ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From echekans...@apache.org
Subject ambari git commit: AMBARI-20831. Ambari agents can only connect to the server using TLSv1 (echekanskiy)
Date Mon, 24 Apr 2017 14:47:37 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.4 79ba64c2b -> b9de1383c


AMBARI-20831. Ambari agents can only connect to the server using TLSv1 (echekanskiy)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b9de1383
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b9de1383
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b9de1383

Branch: refs/heads/branch-2.4
Commit: b9de1383cd714ccc132e84abb80e8760d75a573e
Parents: 79ba64c
Author: Eugene Chekanskiy <echekanskiy@hortonworks.com>
Authored: Mon Apr 24 17:47:04 2017 +0300
Committer: Eugene Chekanskiy <echekanskiy@hortonworks.com>
Committed: Mon Apr 24 17:47:04 2017 +0300

----------------------------------------------------------------------
 .../main/python/ambari_agent/AmbariConfig.py    | 25 +++++++++++++++++---
 .../ambari_agent/CustomServiceOrchestrator.py   |  4 +++-
 .../src/main/python/ambari_agent/NetUtil.py     |  3 +++
 .../python/ambari_agent/alerts/web_alert.py     | 16 ++++---------
 .../TestCustomServiceOrchestrator.py            |  8 +++----
 .../main/python/ambari_commons/inet_utils.py    | 21 ++++++++++++++++
 .../libraries/script/script.py                  | 15 +++++++++---
 .../HDFS/2.1.0.2.0/package/files/checkWebUI.py  | 17 +++++++------
 .../HDFS/2.1.0.2.0/package/scripts/params.py    |  1 +
 .../2.1.0.2.0/package/scripts/service_check.py  |  3 ++-
 .../HDFS/2.1.0.2.0/package/scripts/utils.py     |  2 ++
 .../0.8/services/HDFS/package/scripts/params.py |  1 +
 .../HDFS/package/scripts/service_check.py       |  2 +-
 13 files changed, 86 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-agent/src/main/python/ambari_agent/AmbariConfig.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/AmbariConfig.py b/ambari-agent/src/main/python/ambari_agent/AmbariConfig.py
index ae938dc..7db856c 100644
--- a/ambari-agent/src/main/python/ambari_agent/AmbariConfig.py
+++ b/ambari-agent/src/main/python/ambari_agent/AmbariConfig.py
@@ -23,7 +23,6 @@ import ConfigParser
 import StringIO
 import hostname
 import ambari_simplejson as json
-from NetUtil import NetUtil
 import os
 
 from ambari_commons import OSConst
@@ -160,7 +159,6 @@ class AmbariConfig:
   def __init__(self):
     global content
     self.config = ConfigParser.RawConfigParser()
-    self.net = NetUtil(self)
     self.config.readfp(StringIO.StringIO(content))
 
   def get(self, section, value, default=None):
@@ -186,6 +184,23 @@ class AmbariConfig:
   def getConfig(self):
     return self.config
 
+  @classmethod
+  def get_resolved_config(cls):
+    if hasattr(cls, "_conf_cache"):
+      return getattr(cls, "_conf_cache")
+    config = cls()
+    configPath = os.path.abspath(cls.getConfigFile())
+    try:
+      if os.path.exists(configPath):
+        config.read(configPath)
+      else:
+        raise Exception("No config found at {0}, use default".format(configPath))
+
+    except Exception, err:
+      logger.warn(err)
+    setattr(cls, "_conf_cache", config)
+    return config
+
   @staticmethod
   @OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
   def getConfigFile():
@@ -236,7 +251,8 @@ class AmbariConfig:
     self.config.read(filename)
 
   def getServerOption(self, url, name, default=None):
-    status, response = self.net.checkURL(url)
+    from ambari_agent.NetUtil import NetUtil
+    status, response = NetUtil(self).checkURL(url)
     if status is True:
       try:
         data = json.loads(response)
@@ -273,6 +289,9 @@ class AmbariConfig:
         logger.info("Updating config property (%s) with value (%s)", k, v)
     pass
 
