You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Jonathan Hurley (JIRA)" <ji...@apache.org> on 2017/03/03 16:32:45 UTC
[jira] [Commented] (AMBARI-20308) Atlas service check fails during
EU on wire encrypted cluster
[ https://issues.apache.org/jira/browse/AMBARI-20308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15894670#comment-15894670 ]
Jonathan Hurley commented on AMBARI-20308:
------------------------------------------
I believe this is because the version of {{curl}} on these system do not support TLS v1.2:
{code:title=cURL without TLS 1.2}
nats11-46-kbjs-erm16tofndwngdsec-s11-3:/tmp/curl-7.53.1 # curl -k --tlsv1.2 -w "%{http_code}" https://172.22.103.116:21443/
curl: option --tlsv1.2: is unknown
curl: try 'curl --help' or 'curl --manual' for more information
nats11-46-kbjs-erm16tofndwngdsec-s11-3:/tmp/curl-7.53.1 # curl --version
curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
nats11-46-kbjs-erm16tofndwngdsec-s11-3:/tmp/curl-7.53.1 # curl -k -w "%{http_code}" https://172.22.103.116:21443/
curl: (35) Unknown SSL protocol error in connection to 172.22.103.116:21443
{code}
{code:title=cURL with TLS 1.2}
~/dev/ambari-vagrant/centos6.4 master ●✚ curl --version
curl 7.51.0 (x86_64-apple-darwin16.0) libcurl/7.51.0 SecureTransport zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
~/dev/ambari-vagrant/centos6.4 master ●✚ curl -k --tlsv1.2 -w "%{http_code}" https://172.22.103.116:21443/
401
{code}
In ATLAS-1427, {{TLSv1.2}} was added as the default protocol and {{TLSv1, TLSv1.1}} were excluded.
> Atlas service check fails during EU on wire encrypted cluster
> -------------------------------------------------------------
>
> Key: AMBARI-20308
> URL: https://issues.apache.org/jira/browse/AMBARI-20308
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.5.0
> Reporter: Vivek Sharma
> Assignee: Jonathan Hurley
> Priority: Critical
> Labels: express_upgrade
> Fix For: 2.5.0
>
>
> STR
> 1. Deployed cluster with Ambari version: 2.4.2.0-136 and HDP version: 2.5.3.0-37 (wire encrypted cluster)
> 2. Upgrade Ambari to 2.5.0.0-1030 and then start EU to 2.6
> 3. Observed following failure at Atlas service check
> {code}
> 2017-03-02 13:22:41,729 - ATLAS service check failed for host atlas_host with error Execution of 'curl -k --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -s -o /dev/null -w "%{http_code}" https://atlas_host:21443/' returned 35. ######## Hortonworks #############
> This is MOTD message, added for testing in qe infra
> 000
> Traceback (most recent call last):
> File "/var/lib/ambari-agent/cache/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py", line 52, in <module>
> AtlasServiceCheck().execute()
> File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 313, in execute
> method(env)
> File "/var/lib/ambari-agent/cache/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py", line 48, in service_check
> raise Fail("All instances of ATLAS METADATA SERVER are down.")
> resource_management.core.exceptions.Fail: All instances of ATLAS METADATA SERVER are down.
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)