You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ambari.apache.org by Roshan Punnoose <ro...@gmail.com> on 2013/12/06 19:31:24 UTC
SSL issue
I have a cluster of about 6 nodes, half of which suddenly cannot connect to
my ambari-server at https://<ambari-server>:8440. The others can connect
and heartbeat without an issue.
I noticed that if I run: openssl s_client -connect <host>:8440, it doesn't
work either on the defective machines, but does work on the others.
My initial thought is that the ambari-server and agent certs have diverged,
and the agent cert needs to be resigned. I know during the host
registration period, the server will sign the client cert; however, I am
performing manual registration of my hosts, is that still the case?
Roshan
Re: SSL issue
Posted by Mahadev Konar <ma...@hortonworks.com>.
Thanks Roshan!
Mahadev Konar
Hortonworks Inc.
http://hortonworks.com/
On Mon, Dec 9, 2013 at 10:59 PM, Roshan Punnoose <ro...@gmail.com> wrote:
> No worries. As I kept plugging away it seemed to be more of a cert/ssl issue
> between certain nodes. I am in the process of moving the ambari server over
> to a new node, and already it seems like the problematic nodes have no
> trouble connect with openssl "openssl s_client --connect ..." with the new
> node. I'm not sure what could have caused nodes to not be able to connect to
> the previous ambari-server. However, if I do see the error again, I'll
> repost.
>
>
>
> On Tue, Dec 10, 2013 at 1:41 AM, Mahadev Konar <ma...@hortonworks.com>
> wrote:
>>
>> Roshan,
>> Sorry for my late response on this. What error do you see on the
>> agents that have issues? Also can you post your amabri server configs?
>>
>>
>> thanks
>> mahadev
>>
>> On Mon, Dec 9, 2013 at 10:24 PM, Roshan Punnoose <ro...@gmail.com>
>> wrote:
>> > Is there anyway I can turn off ssl connections between the server and
>> > agents? So that it always uses http, instead of https?
>> >
>> >
>> > On Mon, Dec 9, 2013 at 8:22 AM, Roshan Punnoose <ro...@gmail.com>
>> > wrote:
>> >>
>> >> Yeah I have ntp running and the time is only a few seconds off on each
>> >> server.
>> >>
>> >> Roshan Punnoose
>> >>
>> >> On Dec 9, 2013, at 3:54 AM, Olivier Renault <or...@hortonworks.com>
>> >> wrote:
>> >>
>> >> The symptoms looks like it could be a time sync issue. Could you
>> >> confirm
>> >> that you ve got ntp running across all your servers?
>> >>
>> >> Thanks
>> >> Olivier
>> >>
>> >> On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
>> >>>
>> >>> Also, as a side thought. If I back up the ambari-server and move the
>> >>> data
>> >>> to another server, does that force hosts reregistering and resigning
>> >>> certs
>> >>> when the new ambari server comes up?
>> >>>
>> >>>
>> >>> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>
>> >>> wrote:
>> >>>>
>> >>>> Ambari 1.4.1 from HDP 2
>> >>>>
>> >>>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com>
>> >>>> wrote:
>> >>>>>
>> >>>>> Roshan,
>> >>>>> What version of ambari are you using?
>> >>>>>
>> >>>>> mahadev
>> >>>>> Mahadev Konar
>> >>>>> Hortonworks Inc.
>> >>>>> http://hortonworks.com/
>> >>>>>
>> >>>>>
>> >>>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>> >>>>> wrote:
>> >>>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>> >>>>> > connect to
>> >>>>> > my ambari-server at https://<ambari-server>:8440. The others can
>> >>>>> > connect and
>> >>>>> > heartbeat without an issue.
>> >>>>> >
>> >>>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>> >>>>> > doesn't
>> >>>>> > work either on the defective machines, but does work on the
>> >>>>> > others.
>> >>>>> >
>> >>>>> > My initial thought is that the ambari-server and agent certs have
>> >>>>> > diverged,
>> >>>>> > and the agent cert needs to be resigned. I know during the host
>> >>>>> > registration
>> >>>>> > period, the server will sign the client cert; however, I am
>> >>>>> > performing
>> >>>>> > manual registration of my hosts, is that still the case?
>> >>>>> >
>> >>>>> >
>> >>>>> > Roshan
>> >>>>>
>> >>>>> --
>> >>>>> CONFIDENTIALITY NOTICE
>> >>>>> NOTICE: This message is intended for the use of the individual or
>> >>>>> entity to
>> >>>>> which it is addressed and may contain information that is
>> >>>>> confidential,
>> >>>>> privileged and exempt from disclosure under applicable law. If the
>> >>>>> reader
>> >>>>> of this message is not the intended recipient, you are hereby
>> >>>>> notified
>> >>>>> that
>> >>>>> any printing, copying, dissemination, distribution, disclosure or
>> >>>>> forwarding of this communication is strictly prohibited. If you have
>> >>>>> received this communication in error, please contact the sender
>> >>>>> immediately
>> >>>>> and delete it from your system. Thank You.