+  def get_force_https_protocol(self):
+    return self.get('security', 'force_https_protocol', default="PROTOCOL_TLSv1")
+
 def isSameHostList(hostlist1, hostlist2):
   is_same = True
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
index 57416a4..b4e2076 100644
--- a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
+++ b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
@@ -67,6 +67,7 @@ class CustomServiceOrchestrator():
   def __init__(self, config, controller):
     self.config = config
     self.tmp_dir = config.get('agent', 'prefix')
+    self.force_https_protocol = config.get_force_https_protocol()
     self.exec_tmp_dir = Constants.AGENT_TMP_DIR
     self.file_cache = FileCache(config)
     self.status_commands_stdout = os.path.join(self.tmp_dir,
@@ -195,7 +196,8 @@ class CustomServiceOrchestrator():
       
       for py_file, current_base_dir in filtered_py_file_list:
         log_info_on_failure = not command_name in self.DONT_DEBUG_FAILURES_FOR_COMMANDS
-        script_params = [command_name, json_path, current_base_dir, tmpstrucoutfile, logger_level,
self.exec_tmp_dir]
+        script_params = [command_name, json_path, current_base_dir, tmpstrucoutfile, logger_level,
self.exec_tmp_dir,
+                         self.force_https_protocol]
         
         if log_out_files:
           script_params.append("-o")

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-agent/src/main/python/ambari_agent/NetUtil.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/NetUtil.py b/ambari-agent/src/main/python/ambari_agent/NetUtil.py
index 2e9381b..9d866a1 100644
--- a/ambari-agent/src/main/python/ambari_agent/NetUtil.py
+++ b/ambari-agent/src/main/python/ambari_agent/NetUtil.py
@@ -20,6 +20,8 @@ import httplib
 import sys
 from ssl import SSLError
 from HeartbeatHandlers import HeartbeatStopHandlers
+from ambari_agent.AmbariConfig import AmbariConfig
+from ambari_commons.inet_utils import ensure_ssl_using_protocol
 
 ERROR_SSL_WRONG_VERSION = "SSLError: Failed to connect. Please check openssl library versions.
\n" +\
               "Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details."
@@ -27,6 +29,7 @@ LOG_REQUEST_MESSAGE = "GET %s -> %s, body: %s"
 
 logger = logging.getLogger(__name__)
 
+ensure_ssl_using_protocol(AmbariConfig.get_resolved_config().get_force_https_protocol())
 
 class NetUtil:
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
index 42ad96b..75c1929 100644
--- a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
+++ b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py
@@ -33,8 +33,9 @@ from resource_management.libraries.functions.get_port_from_url import get_port_f
 from resource_management.libraries.functions.get_path_from_url import get_path_from_url
 from resource_management.libraries.functions.curl_krb_request import curl_krb_request
 from ambari_commons import OSCheck
-from ambari_commons.inet_utils import resolve_address
+from ambari_commons.inet_utils import resolve_address, ensure_ssl_using_protocol
 from ambari_agent import Constants
+from ambari_agent.AmbariConfig import AmbariConfig
 
 # hashlib is supplied as of Python 2.5 as the replacement interface for md5
 # and other secure hashes.  In 2.6, md5 is deprecated.  Import hashlib if
@@ -52,18 +53,9 @@ logger = logging.getLogger(__name__)
 # default timeout
 DEFAULT_CONNECTION_TIMEOUT = 5
 
+ensure_ssl_using_protocol(AmbariConfig.get_resolved_config().get_force_https_protocol())
 WebResponse = namedtuple('WebResponse', 'status_code time_millis error_msg')
 
-# patch ssl module to fix SSLv3 communication bug
-# for more info see http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit
-def sslwrap(func):
-    @wraps(func)
-    def bar(*args, **kw):
-        kw['ssl_version'] = ssl.PROTOCOL_TLSv1
-        return func(*args, **kw)
-    return bar
-ssl.wrap_socket = sslwrap(ssl.wrap_socket)
-
 class WebAlert(BaseAlert):
 
   def __init__(self, alert_meta, alert_source_meta, config):
@@ -258,4 +250,4 @@ class WebAlert(BaseAlert):
     if state == self.RESULT_CRITICAL:
       return 'Connection failed to {1}'
 
