ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-17666) Ambari agent can't start when TLSv1 is disabled in Java security
Date Fri, 16 Dec 2016 15:02:58 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-17666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15754632#comment-15754632
] 

Hadoop QA commented on AMBARI-17666:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12843598/AMBARI-17666_test_trunk.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/9703//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/9703//console

This message is automatically generated.

> Ambari agent can't start when TLSv1 is disabled in Java security
> ----------------------------------------------------------------
>
>                 Key: AMBARI-17666
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17666
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent
>    Affects Versions: 2.2.0
>            Reporter: Tuong Truong
>            Assignee: Dmitry Lysnichenko
>              Labels: security
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-17666_test_trunk.patch
>
>
> Currently, the commit for https://issues.apache.org/jira/browse/AMBARI-14236 explicit
force the SSL protocol to TLSv1 in  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py.
 Unfortunate, this setting in effect whenever web_alert pacackged is loaded (ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py)
regardless whether ssl is used or not. 
> As a result, disabling TLSv1 in Ambari server will cause the agent to fail to start.
> Recreate:
> In Ambari's acitve JDK on Ambari server node, in java.security file, set jdk.tls.disabledAlgorithms=MD5,
SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize < 2048
> restart ambari-server, and you will see errors in ambari agent logs:
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF occurred in violation
of protocol
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect. Please check
openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message