ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-14236) HDFS and Yarn alerts in https mode when kerberos is disabled
Date Wed, 13 Jul 2016 17:19:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-14236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15375378#comment-15375378
] 

Robert Levas commented on AMBARI-14236:
---------------------------------------

[~tctruong213]

The fix [~aonishuk] provided in this patch appears to for TLSV1.  The code is 
{code:title=ambari_agent/alerts/web_alert.py:56}
# patch ssl module to fix SSLv3 communication bug
# for more info see http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit
def sslwrap(func):
    @wraps(func)
    def bar(*args, **kw):
        kw['ssl_version'] = ssl.PROTOCOL_TLSv1
        return func(*args, **kw)
    return bar
ssl.wrap_socket = sslwrap(ssl.wrap_socket)
{code}

As a work around, I have done the following:
# Stop Ambari Agent
# Edit {{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.py}} and comment out
the code above
# Remove {{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.pyc}}, note the
*PYC* extension
# Start Ambari Agent

I still want to investigate the real solution, however I believe that http://bugs.python.org/issue11220
describes possible solutions for SSLv3 - See http://bugs.python.org/issue11220#msg128686.
 


> HDFS and Yarn alerts in https mode when kerberos is disabled
> ------------------------------------------------------------
>
>                 Key: AMBARI-14236
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14236
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 2.2.0
>
>
> From NN logs:
>     
>     
>     javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
>             at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637)
>             at sun.security.ssl.InputRecord.read(InputRecord.java:527)
>             at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
>             at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
>             at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
>             at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
>             at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
>             at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>     
> Please check the live cluster for debugging: <https://172.22.74.208:8080>



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message