>> >>>
>> >>>
>> >>
>> >> CONFIDENTIALITY NOTICE
>> >> NOTICE: This message is intended for the use of the individual or
>> >> entity
>> >> to which it is addressed and may contain information that is
>> >> confidential,
>> >> privileged and exempt from disclosure under applicable law. If the
>> >> reader of
>> >> this message is not the intended recipient, you are hereby notified
>> >> that any
>> >> printing, copying, dissemination, distribution, disclosure or
>> >> forwarding of
>> >> this communication is strictly prohibited. If you have received this
>> >> communication in error, please contact the sender immediately and
>> >> delete it
>> >> from your system. Thank You.
>> >
>> >
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified
>> that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender
>> immediately
>> and delete it from your system. Thank You.
>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: SSL issue
Posted by Roshan Punnoose <ro...@gmail.com>.
No worries. As I kept plugging away it seemed to be more of a cert/ssl
issue between certain nodes. I am in the process of moving the ambari
server over to a new node, and already it seems like the problematic nodes
have no trouble connect with openssl "openssl s_client --connect ..." with
the new node. I'm not sure what could have caused nodes to not be able to
connect to the previous ambari-server. However, if I do see the error
again, I'll repost.
On Tue, Dec 10, 2013 at 1:41 AM, Mahadev Konar <ma...@hortonworks.com>wrote:
> Roshan,
> Sorry for my late response on this. What error do you see on the
> agents that have issues? Also can you post your amabri server configs?
>
>
> thanks
> mahadev
>
> On Mon, Dec 9, 2013 at 10:24 PM, Roshan Punnoose <ro...@gmail.com>
> wrote:
> > Is there anyway I can turn off ssl connections between the server and
> > agents? So that it always uses http, instead of https?
> >
> >
> > On Mon, Dec 9, 2013 at 8:22 AM, Roshan Punnoose <ro...@gmail.com>
> wrote:
> >>
> >> Yeah I have ntp running and the time is only a few seconds off on each
> >> server.
> >>
> >> Roshan Punnoose
> >>
> >> On Dec 9, 2013, at 3:54 AM, Olivier Renault <or...@hortonworks.com>
> >> wrote:
> >>
> >> The symptoms looks like it could be a time sync issue. Could you confirm
> >> that you ve got ntp running across all your servers?
> >>
> >> Thanks
> >> Olivier
> >>
> >> On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
> >>>
> >>> Also, as a side thought. If I back up the ambari-server and move the
> data
> >>> to another server, does that force hosts reregistering and resigning
> certs
> >>> when the new ambari server comes up?
> >>>
> >>>
> >>> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>
> >>> wrote:
> >>>>
> >>>> Ambari 1.4.1 from HDP 2
> >>>>
> >>>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com>
> wrote:
> >>>>>
> >>>>> Roshan,
> >>>>> What version of ambari are you using?
> >>>>>
> >>>>> mahadev
> >>>>> Mahadev Konar
> >>>>> Hortonworks Inc.
> >>>>> http://hortonworks.com/
> >>>>>
> >>>>>
> >>>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
> >>>>> wrote:
> >>>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
> >>>>> > connect to
> >>>>> > my ambari-server at https://<ambari-server>:8440. The others can
> >>>>> > connect and
> >>>>> > heartbeat without an issue.
> >>>>> >
> >>>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
> >>>>> > doesn't
> >>>>> > work either on the defective machines, but does work on the others.
> >>>>> >
> >>>>> > My initial thought is that the ambari-server and agent certs have
> >>>>> > diverged,
> >>>>> > and the agent cert needs to be resigned. I know during the host
> >>>>> > registration
> >>>>> > period, the server will sign the client cert; however, I am
> >>>>> > performing
> >>>>> > manual registration of my hosts, is that still the case?
> >>>>> >
> >>>>> >
> >>>>> > Roshan
> >>>>>
> >>>>> --
> >>>>> CONFIDENTIALITY NOTICE
> >>>>> NOTICE: This message is intended for the use of the individual or
> >>>>> entity to
> >>>>> which it is addressed and may contain information that is
> confidential,
> >>>>> privileged and exempt from disclosure under applicable law. If the
> >>>>> reader
> >>>>> of this message is not the intended recipient, you are hereby
> notified
> >>>>> that
> >>>>> any printing, copying, dissemination, distribution, disclosure or
> >>>>> forwarding of this communication is strictly prohibited. If you have
> >>>>> received this communication in error, please contact the sender
> >>>>> immediately
> >>>>> and delete it from your system. Thank You.
