ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-9581) curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
Date Wed, 11 Feb 2015 20:45:12 GMT
Andrew Onischuk created AMBARI-9581:
---------------------------------------

             Summary: curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
                 Key: AMBARI-9581
                 URL: https://issues.apache.org/jira/browse/AMBARI-9581
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 2.0.0


PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.

Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.

BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.

STEPS TO REPRODUCE:

  * enable SSL in Ambari
  * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
  * attempt to restart Hive via Ambari

SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message