ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erin Boyd <>
Subject Re: ssl changes recently?
Date Wed, 07 Jan 2015 20:48:37 GMT
Hey Greg,
On RHEL 6.5 we got a similar error during agent registration.
Here is the workaround:

Hope that helps,

----- Original Message -----
From: "Greg Hill" <greg.hill@RACKSPACE.COM>
Sent: Wednesday, January 7, 2015 1:44:40 PM
Subject: ssl changes recently?

I sent this to the wrong list earlier.

I recently updated our Ambari 1.7.0 image and am now getting SSL errors from the agents:

INFO 2015-01-07 16:59:02,116 - Connecting to https://ambari.local:8440/ca
ERROR 2015-01-07 16:59:02,645 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:581)
ERROR 2015-01-07 16:59:02,646 - SSLError: Failed to connect. Please check openssl
library versions.
Refer to: for more details.
WARNING 2015-01-07 16:59:02,651 - Server at https://ambari.local:8440<https://ambari.local:8440/>
is not reachable, sleeping for 10 seconds…

We're just using the default SSL certs that Ambari creates for agent communication.  This
worked up until we made this new image, which pull in upstream CentOS system updates.

Is it possible that some change in upstream has broken this for Ambari?
Is there a workaround?

I have noticed that the "server_crt" (/var/lib/ambari-agent/keys/ca.crt) does not exist on
the hosts.  Is this something I'm supposed to inject?  We weren't before, but it was working
just fine without it.


View raw message