Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BBB99200B79 for ; Wed, 7 Sep 2016 09:45:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BA417160AC1; Wed, 7 Sep 2016 07:45:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DA977160AB1 for ; Wed, 7 Sep 2016 09:45:21 +0200 (CEST) Received: (qmail 12702 invoked by uid 500); 7 Sep 2016 07:45:21 -0000 Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list issues@ambari.apache.org Received: (qmail 12688 invoked by uid 99); 7 Sep 2016 07:45:21 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Sep 2016 07:45:21 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id DFB102C1B77 for ; Wed, 7 Sep 2016 07:45:20 +0000 (UTC) Date: Wed, 7 Sep 2016 07:45:20 +0000 (UTC) From: "Marcin Molak (JIRA)" To: issues@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (AMBARI-17225) Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 07 Sep 2016 07:45:22 -0000 [ https://issues.apache.org/jira/browse/AMBARI-17225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15469898#comment-15469898 ] Marcin Molak commented on AMBARI-17225: --------------------------------------- In Ambari 2.2 AmbariManagementControllerImpl.verifyRepository method doesn't provide trustore configuration (from ambari.properties). In Ambari 2.4 URLStreamProvider has additional method setupTruststoreForHttps which change HTTPS mode into HTTP mode. Then trustore settings are not verified. > Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: AMBARI-17225 > URL: https://issues.apache.org/jira/browse/AMBARI-17225 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.2.0 > Environment: REHL7 > Reporter: REYANE OUKPEDJO > > a local repository server is set up with ssl enabled and ambari is configured to uses a truststore that has the local repository server certificate on it. Yet ambari is throwing the following error during base url validation: > 13 Jun 2016 16:31:11,974 WARN [qtp-ambari-client-23] ServletHandler:563 - /api/v1/stacks/BigInsights/versions/4.2/operating_systems/redhat7/repositories/IOP-4.2 > java.lang.IllegalStateException: Can't get secure connection to https://deployment.whac.local/repos/IOP/rhel/7/x86_64/4.2.0.0/beta/repodata/repomd.xml. Truststore path or password is not set. > at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:286) > at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:173) > at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:133) > at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:107) > at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:112) > at org.apache.ambari.server.controller.AmbariManagementControllerImpl.verifyRepository(AmbariManagementControllerImpl.java:3701) > at org.apache.ambari.server.controller.AmbariManagementControllerImpl.updateRepositories(AmbariManagementControllerImpl.java:3639) > at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:120) > at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:117) > at org.apache.ambari.server.controller.internal.AbstractResourceProvider.invokeWithRetry(AbstractResourceProvider.java:450) > at org.apache.ambari.server.controller.internal.AbstractResourceProvider.modifyResources(AbstractResourceProvider.java:331) > at org.apache.ambari.server.controller.internal.RepositoryResourceProvider.updateResources(RepositoryResourceProvider.java:117) > at org.apache.ambari.server.controller.internal.ClusterControllerImpl.updateResources(ClusterControllerImpl.java:310) > at org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl.update(PersistenceManagerImpl.java:104) > at org.apache.ambari.server.api.handlers.UpdateHandler.persist(UpdateHandler.java:42) > at org.apache.ambari.server.api.handlers.BaseManagementHandler.handleRequest(BaseManagementHandler.java:72) > at org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest.java:135) > at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:106) > at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:75) > at org.apache.ambari.server.api.services.RepositoryService.updateRepository(RepositoryService.java:145) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) > at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) > at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) > at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) > at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) > at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) > at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540) > at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:770) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) > at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496) > at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) > at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) > at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) > at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) > at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) > at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > Also note that the ambari configuration file : ambari.properties show the following lines : > ssl.trustStore.path=/etc/security/ambari-server-truststore > server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat > server.execution.scheduler.isClustered=false > server.stages.parallel=true > views.request.read.timeout.millis=10000 > ssl.trustStore.type=jks > server.jdbc.database=postgres > ssl.trustStore.password=changeit > server.jdbc.database_name=ambari > As you can see the above suggests ambari is configured to use the trustore and yet it still complains with no path to the trsust store or password is not set. > Also I tried to use a java program that is able to pull the repomd.xml using the same trust store that was set for ambari > [root@ip-10-155-82-180 ~]# java -Djavax.net.ssl.trustStore=/etc/security/ambari-server-truststore -Djsse.enableSNIExtension=false TestTrustStore https://deployment.whac.local/repos/IOP-UTILS/RHEL7/x86_64/1.2/repodata/repomd.xml > > > 1461860617 > > bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427 > b4d19a2f6912a1c41c242f94fd453dde4b538033e4dfb4ca7a3afc8f3baace15 > > 1461860618 > 2769 > 18408 > > > 18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047 > f42768d89bfdacbe49bfbc1263cc6365b93fbef118a07e5d1d25b0855c0af62e > > 1461860618 > 4636 > 23050 > > > f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0 > 9819c0d684a4f9c89f487d02259081667be66234721d38b5c5fb3f2ecaf79466 > > 1461860618.27 > 10 > 9717 > 41984 > > > 2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7 > 832e44a958a10d0a4ee6437eaa6473f9f61b373aaf8b7689c0131f4345dcc93f > > 1461860618.23 > 10 > 4087 > 13312 > > > b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4 > 1c2924c2566da9e6a4295989db59b34afbd66d03daf40a9d9a43fba6eeed042d > > 1461860618 > 2477 > 10948 > > > f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164 > f2fdc37abc9df60b8f577d6dcb671fc1b67997ce67feae511ac73c1a2fe474a4 > > 1461860618.24 > 10 > 5529 > 17408 > > > as you can see this works fine and I believe ambari should not complain about not finding the path to the trust store or the password not being set. -- This message was sent by Atlassian JIRA (v6.3.4#6332)