-    return 'HTTP {0} response in {2:.4f} seconds'
\ No newline at end of file
+    return 'HTTP {0} response in {2:.4f} seconds'

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
index c9724b7..002309e 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
@@ -54,8 +54,8 @@ class TestCustomServiceOrchestrator(TestCase):
     # generate sample config
     tmpdir = tempfile.gettempdir()
     exec_tmp_dir = os.path.join(tmpdir, 'tmp')
-    self.config = ConfigParser.RawConfigParser()
-    self.config.get = AmbariConfig().get
+    self.config = AmbariConfig()
+    self.config.config = ConfigParser.RawConfigParser()
     self.config.add_section('agent')
     self.config.set('agent', 'prefix', tmpdir)
     self.config.set('agent', 'cache_dir', "/cachedir")
@@ -68,7 +68,7 @@ class TestCustomServiceOrchestrator(TestCase):
   def test_add_reg_listener_to_controller(self, FileCache_mock):
     FileCache_mock.return_value = None
     dummy_controller = MagicMock()
-    config = AmbariConfig().getConfig()
+    config = AmbariConfig()
     tempdir = tempfile.gettempdir()
     config.set('agent', 'prefix', tempdir)
     CustomServiceOrchestrator(config, dummy_controller)
@@ -204,7 +204,7 @@ class TestCustomServiceOrchestrator(TestCase):
   def test_resolve_script_path(self, FileCache_mock, exists_mock):
     FileCache_mock.return_value = None
     dummy_controller = MagicMock()
-    config = AmbariConfig().getConfig()
+    config = AmbariConfig()
     orchestrator = CustomServiceOrchestrator(config, dummy_controller)
     # Testing existing path
     exists_mock.return_value = True

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-common/src/main/python/ambari_commons/inet_utils.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/ambari_commons/inet_utils.py b/ambari-common/src/main/python/ambari_commons/inet_utils.py
index 987c761..fa47f0e 100644
--- a/ambari-common/src/main/python/ambari_commons/inet_utils.py
+++ b/ambari-common/src/main/python/ambari_commons/inet_utils.py
@@ -181,3 +181,24 @@ def resolve_address(address):
     if address == '0.0.0.0':
       return '127.0.0.1'
   return address
+
+def ensure_ssl_using_protocol(protocol):
+  """
+  Monkey patching ssl module to force it use tls_v1. Do this in common module to avoid problems
with
+  PythonReflectiveExecutor.
+  :param protocol: one of ("PROTOCOL_SSLv2", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23", "PROTOCOL_TLSv1",
"PROTOCOL_TLSv1_1", "PROTOCOL_TLSv1_2")
+  :return:
+  """
+  from functools import wraps
+  import ssl
+  if hasattr(ssl.wrap_socket, "_ambari_patched"):
+    return # do not create chain of wrappers, patch only once
+  def sslwrap(func):
+    @wraps(func)
+    def bar(*args, **kw):
+      import ssl
+      kw['ssl_version'] = getattr(ssl, protocol)
+      return func(*args, **kw)
+    bar._ambari_patched = True
+    return bar
+  ssl.wrap_socket = sslwrap(ssl.wrap_socket)
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-common/src/main/python/resource_management/libraries/script/script.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/script/script.py
b/ambari-common/src/main/python/resource_management/libraries/script/script.py
index 1c5bdce..43e5fa2 100644
--- a/ambari-common/src/main/python/resource_management/libraries/script/script.py
+++ b/ambari-common/src/main/python/resource_management/libraries/script/script.py
@@ -64,7 +64,7 @@ if OSCheck.is_windows_family():
 else:
   from resource_management.libraries.functions.tar_archive import archive_dir
 
-USAGE = """Usage: {0} <COMMAND> <JSON_CONFIG> <BASEDIR> <STROUTPUT>
<LOGGING_LEVEL> <TMP_DIR>
+USAGE = """Usage: {0} <COMMAND> <JSON_CONFIG> <BASEDIR> <STROUTPUT>
<LOGGING_LEVEL> <TMP_DIR> [PROTOCOL]
 
