ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitro Lisnichenko" <dlysniche...@hortonworks.com>
Subject Re: Review Request 20834: Usability: When setting up HTTPS for ambari-server, ambari didn't validate the path name and generate misleading error message
Date Tue, 29 Apr 2014 12:34:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20834/#review41710
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On April 29, 2014, 11:54 a.m., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20834/
> -----------------------------------------------------------
> 
> (Updated April 29, 2014, 11:54 a.m.)
> 
> 
> Review request for Ambari and Dmitro Lisnichenko.
> 
> 
> Bugs: AMBARI-5610
>     https://issues.apache.org/jira/browse/AMBARI-5610
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> PROBLEM: When setting up https for Ambari-server, ambari ask for the path to
> certificate and private key. It actually ask for the file name or the folder
> name. But ambari will not validate the path and give misleading error message.
> STEPS TO REPRODUCE: 
> 1\. generate self-signed certificate in /root/cert/ 
> 2\. Run ambari-server setup-security 
> 3. 
> Do you want to configure HTTPS
> [y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn)
> ![](https://hortonworks.jira.com/images/icons/emoticons/thumbs_up.gif)? y 
> SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ? 
> Enter path to Certificate: /root/cert 
> Enter path to Private Key: /root/cert
> ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out
> misleading error: 
> INFO: about to run command: openssl x509 -dates -subject -in /root/cert/ 
> Error getting Certificate info 
> unable to load certificate 
> 140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
> WARNING: Unable to get Certificate information 
> Generating random password for HTTPS keystore...done. 
> INFO: about to run command: openssl rsa -in /root/cert -des3 -out
> /root/cert.secured -passout
> pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA 
> ERROR: Could not import Certificate and Private Key. 
> SSL error on exporting keystore: unable to load Private Key 
> 140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:703:Expecting: ANY PRIVATE KEY. 
> Please ensure that provided Private Key password is correct and re-import
> Certificate.
> EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good
> that ambari can validate the path name before it launch the openssl command,
> asking the customer to provide the correct path name, which should be
> /root/cert/klss20.test.com.crt
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/python/ambari-server.py 5adf44d 
>   ambari-server/src/test/python/TestAmbariServer.py 51d3c64 
> 
> Diff: https://reviews.apache.org/r/20834/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message