incubator-ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Cody <ac...@keywcorp.com>
Subject Re: problem with the registration step
Date Tue, 23 Jul 2013 20:39:32 GMT
looks like the agent is failing to connect back to the master because of
some SSL cert problem??

curl 
https://ac-dev-01.sensage.com:8441/agent/v1/register/ac-dev-03.sensage.com

curl: (60) Peer certificate cannot be authenticated with known CA
certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

any ideas how to rectify this?
thanks


From:  Aaron Cody <acody@keywcorp.com>
Reply-To:  <ambari-user@incubator.apache.org>
Date:  Tuesday, July 23, 2013 1:28 PM
To:  "ambari-user@incubator.apache.org" <ambari-user@incubator.apache.org>
Subject:  Re: problem with the registration step

attached - thanks

From:  Siddharth Wagle <swagle@hortonworks.com>
Reply-To:  "ambari-user@incubator.apache.org"
<ambari-user@incubator.apache.org>
Date:  Tuesday, July 23, 2013 1:00 PM
To:  "ambari-user@incubator.apache.org" <ambari-user@incubator.apache.org>
Subject:  Re: problem with the registration step

Hi Aaron,

Could you correlate this message with the server logs and provide them?
If you stop and start the agent you should be able to capture the error if
any on the server side.

To turn on debugging on the agent, edit
/etc/ambari-agent/conf/ambari-agent.ini
also turning on debugging on the server site might help.
(/etc/ambari-server/conf/log4j.properties)

-Sid


On Tue, Jul 23, 2013 at 12:27 PM, Aaron Cody <acody@keywcorp.com> wrote:
> Any ideas what might be causing this?
> 
> * I am using FQDNs and I can passwordless-SSH from master to all slave
> machinesŠ
> * RedHat 6.4
> Registration fails:
> 
> self.httpsconn.connect()\n File
> \"/usr/lib/python2.6/site-packages/ambari_agent/security.py\", line 63, in
> connect\n ca_certs=server_crt)\n File \"/usr/lib64/python2.6/ssl.py\", line
> 338, in wrap_socket\n suppress_ragged_eofs=suppress_ragged_eofs)\n File
> \"/usr/lib64/python2.6/ssl.py\", line 118, in __init__\n cert_reqs,
> ssl_version, ca_certs)\nSSLError: [Errno 336445442] _ssl.c:353:
> error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib\n',
> None)\n\nSTDERR\nConnection to ac-dev-04.sensage.com
> <http://ac-dev-04.sensage.com>  closed.\nRegistering with the
> server...\nRegistration with the server failed."}]




Mime
View raw message