cloudera.cluster icon indicating copy to clipboard operation
cloudera.cluster copied to clipboard

Published 20 hours ago verified publisher icon cloudera-labs

Avoid repeating CM password check

Open WillDyson opened this issue 3 years ago • 1 comments

If LDAP is configured in CM, repeated failed password checks can lock user accounts.

After LDAP has been configured or the CM admin password is changed, the CM password check will trigger a failed login each time it is used.

This commit adds checks to ensure the check is skipped each time it is run after the first failure.

This is okay as we don't expect the CM password to be changed back to its default value.

Signed-off-by: William Dyson [email protected]

WillDyson avatar Oct 04 '22 11:10 WillDyson

Tested with CM 7.6.1 CDP 7.1.7 by:

  1. Deploying a basic secured cluster with a non-default CM password
  2. Running the playbook again to ensure idempotency, skipping the following tags: --skip-tags database,kerberos,tls,cm,verify,os,jdk,users

After changing the Cloudera Manager password, the password is only checked once – other attempts are skipped.

WillDyson avatar Oct 12 '22 13:10 WillDyson