter:
+      user: "{{ ipa_ldap_user_search_filter }}"
+      group: "{{ ipa_ldap_user_group_filter }}"
@@ -29,3 +29,44 @@ auth_role_display_names:
   ROLE_OPERATOR: Operator
   ROLE_USER: Read-Only
   ROLE_USER_ADMIN: User Administrator
+  
+default_free_ipa_role_mappings:
+  - group: admins
+    roles: [ ROLE_ADMIN ]
+  - group: auditors
+    roles: [ ROLE_AUDITOR ]
+  - group: users
+    roles: [ ROLE_USER ]
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+cloudera_manager_external_auth:
+  provider: "FreeIPA"
+  external_first: no
+  external_only: no
+  external_set: yes
+  role_mappings: "{{ default_free_ipa_role_mappings }}"
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
+
+auth_providers:
+  FreeIPA:
+    type: LDAP
+    ldap_url: "{{ ipa_ldap_url }}"
+    ldap_base_dn:
+    ldap_bind_user_dn: "{{ ipa_ldap_user_bind_dn }}"
+    ldap_bind_password: "{{ ipa_ldap_user_bind_password }}"
+    ldap_search_base:
+      user: "{{ ipa_ldap_user_search_base }}"
+      group: "{{ ipa_ldap_group_search_base }}"
+    ldap_search_filter:
+      user: "{{ ipa_ldap_user_search_filter }}"
+      group: "{{ ipa_ldap_user_group_filter }}"
+when: 
+  - freeipa_activated
+  - cloudera_manager_external_auth is undefined
+  - cloudera_manager_version is version('6.0.0','>=')
@@ -1,4 +1,4 @@
-# Copyright 2021 Cloudera, Inc.
+# Copyright 2023 Cloudera, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@
 # This variable is used by other roles
 # please take care when changing it
 - set_fact:
-    databases: "{{ database_defaults | combine(definition.mgmt.databases | default({}), recursive=True) }}"
+    databases: "{{ databases_cm_svcs | combine(definition.mgmt.databases | default({}), recursive=True) }}"
 
 - name: Reset custom configuration dictionary
   set_fact:
@@ -35,4 +35,4 @@
 # please take care when changing it
 - name: Merge custom configurations
   set_fact:
-    merged_configs: "{{ custom_configs | combine(definition.mgmt.configs | default({}), recursive=True) }}"
+    merged_configs: "{{ custom_configs | combine(definition.mgmt.configs | default({}), recursive=True) }}"
Original file line number	Diff line number	Diff line change
`@@ -162,3 +162,4 @@ dmypy.json`
`162`	`162`	`# Cython debug symbols`
`163`	`163`	`cython_debug/`
`164`	`164`
	`165`	`+.DS_Store`
Original file line number	Diff line number	Diff line change
`@@ -16,3 +16,4 @@`
`16`	`16`
`17`	`17`	`host_ssh_username: root`
`18`	`18`	`host_ssh_password: cloudera`
	`19`	`+sudoerUser: centos`