ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcin Molak (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-17225) Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use
Date Tue, 06 Sep 2016 17:42:21 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-17225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15468014#comment-15468014
] 

Marcin Molak commented on AMBARI-17225:
---------------------------------------

I have some problem during upgrade of BigInsights to version 4.2. IBM provides all repositories
on SSL secured server.

> Ambari Web UI stuck ON Repository Base URL validation when a local repository server
is used and it's certificate is on the truststore that ambari is configured to use
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-17225
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17225
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>         Environment: REHL7
>            Reporter: REYANE OUKPEDJO
>
> a local repository server is set up with ssl enabled and ambari is configured to uses
a truststore that has the local repository server certificate on it. Yet ambari is throwing
the following error during base url validation:
> 13 Jun 2016 16:31:11,974  WARN [qtp-ambari-client-23] ServletHandler:563 - /api/v1/stacks/BigInsights/versions/4.2/operating_systems/redhat7/repositories/IOP-4.2
> java.lang.IllegalStateException: Can't get secure connection to https://deployment.whac.local/repos/IOP/rhel/7/x86_64/4.2.0.0/beta/repodata/repomd.xml.
 Truststore path or password is not set.
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:286)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:173)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:133)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:107)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:112)
>         at org.apache.ambari.server.controller.AmbariManagementControllerImpl.verifyRepository(AmbariManagementControllerImpl.java:3701)
>         at org.apache.ambari.server.controller.AmbariManagementControllerImpl.updateRepositories(AmbariManagementControllerImpl.java:3639)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:120)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:117)
>         at org.apache.ambari.server.controller.internal.AbstractResourceProvider.invokeWithRetry(AbstractResourceProvider.java:450)
>         at org.apache.ambari.server.controller.internal.AbstractResourceProvider.modifyResources(AbstractResourceProvider.java:331)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider.updateResources(RepositoryResourceProvider.java:117)
>         at org.apache.ambari.server.controller.internal.ClusterControllerImpl.updateResources(ClusterControllerImpl.java:310)
>         at org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl.update(PersistenceManagerImpl.java:104)
>         at org.apache.ambari.server.api.handlers.UpdateHandler.persist(UpdateHandler.java:42)
>         at org.apache.ambari.server.api.handlers.BaseManagementHandler.handleRequest(BaseManagementHandler.java:72)
>         at org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest.java:135)
>         at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:106)
>         at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:75)
>         at org.apache.ambari.server.api.services.RepositoryService.updateRepository(RepositoryService.java:145)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>         at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
>         at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>         at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>         at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>         at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
>         at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> Also note that the ambari configuration file : ambari.properties show the following lines
:
> ssl.trustStore.path=/etc/security/ambari-server-truststore
> server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat
> server.execution.scheduler.isClustered=false
> server.stages.parallel=true
> views.request.read.timeout.millis=10000
> ssl.trustStore.type=jks
> server.jdbc.database=postgres
> ssl.trustStore.password=changeit
> server.jdbc.database_name=ambari
> As you can see the above suggests ambari is configured to use the trustore and yet it
still complains with no path to the trsust store or password is not set.
> Also I tried to use a java program that is able to pull the  repomd.xml using the same
trust store that was set for ambari
> [root@ip-10-155-82-180 ~]# java -Djavax.net.ssl.trustStore=/etc/security/ambari-server-truststore
-Djsse.enableSNIExtension=false TestTrustStore https://deployment.whac.local/repos/IOP-UTILS/RHEL7/x86_64/1.2/repodata/repomd.xml
> <?xml version="1.0" encoding="UTF-8"?>
> <repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
> <revision>1461860617</revision>
> <data type="filelists">
>  <checksum type="sha256">bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427</checksum>
>  <open-checksum type="sha256">b4d19a2f6912a1c41c242f94fd453dde4b538033e4dfb4ca7a3afc8f3baace15</open-checksum>
>  <location href="repodata/bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427-filelists.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>2769</size>
>  <open-size>18408</open-size>
> </data>
> <data type="primary">
>  <checksum type="sha256">18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047</checksum>
>  <open-checksum type="sha256">f42768d89bfdacbe49bfbc1263cc6365b93fbef118a07e5d1d25b0855c0af62e</open-checksum>
>  <location href="repodata/18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047-primary.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>4636</size>
>  <open-size>23050</open-size>
> </data>
> <data type="primary_db">
>  <checksum type="sha256">f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0</checksum>
>  <open-checksum type="sha256">9819c0d684a4f9c89f487d02259081667be66234721d38b5c5fb3f2ecaf79466</open-checksum>
>  <location href="repodata/f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0-primary.sqlite.bz2"/>
>  <timestamp>1461860618.27</timestamp>
>  <database_version>10</database_version>
>  <size>9717</size>
>  <open-size>41984</open-size>
> </data>
> <data type="other_db">
>  <checksum type="sha256">2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7</checksum>
>  <open-checksum type="sha256">832e44a958a10d0a4ee6437eaa6473f9f61b373aaf8b7689c0131f4345dcc93f</open-checksum>
>  <location href="repodata/2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7-other.sqlite.bz2"/>
>  <timestamp>1461860618.23</timestamp>
>  <database_version>10</database_version>
>  <size>4087</size>
>  <open-size>13312</open-size>
> </data>
> <data type="other">
>  <checksum type="sha256">b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4</checksum>
>  <open-checksum type="sha256">1c2924c2566da9e6a4295989db59b34afbd66d03daf40a9d9a43fba6eeed042d</open-checksum>
>  <location href="repodata/b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4-other.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>2477</size>
>  <open-size>10948</open-size>
> </data>
> <data type="filelists_db">
>  <checksum type="sha256">f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164</checksum>
>  <open-checksum type="sha256">f2fdc37abc9df60b8f577d6dcb671fc1b67997ce67feae511ac73c1a2fe474a4</open-checksum>
>  <location href="repodata/f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164-filelists.sqlite.bz2"/>
>  <timestamp>1461860618.24</timestamp>
>  <database_version>10</database_version>
>  <size>5529</size>
>  <open-size>17408</open-size>
> </data>
> </repomd>  
> as you can see this works fine and I believe ambari should not complain about not finding
the path to the trust store or the password not being set.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message