ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sid Wagle" <swa...@hortonworks.com>
Subject Re: Review Request 19069: 2-way auth fails when using jdk7
Date Wed, 12 Mar 2014 17:02:11 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/#review36931
-----------------------------------------------------------

Ship it!


Ship It!

- Sid Wagle


On March 12, 2014, 11:16 a.m., Dmytro Sen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19069/
> -----------------------------------------------------------
> 
> (Updated March 12, 2014, 11:16 a.m.)
> 
> 
> Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
> 
> 
> Bugs: AMBARI-5040
>     https://issues.apache.org/jira/browse/AMBARI-5040
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Steps to reproduce:
> 
> On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text
editor.
> 
> Add the following property:
> security.server.two_way_ssl = true
> 
> Error message
> {noformat}
> INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending
sign request
> INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to
the server
> ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure
that server and agent certificates were signed by the same CA and restart the agent. 
> In order to receive a new agent certificate, remove existing certificate file from keys
directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties)

> Exiting..
> {noformat}
> 
> 
> Diffs
> -----
> 
>   ambari-server/conf/unix/ca.config d838131 
>   ambari-server/pom.xml 24c78ff 
>   ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
c02d633 
>   ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
d0f7dba 
>   ambari-server/src/main/resources/ca.config 7324275 
>   ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java
b73b5c8 
> 
> Diff: https://reviews.apache.org/r/19069/diff/
> 
> 
> Testing
> -------
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO] 
> [INFO] Ambari Main ....................................... SUCCESS [0.067s]
> [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
> [INFO] Ambari Web ........................................ SUCCESS [8.043s]
> [INFO] Ambari Views ...................................... SUCCESS [1.468s]
> [INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
> [INFO] Ambari Agent ...................................... SUCCESS [11.600s]
> [INFO] Ambari Client ..................................... SUCCESS [0.414s]
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> 
> 
> INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to
the server
> INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/
failed. Reconnecting using two-way SSL authentication..
> INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
> INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
> INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
> INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes
-keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key	-subj /OU=c6401.ambari.apache.org/
       -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
> INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending
sign request
> INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to
the server
> INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL
authentication completed successfully.
> 
> 
> Thanks,
> 
> Dmytro Sen
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message