 <COMMAND> command type (INSTALL/CONFIGURE/START/STOP/SERVICE_CHECK...)
 <JSON_CONFIG> path to command json file. Ex: /var/lib/ambari-agent/data/command-2.json
@@ -72,6 +72,7 @@ USAGE = """Usage: {0} <COMMAND> <JSON_CONFIG> <BASEDIR>
<STROUTPUT> <LOGGING_LEV
 <STROUTPUT> path to file with structured command output (file will be created). Ex:/tmp/my.txt
 <LOGGING_LEVEL> log level for stdout. Ex:DEBUG,INFO
 <TMP_DIR> temporary directory for executable scripts. Ex: /var/lib/ambari-agent/tmp
+[PROTOCOL] optional protocol to use during https connections. Ex: see python ssl.PROTOCOL_<PROTO>
variables, default PROTOCOL_TLSv1
 """
 
 _PASSWORD_MAP = {"/configurations/cluster-env/hadoop.user.name":"/configurations/cluster-env/hadoop.user.password"}
@@ -118,7 +119,8 @@ class Script(object):
 
   # Class variable
   tmp_dir = ""
- 
+  force_https_protocol = "PROTOCOL_TLSv1"
+
   def load_structured_out(self):
     Script.structuredOut = {}
     if os.path.exists(self.stroutfile):
@@ -244,7 +246,10 @@ class Script(object):
     self.load_structured_out()
     self.logging_level = sys.argv[5]
     Script.tmp_dir = sys.argv[6]
-    
+    # optional script argument for forcing https protocol
+    if len(sys.argv) >= 8:
+      Script.force_https_protocol = sys.argv[7]
+
     logging_level_str = logging._levelNames[self.logging_level]
     Logger.initialize_logger(__name__, logging_level=logging_level_str)
 
@@ -406,6 +411,10 @@ class Script(object):
     return Script.tmp_dir
 
   @staticmethod
+  def get_force_https_protocol():
+    return Script.force_https_protocol
+
+  @staticmethod
   def get_component_from_role(role_directory_map, default_role):
     """
     Gets the <stack-root>/current/<component> component given an Ambari role,

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py
index ddeb116..c7e9f0e 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py
@@ -23,30 +23,31 @@ import httplib
 import socket
 import ssl
 
-class TLS1HTTPSConnection(httplib.HTTPSConnection):
+class ForcedProtocolHTTPSConnection(httplib.HTTPSConnection):
   """
   Some of python implementations does not work correctly with sslv3 but trying to use it,
we need to change protocol to
   tls1.
   """
-  def __init__(self, host, port, **kwargs):
+  def __init__(self, host, port, force_protocol, **kwargs):
     httplib.HTTPSConnection.__init__(self, host, port, **kwargs)
+    self.force_protocol = force_protocol
 
   def connect(self):
     sock = socket.create_connection((self.host, self.port), self.timeout)
     if getattr(self, '_tunnel_host', None):
       self.sock = sock
       self._tunnel()
-    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
+    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=getattr(ssl,
self.force_protocol))
 
-def make_connection(host, port, https):
+def make_connection(host, port, https, force_protocol=None):
   try:
     conn = httplib.HTTPConnection(host, port) if not https else httplib.HTTPSConnection(host,
port)
     conn.request("GET", "/")
     return conn.getresponse().status
   except ssl.SSLError:
-    # got ssl error, lets try to use TLS1 protocol, maybe it will work
+    # got ssl error, lets try to use forced protocol, maybe it will work
     try:
-      tls1_conn = TLS1HTTPSConnection(host, port)
+      tls1_conn = ForcedProtocolHTTPSConnection(host, port, force_protocol)
       tls1_conn.request("GET", "/")
       return tls1_conn.getresponse().status
     except Exception as e:
@@ -65,15 +66,17 @@ def main():
   parser.add_option("-m", "--hosts", dest="hosts", help="Comma separated hosts list for WEB
UI to check it availability")
   parser.add_option("-p", "--port", dest="port", help="Port of WEB UI to check it availability")
   parser.add_option("-s", "--https", dest="https", help="\"True\" if value of dfs.http.policy
is \"HTTPS_ONLY\"")
+  parser.add_option("-o", "--protocol", dest="protocol", help="Protocol to use when executing
https request")
 
