ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 35481: Namenode log contains:javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Date Tue, 16 Jun 2015 00:12:26 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35481/#review88006
-----------------------------------------------------------

Ship it!


This seems like an odd place for this fix. I would think that the change should be direcly
related to Namenode, not the alert test.

- Robert Levas


On June 15, 2015, 8:06 p.m., Tom Beerbower wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35481/
> -----------------------------------------------------------
> 
> (Updated June 15, 2015, 8:06 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley and Robert Levas.
> 
> 
> Bugs: AMBARI-11938
>     https://issues.apache.org/jira/browse/AMBARI-11938
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The following is being reported in the namenode logs on a cluster with wire encryption
enabled.
> 
> 
>     2015-06-05 23:00:17,702 WARN  mortbay.log (Slf4jLog.java:warn(89)) - EXCEPTION 
>     javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
>     	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>     	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
>     	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
>     	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
>     	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
>     	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
>     	at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
>     	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> 
> 
> Ambari JMX alert checks on a kerberized cluster are polling with curl.  The curl call
should use -k to ignore checking the server's certificates.
> 
> 
> Diffs
> -----
> 
>   ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
5e7f795 
> 
> Diff: https://reviews.apache.org/r/35481/diff/
> 
> 
> Testing
> -------
> 
> Manual tested on wire encryption enabled cluster.  Verfied that exception does not reproduce
with fix.
> 
> mvn clean test
> 
> all pass
> 
> 
> Thanks,
> 
> Tom Beerbower
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message