ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitro Lisnichenko" <dlysniche...@hortonworks.com>
Subject Re: Review Request 34993: Unable to communicate to Namenode after wire encryption
Date Wed, 03 Jun 2015 10:40:20 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34993/#review86392
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On June 3, 2015, 10:36 a.m., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34993/
> -----------------------------------------------------------
> 
> (Updated June 3, 2015, 10:36 a.m.)
> 
> 
> Review request for Ambari, Dmitro Lisnichenko and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-11645
>     https://issues.apache.org/jira/browse/AMBARI-11645
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> On a cluster with HDFS,Mapred, Yarn,Tez, Zookeeper and Ambari metrics enabled
> security and then followed <http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-
> 2.1.5/bk_Security_Guide/content/ch_wire-https.html> to perform wire
> encryption.
> 
> After above steps are completed, we see the below error in name node logs
> whenever any request is processed.
> 
>     
>     
>     
>     2015-06-02 21:57:21,255 WARN  mortbay.log (Slf4jLog.java:warn(89)) - EXCEPTION 
>     javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
>     	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>     	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
>     	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
>     	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
>     	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
>     	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
>     	at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
>     	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>     
> 
> Using the key tool we verified in all the nodes whether the certificate is
> valid and it doesn't show up any errors there. Please help take a look to
> resolve this issue.  
> Output from the validation check is attached.  
> here is a cluster to take a look:
> <http://ec2-54-165-14-184.compute-1.amazonaws.com:8080/#>
> 
> 
> Diffs
> -----
> 
>   ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
33d356f 
> 
> Diff: https://reviews.apache.org/r/34993/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message