You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2015/02/11 23:47:14 UTC

[jira] [Commented] (AMBARI-9581) curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled

    [ https://issues.apache.org/jira/browse/AMBARI-9581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14317141#comment-14317141 ] 

Hudson commented on AMBARI-9581:
--------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #1740 (See [https://builds.apache.org/job/Ambari-trunk-Commit/1740/])
AMBARI-9581. curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled (aonishuk) (aonishuk: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=4a25974b195aadb6ff12534e383e72b4aae6c5fb)
* ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
* ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
* ambari-common/src/main/python/resource_management/libraries/script/__init__.py
* ambari-common/src/main/python/resource_management/libraries/script/script.py
* ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py
* ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py
* ambari-common/src/main/python/resource_management/libraries/functions/constants.py
* ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py
* ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py
* ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
* ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
* ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
* ambari-common/src/main/python/resource_management/core/environment.py
* ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
* ambari-common/src/main/python/resource_management/core/constants.py
* ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
* ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py
* ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
* ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
* ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py
* ambari-server/src/test/python/stacks/utils/RMFTestCase.py
* ambari-agent/src/main/python/ambari_agent/Controller.py
* ambari-common/src/main/python/resource_management/core/source.py
* ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
* ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py
* ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py
* ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py
* ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py
* ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
* ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py


> curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
> -----------------------------------------------------------------
>
>                 Key: AMBARI-9581
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9581
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 2.0.0
>
>
> PROBLEM: requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. Customer inquired about disabling curl
> calls in hive.py, or replacing curl with wget.
> BUSINESS IMPACT: Manual hive control instructions were provided as a
> workaround. Customer wants to know what options are available to have full
> Ambari functionality with the given constraints.
> STEPS TO REPRODUCE:
>   * enable SSL in Ambari
>   * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
>   * attempt to restart Hive via Ambari
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)