You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mp...@apache.org on 2014/05/15 22:07:30 UTC
[2/2] git commit: AMBARI-5779. Recommission a DN fails when https is
enabled in Ambari server. (mpaprikovskyy)
AMBARI-5779. Recommission a DN fails when https is enabled in Ambari server. (mpaprikovskyy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6fd497f1
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6fd497f1
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6fd497f1
Branch: refs/heads/branch-1.6.0
Commit: 6fd497f17d0d3581d2acbece440e3014138581bc
Parents: 802ec41
Author: Myroslav Papirkovskyy <mp...@hortonworks.com>
Authored: Thu May 15 21:33:06 2014 +0300
Committer: Myroslav Papirkovskyy <mp...@hortonworks.com>
Committed: Thu May 15 22:53:31 2014 +0300
----------------------------------------------------------------------
.../scheduler/ExecutionScheduleManager.java | 63 ++++++++++++++++++--
1 file changed, 59 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/6fd497f1/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
index 2ebb76b..2472fe0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
@@ -26,8 +26,11 @@ import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.ClientFilter;
import com.sun.jersey.api.client.filter.CsrfProtectionFilter;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.ActionDBAccessor;
import org.apache.ambari.server.actionmanager.HostRoleStatus;
@@ -53,6 +56,13 @@ import org.quartz.SchedulerException;
import org.quartz.Trigger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.*;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
@@ -110,13 +120,18 @@ public class ExecutionScheduleManager {
this.actionDBAccessor = actionDBAccessor;
this.gson = gson;
- buildApiClient();
+ try {
+ buildApiClient();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (KeyManagementException e) {
+ throw new RuntimeException(e);
+ }
}
- protected void buildApiClient() {
+ protected void buildApiClient() throws NoSuchAlgorithmException, KeyManagementException {
- Client client = Client.create();
- this.ambariClient = client;
+ Client client;
String pattern;
String url;
@@ -124,11 +139,51 @@ public class ExecutionScheduleManager {
if (configuration.getApiSSLAuthentication()) {
pattern = "https://localhost:%s/";
url = String.format(pattern, configuration.getClientSSLApiPort());
+
+ // Create a trust manager that does not validate certificate chains
+ TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+
+ }};
+
+ //Create SSL context
+ SSLContext sc = SSLContext.getInstance("TLS");
+ sc.init(null, trustAllCerts, new SecureRandom());
+
+ //Install all trusting cert SSL context for jersey client
+ ClientConfig config = new DefaultClientConfig();
+ config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(
+ new HostnameVerifier() {
+ @Override
+ public boolean verify( String s, SSLSession sslSession ) {
+ return true;
+ }
+ },
+ sc
+ ));
+
+ client = Client.create(config);
+
} else {
+ client = Client.create();
pattern = "http://localhost:%s/";
url = String.format(pattern, configuration.getClientApiPort());
}
+ this.ambariClient = client;
this.ambariWebResource = client.resource(url);
//Install auth filters