ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicola Marangoni (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-20445) two-way ssl on Ubuntu 16.04 not working
Date Tue, 14 Mar 2017 15:43:41 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-20445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nicola Marangoni updated AMBARI-20445:
--------------------------------------
    Affects Version/s: 2.4.2
                       2.5.0

> two-way ssl on Ubuntu 16.04 not working
> ---------------------------------------
>
>                 Key: AMBARI-20445
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20445
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.5.0, trnk, 2.4.2
>         Environment: Ubuntu 16.04.2
>            Reporter: Nicola Marangoni
>              Labels: 2-way-ssl, ssl
>
> In Ubuntu 16.04.2 it is not possible to register the agent when 2-way ssl is enabled.
> Scenario:
> - Server running under user *ambari-server*
> - Agent running under user *ambari-agent*
> The same scenarion in CentOS 7 works correctly!
> Symptoms:
> - During registration, folder */var/lib/ambari-agent/keys* remains empty and registration
fails
> - After manually copying *ca.crt* to the folder, *<agent-fqdn>.key* and *<agent-fqdn>.csr*
are created but not *<agent-fqdn>.crt*, registration fails again
> - After manually creating *<agent-fqdn>.crt* registration is successfull.
> It seems that transfer of the .crt files from server to agent doesn't work in Ubuntu
16.04. Same scenario works well in CentOS 7.
> Available workaround is to create the files on the server manually and copy them manually
to the agents:
> {code}
> openssl genrsa \
>   -passout file:/var/lib/ambari-server/keys/pass.txt \
>   -out /var/lib/ambari-server/keys/<agent-fqdn>.key 1024
> #
> # Create request
> openssl req -new -sha256 \
>   -passin file:/var/lib/ambari-server/keys/pass.txt \
>   -key /var/lib/ambari-server/keys/<agent-fqdn>.key \
>   -out /var/lib/ambari-server/keys/<agent-fqdn>.csr \
>   -subj "/OU=<agent-fqdn>"
> #
> # Create certificate
> export PASSPHRASE=`cat /var/lib/ambari-server/keys/pass.txt`
> openssl ca \
>   -config /var/lib/ambari-server/keys/ca.config \
>   -cert /var/lib/ambari-server/keys/ca.crt \
>   -keyfile /var/lib/ambari-server/keys/ca.key \
>   -key `cat /var/lib/ambari-server/keys/pass.txt` \
>   -in /var/lib/ambari-server/keys/<agent-fqdn>.csr \
>   -out /var/lib/ambari-server/keys/<agent-fqdn>.crt \
>   -batch
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message