You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/06/03 12:36:20 UTC

Review Request 34993: Unable to communicate to Namenode after wire encryption

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34993/
-----------------------------------------------------------

Review request for Ambari and Vitalyi Brodetskyi.


Bugs: AMBARI-11645
    https://issues.apache.org/jira/browse/AMBARI-11645


Repository: ambari


Description
-------

On a cluster with HDFS,Mapred, Yarn,Tez, Zookeeper and Ambari metrics enabled
security and then followed <http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-
2.1.5/bk_Security_Guide/content/ch_wire-https.html> to perform wire
encryption.

After above steps are completed, we see the below error in name node logs
whenever any request is processed.

    
    
    
    2015-06-02 21:57:21,255 WARN  mortbay.log (Slf4jLog.java:warn(89)) - EXCEPTION 
    javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
    	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
    	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
    	at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
    	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
    

Using the key tool we verified in all the nodes whether the certificate is
valid and it doesn't show up any errors there. Please help take a look to
resolve this issue.  
Output from the validation check is attached.  
here is a cluster to take a look:
<http://ec2-54-165-14-184.compute-1.amazonaws.com:8080/#>


Diffs
-----

  ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py 33d356f 

Diff: https://reviews.apache.org/r/34993/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk