You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2014/04/29 13:54:05 UTC
Review Request 20834: Usability: When setting up HTTPS for ambari-server,
ambari didn't validate the path name and generate misleading error message
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20834/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-5610
https://issues.apache.org/jira/browse/AMBARI-5610
Repository: ambari
Description
-------
PROBLEM: When setting up https for Ambari-server, ambari ask for the path to
certificate and private key. It actually ask for the file name or the folder
name. But ambari will not validate the path and give misleading error message.
STEPS TO REPRODUCE:
1\. generate self-signed certificate in /root/cert/
2\. Run ambari-server setup-security
3.
Do you want to configure HTTPS
[y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn)
![](https://hortonworks.jira.com/images/icons/emoticons/thumbs_up.gif)? y
SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ?
Enter path to Certificate: /root/cert
Enter path to Private Key: /root/cert
ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out
misleading error:
INFO: about to run command: openssl x509 -dates -subject -in /root/cert/
Error getting Certificate info
unable to load certificate
140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Unable to get Certificate information
Generating random password for HTTPS keystore...done.
INFO: about to run command: openssl rsa -in /root/cert -des3 -out
/root/cert.secured -passout
pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA
ERROR: Could not import Certificate and Private Key.
SSL error on exporting keystore: unable to load Private Key
140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: ANY PRIVATE KEY.
Please ensure that provided Private Key password is correct and re-import
Certificate.
EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good
that ambari can validate the path name before it launch the openssl command,
asking the customer to provide the correct path name, which should be
/root/cert/klss20.test.com.crt
Diffs
-----
ambari-server/src/main/python/ambari-server.py 5adf44d
ambari-server/src/test/python/TestAmbariServer.py 51d3c64
Diff: https://reviews.apache.org/r/20834/diff/
Testing
-------
Thanks,
Andrew Onischuk
Re: Review Request 20834: Usability: When setting up HTTPS for ambari-server,
ambari didn't validate the path name and generate misleading error message
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20834/#review41710
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On April 29, 2014, 11:54 a.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20834/
> -----------------------------------------------------------
>
> (Updated April 29, 2014, 11:54 a.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-5610
> https://issues.apache.org/jira/browse/AMBARI-5610
>
>
> Repository: ambari
>
>
> Description
> -------
>
> PROBLEM: When setting up https for Ambari-server, ambari ask for the path to
> certificate and private key. It actually ask for the file name or the folder
> name. But ambari will not validate the path and give misleading error message.
> STEPS TO REPRODUCE:
> 1\. generate self-signed certificate in /root/cert/
> 2\. Run ambari-server setup-security
> 3.
> Do you want to configure HTTPS
> [y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn)
> ![](https://hortonworks.jira.com/images/icons/emoticons/thumbs_up.gif)? y
> SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ?
> Enter path to Certificate: /root/cert
> Enter path to Private Key: /root/cert
> ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out
> misleading error:
> INFO: about to run command: openssl x509 -dates -subject -in /root/cert/
> Error getting Certificate info
> unable to load certificate
> 140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
> WARNING: Unable to get Certificate information
> Generating random password for HTTPS keystore...done.
> INFO: about to run command: openssl rsa -in /root/cert -des3 -out
> /root/cert.secured -passout
> pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA
> ERROR: Could not import Certificate and Private Key.
> SSL error on exporting keystore: unable to load Private Key
> 140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:703:Expecting: ANY PRIVATE KEY.
> Please ensure that provided Private Key password is correct and re-import
> Certificate.
> EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good
> that ambari can validate the path name before it launch the openssl command,
> asking the customer to provide the correct path name, which should be
> /root/cert/klss20.test.com.crt
>
>
> Diffs
> -----
>
> ambari-server/src/main/python/ambari-server.py 5adf44d
> ambari-server/src/test/python/TestAmbariServer.py 51d3c64
>
> Diff: https://reviews.apache.org/r/20834/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrew Onischuk
>
>