ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Re: Review Request 30889: curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
Date Thu, 12 Feb 2015 11:58:29 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/
-----------------------------------------------------------

(Updated Feb. 12, 2015, 11:58 a.m.)


Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-9581
    https://issues.apache.org/jira/browse/AMBARI-9581


Repository: ambari


Description
-------

PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.

Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.

BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.

STEPS TO REPRODUCE:

  * enable SSL in Ambari
  * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
  * attempt to restart Hive via Ambari

SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).


Diffs (updated)
-----

  ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758 
  ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04 
  ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf 
  ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2761c5b 
  ambari-agent/src/test/python/resource_management/TestContentSources.py 651ff83 
  ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e 
  ambari-common/src/main/python/resource_management/core/environment.py b96765e 
  ambari-common/src/main/python/resource_management/core/source.py 22e1c6d 
  ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92

  ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION

  ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf 
  ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a 
  ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
ef31ae7 
  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py
15d2b8e 
  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
df7063b 
  ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
b9677e7 
  ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
410fb9a 
  ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
b4bafac 
  ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
3fe6da4 
  ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py
e1356ca 
  ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
fe1d995 
  ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
d128cff 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
055ab40 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
dd2c57e 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
17f68ff 
  ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e 
  ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab 
  ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c 
  ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789 
  ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff

  ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8 
  ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28 

Diff: https://reviews.apache.org/r/30889/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message