ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitro Lisnichenko" <dlysniche...@hortonworks.com>
Subject Re: Review Request 30889: curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
Date Wed, 11 Feb 2015 20:48:01 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/#review72019
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On Feb. 11, 2015, 8:45 p.m., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30889/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2015, 8:45 p.m.)
> 
> 
> Review request for Ambari and Dmitro Lisnichenko.
> 
> 
> Bugs: AMBARI-9581
>     https://issues.apache.org/jira/browse/AMBARI-9581
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
> 
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. AIG inquired about disabling curl
> calls in hive.py, or replacing curl with wget.
> 
> BUSINESS IMPACT: Manual hive control instructions were provided as a
> workaround. Customer wants to know what options are available to have full
> Ambari functionality with the given constraints.
> 
> STEPS TO REPRODUCE:
> 
>   * enable SSL in Ambari
>   * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
>   * attempt to restart Hive via Ambari
> 
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).
> 
> 
> Diffs
> -----
> 
>   ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758 
>   ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04 
>   ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf 
>   ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e 
>   ambari-common/src/main/python/resource_management/core/environment.py b96765e 
>   ambari-common/src/main/python/resource_management/core/source.py 22e1c6d 
>   ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92

>   ambari-common/src/main/python/resource_management/libraries/functions/constants.py
PRE-CREATION 
>   ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf

>   ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a

>   ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
ef31ae7 
>   ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py
15d2b8e 
>   ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
df7063b 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
b9677e7 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
410fb9a 
>   ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
b4bafac 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
3fe6da4 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py
e1356ca 
>   ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
fe1d995 
>   ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
d128cff 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
055ab40 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
dd2c57e 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
17f68ff 
>   ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e 
>   ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab 
>   ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c 
>   ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789

>   ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py
eeec7ff 
>   ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8 
>   ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28 
> 
> Diff: https://reviews.apache.org/r/30889/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message