   (options, args) = parser.parse_args()
   
   hosts = options.hosts.split(',')
   port = options.port
   https = options.https
+  protocol = options.protocol
 
   for host in hosts:
-    httpCode = make_connection(host, port, https.lower() == "true")
+    httpCode = make_connection(host, port, https.lower() == "true", protocol)
 
     if httpCode != 200:
       print "Cannot access WEB UI on: http://" + host + ":" + port if not https.lower() ==
"true" else "Cannot access WEB UI on: https://" + host + ":" + port

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
index 7514918..b248087 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
@@ -27,3 +27,4 @@ else:
 host_sys_prepped = default("/hostLevelParams/host_sys_prepped", False)
 nfsgateway_heapsize = config['configurations']['hadoop-env']['nfsgateway_heapsize']
 retryAble = default("/commandParams/command_retry_enabled", False)
+script_https_protocol = Script.get_force_https_protocol()
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/service_check.py
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/service_check.py
index 737ae04..dffa077 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/service_check.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/service_check.py
@@ -86,7 +86,8 @@ class HdfsServiceCheckDefault(HdfsServiceCheck):
         checkWebUIFileName = "checkWebUI.py"
         checkWebUIFilePath = format("{tmp_dir}/{checkWebUIFileName}")
         comma_sep_jn_hosts = ",".join(params.journalnode_hosts)
-        checkWebUICmd = format("ambari-python-wrap {checkWebUIFilePath} -m {comma_sep_jn_hosts}
-p {journalnode_port} -s {https_only}")
+
+        checkWebUICmd = format("ambari-python-wrap {checkWebUIFilePath} -m {comma_sep_jn_hosts}
-p {journalnode_port} -s {https_only} -o {script_https_protocol}")
         File(checkWebUIFilePath,
              content=StaticFile(checkWebUIFileName),
              mode=0775)

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py
index 107ad7c..11da955 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py
@@ -35,9 +35,11 @@ from resource_management.core.exceptions import Fail
 from resource_management.libraries.functions.namenode_ha_utils import get_namenode_states
 from resource_management.libraries.script.script import Script
 from resource_management.libraries.functions.show_logs import show_logs
+from ambari_commons.inet_utils import ensure_ssl_using_protocol
 
 from zkfc_slave import ZkfcSlaveDefault
 
+ensure_ssl_using_protocol(Script.get_force_https_protocol())
 def safe_zkfc_op(action, env):
   """
   Idempotent operation on the zkfc process to either start or stop it.

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
index 49cfa86..f85efb0 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/params.py
@@ -241,3 +241,4 @@ ttnode_heapsize = "1024m"
 dtnode_heapsize = config['configurations']['hadoop-env']['dtnode_heapsize']
 mapred_pid_dir_prefix = default("/configurations/mapred-env/mapred_pid_dir_prefix","/var/run/hadoop-mapreduce")
 mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefix","/var/log/hadoop-mapreduce")
+script_https_protocol = Script.get_force_https_protocol()
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/b9de1383/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/service_check.py
b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/service_check.py
index 81d7ca5..3b54fd0 100644
--- a/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/service_check.py
+++ b/ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/HDFS/package/scripts/service_check.py
@@ -93,7 +93,7 @@ class HdfsServiceCheck(Script):
       comma_sep_jn_hosts = ",".join(params.journalnode_hosts)
       checkWebUICmd = format(
         "su -s /bin/bash - {smoke_test_user} -c 'python {checkWebUIFilePath} -m "
-        "{comma_sep_jn_hosts} -p {journalnode_port}'")
+        "{comma_sep_jn_hosts} -p {journalnode_port} -o {script_https_protocol}'")
       File(checkWebUIFilePath,
            content=StaticFile(checkWebUIFileName))
 


Mime
View raw message