ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erin Boyd <eb...@redhat.com>
Subject Re: ssl changes recently?
Date Wed, 07 Jan 2015 20:48:37 GMT
Hey Greg,
On RHEL 6.5 we got a similar error during agent registration.
Here is the workaround:
http://hortonworks.com/community/forums/topic/ambari-agent-registration-failure-on-rhel-6-5-due-to-openssl-2/

Hope that helps,
Erin


----- Original Message -----
From: "Greg Hill" <greg.hill@RACKSPACE.COM>
To: user@ambari.apache.org
Sent: Wednesday, January 7, 2015 1:44:40 PM
Subject: ssl changes recently?

I sent this to the wrong list earlier.

I recently updated our Ambari 1.7.0 image and am now getting SSL errors from the agents:

INFO 2015-01-07 16:59:02,116 NetUtil.py:48 - Connecting to https://ambari.local:8440/ca
ERROR 2015-01-07 16:59:02,645 NetUtil.py:66 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:581)
ERROR 2015-01-07 16:59:02,646 NetUtil.py:67 - SSLError: Failed to connect. Please check openssl
library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2015-01-07 16:59:02,651 NetUtil.py:92 - Server at https://ambari.local:8440<https://ambari.local:8440/>
is not reachable, sleeping for 10 seconds…

We're just using the default SSL certs that Ambari creates for agent communication.  This
worked up until we made this new image, which pull in upstream CentOS system updates.

Is it possible that some change in upstream has broken this for Ambari?
Is there a workaround?

I have noticed that the "server_crt" (/var/lib/ambari-agent/keys/ca.crt) does not exist on
the hosts.  Is this something I'm supposed to inject?  We weren't before, but it was working
just fine without it.

Greg


Mime
View raw message