ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcin Molak (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-17225) Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use
Date Wed, 07 Sep 2016 07:45:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-17225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15469898#comment-15469898
] 

Marcin Molak commented on AMBARI-17225:
---------------------------------------

In Ambari 2.2 AmbariManagementControllerImpl.verifyRepository method doesn't provide trustore
configuration (from ambari.properties). 
In Ambari 2.4 URLStreamProvider has additional method setupTruststoreForHttps which change
HTTPS mode into HTTP mode. Then trustore settings are not verified.

> Ambari Web UI stuck ON Repository Base URL validation when a local repository server
is used and it's certificate is on the truststore that ambari is configured to use
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-17225
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17225
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>         Environment: REHL7
>            Reporter: REYANE OUKPEDJO
>
> a local repository server is set up with ssl enabled and ambari is configured to uses
a truststore that has the local repository server certificate on it. Yet ambari is throwing
the following error during base url validation:
> 13 Jun 2016 16:31:11,974  WARN [qtp-ambari-client-23] ServletHandler:563 - /api/v1/stacks/BigInsights/versions/4.2/operating_systems/redhat7/repositories/IOP-4.2
> java.lang.IllegalStateException: Can't get secure connection to https://deployment.whac.local/repos/IOP/rhel/7/x86_64/4.2.0.0/beta/repodata/repomd.xml.
 Truststore path or password is not set.
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:286)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:173)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:133)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:107)
>         at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:112)
>         at org.apache.ambari.server.controller.AmbariManagementControllerImpl.verifyRepository(AmbariManagementControllerImpl.java:3701)
>         at org.apache.ambari.server.controller.AmbariManagementControllerImpl.updateRepositories(AmbariManagementControllerImpl.java:3639)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:120)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:117)
>         at org.apache.ambari.server.controller.internal.AbstractResourceProvider.invokeWithRetry(AbstractResourceProvider.java:450)
>         at org.apache.ambari.server.controller.internal.AbstractResourceProvider.modifyResources(AbstractResourceProvider.java:331)
>         at org.apache.ambari.server.controller.internal.RepositoryResourceProvider.updateResources(RepositoryResourceProvider.java:117)
>         at org.apache.ambari.server.controller.internal.ClusterControllerImpl.updateResources(ClusterControllerImpl.java:310)
>         at org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl.update(PersistenceManagerImpl.java:104)
>         at org.apache.ambari.server.api.handlers.UpdateHandler.persist(UpdateHandler.java:42)
>         at org.apache.ambari.server.api.handlers.BaseManagementHandler.handleRequest(BaseManagementHandler.java:72)
>         at org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest.java:135)
>         at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:106)
>         at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:75)
>         at org.apache.ambari.server.api.services.RepositoryService.updateRepository(RepositoryService.java:145)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>         at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
>         at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>         at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>         at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>         at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>         at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>         at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>         at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
>         at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> Also note that the ambari configuration file : ambari.properties show the following lines
:
> ssl.trustStore.path=/etc/security/ambari-server-truststore
> server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat
> server.execution.scheduler.isClustered=false
> server.stages.parallel=true
> views.request.read.timeout.millis=10000
> ssl.trustStore.type=jks
> server.jdbc.database=postgres
> ssl.trustStore.password=changeit
> server.jdbc.database_name=ambari
> As you can see the above suggests ambari is configured to use the trustore and yet it
still complains with no path to the trsust store or password is not set.
> Also I tried to use a java program that is able to pull the  repomd.xml using the same
trust store that was set for ambari
> [root@ip-10-155-82-180 ~]# java -Djavax.net.ssl.trustStore=/etc/security/ambari-server-truststore
-Djsse.enableSNIExtension=false TestTrustStore https://deployment.whac.local/repos/IOP-UTILS/RHEL7/x86_64/1.2/repodata/repomd.xml
> <?xml version="1.0" encoding="UTF-8"?>
> <repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
> <revision>1461860617</revision>
> <data type="filelists">
>  <checksum type="sha256">bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427</checksum>
>  <open-checksum type="sha256">b4d19a2f6912a1c41c242f94fd453dde4b538033e4dfb4ca7a3afc8f3baace15</open-checksum>
>  <location href="repodata/bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427-filelists.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>2769</size>
>  <open-size>18408</open-size>
> </data>
> <data type="primary">
>  <checksum type="sha256">18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047</checksum>
>  <open-checksum type="sha256">f42768d89bfdacbe49bfbc1263cc6365b93fbef118a07e5d1d25b0855c0af62e</open-checksum>
>  <location href="repodata/18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047-primary.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>4636</size>
>  <open-size>23050</open-size>
> </data>
> <data type="primary_db">
>  <checksum type="sha256">f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0</checksum>
>  <open-checksum type="sha256">9819c0d684a4f9c89f487d02259081667be66234721d38b5c5fb3f2ecaf79466</open-checksum>
>  <location href="repodata/f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0-primary.sqlite.bz2"/>
>  <timestamp>1461860618.27</timestamp>
>  <database_version>10</database_version>
>  <size>9717</size>
>  <open-size>41984</open-size>
> </data>
> <data type="other_db">
>  <checksum type="sha256">2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7</checksum>
>  <open-checksum type="sha256">832e44a958a10d0a4ee6437eaa6473f9f61b373aaf8b7689c0131f4345dcc93f</open-checksum>
>  <location href="repodata/2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7-other.sqlite.bz2"/>
>  <timestamp>1461860618.23</timestamp>
>  <database_version>10</database_version>
>  <size>4087</size>
>  <open-size>13312</open-size>
> </data>
> <data type="other">
>  <checksum type="sha256">b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4</checksum>
>  <open-checksum type="sha256">1c2924c2566da9e6a4295989db59b34afbd66d03daf40a9d9a43fba6eeed042d</open-checksum>
>  <location href="repodata/b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4-other.xml.gz"/>
>  <timestamp>1461860618</timestamp>
>  <size>2477</size>
>  <open-size>10948</open-size>
> </data>
> <data type="filelists_db">
>  <checksum type="sha256">f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164</checksum>
>  <open-checksum type="sha256">f2fdc37abc9df60b8f577d6dcb671fc1b67997ce67feae511ac73c1a2fe474a4</open-checksum>
>  <location href="repodata/f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164-filelists.sqlite.bz2"/>
>  <timestamp>1461860618.24</timestamp>
>  <database_version>10</database_version>
>  <size>5529</size>
>  <open-size>17408</open-size>
> </data>
> </repomd>  
> as you can see this works fine and I believe ambari should not complain about not finding
the path to the trust store or the password not being set.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message