> >>>
> >>>
> >>
> >> CONFIDENTIALITY NOTICE
> >> NOTICE: This message is intended for the use of the individual or entity
> >> to which it is addressed and may contain information that is
> confidential,
> >> privileged and exempt from disclosure under applicable law. If the
> reader of
> >> this message is not the intended recipient, you are hereby notified
> that any
> >> printing, copying, dissemination, distribution, disclosure or
> forwarding of
> >> this communication is strictly prohibited. If you have received this
> >> communication in error, please contact the sender immediately and
> delete it
> >> from your system. Thank You.
> >
> >
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
Re: SSL issue
Posted by Mahadev Konar <ma...@hortonworks.com>.
Roshan,
Sorry for my late response on this. What error do you see on the
agents that have issues? Also can you post your amabri server configs?
thanks
mahadev
On Mon, Dec 9, 2013 at 10:24 PM, Roshan Punnoose <ro...@gmail.com> wrote:
> Is there anyway I can turn off ssl connections between the server and
> agents? So that it always uses http, instead of https?
>
>
> On Mon, Dec 9, 2013 at 8:22 AM, Roshan Punnoose <ro...@gmail.com> wrote:
>>
>> Yeah I have ntp running and the time is only a few seconds off on each
>> server.
>>
>> Roshan Punnoose
>>
>> On Dec 9, 2013, at 3:54 AM, Olivier Renault <or...@hortonworks.com>
>> wrote:
>>
>> The symptoms looks like it could be a time sync issue. Could you confirm
>> that you ve got ntp running across all your servers?
>>
>> Thanks
>> Olivier
>>
>> On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
>>>
>>> Also, as a side thought. If I back up the ambari-server and move the data
>>> to another server, does that force hosts reregistering and resigning certs
>>> when the new ambari server comes up?
>>>
>>>
>>> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>
>>> wrote:
>>>>
>>>> Ambari 1.4.1 from HDP 2
>>>>
>>>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
>>>>>
>>>>> Roshan,
>>>>> What version of ambari are you using?
>>>>>
>>>>> mahadev
>>>>> Mahadev Konar
>>>>> Hortonworks Inc.
>>>>> http://hortonworks.com/
>>>>>
>>>>>
>>>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>>>>> wrote:
>>>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>>>>> > connect to
>>>>> > my ambari-server at https://<ambari-server>:8440. The others can
>>>>> > connect and
>>>>> > heartbeat without an issue.
>>>>> >
>>>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>>>>> > doesn't
>>>>> > work either on the defective machines, but does work on the others.
>>>>> >
>>>>> > My initial thought is that the ambari-server and agent certs have
>>>>> > diverged,
>>>>> > and the agent cert needs to be resigned. I know during the host
>>>>> > registration
>>>>> > period, the server will sign the client cert; however, I am
>>>>> > performing
>>>>> > manual registration of my hosts, is that still the case?
>>>>> >
>>>>> >
>>>>> > Roshan
>>>>>
>>>>> --
>>>>> CONFIDENTIALITY NOTICE
>>>>> NOTICE: This message is intended for the use of the individual or
>>>>> entity to
>>>>> which it is addressed and may contain information that is confidential,
>>>>> privileged and exempt from disclosure under applicable law. If the
>>>>> reader
>>>>> of this message is not the intended recipient, you are hereby notified
>>>>> that
>>>>> any printing, copying, dissemination, distribution, disclosure or
>>>>> forwarding of this communication is strictly prohibited. If you have
>>>>> received this communication in error, please contact the sender
>>>>> immediately
>>>>> and delete it from your system. Thank You.
>>>
>>>
>>
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader of
>> this message is not the intended recipient, you are hereby notified that any
>> printing, copying, dissemination, distribution, disclosure or forwarding of
>> this communication is strictly prohibited. If you have received this
>> communication in error, please contact the sender immediately and delete it
>> from your system. Thank You.
>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: SSL issue
Posted by Roshan Punnoose <ro...@gmail.com>.
Is there anyway I can turn off ssl connections between the server and
agents? So that it always uses http, instead of https?
On Mon, Dec 9, 2013 at 8:22 AM, Roshan Punnoose <ro...@gmail.com> wrote:
> Yeah I have ntp running and the time is only a few seconds off on each
> server.
>
> Roshan Punnoose
>
> On Dec 9, 2013, at 3:54 AM, Olivier Renault <or...@hortonworks.com>
> wrote:
>
> The symptoms looks like it could be a time sync issue. Could you confirm
> that you ve got ntp running across all your servers?
>
> Thanks
> Olivier
> On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
>
>> Also, as a side thought. If I back up the ambari-server and move the data
>> to another server, does that force hosts reregistering and resigning certs
>> when the new ambari server comes up?
>>
>>
>> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>wrote:
>>
>>> Ambari 1.4.1 from HDP 2
>>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
>>>
>>>> Roshan,
>>>> What version of ambari are you using?
>>>>
>>>> mahadev
>>>> Mahadev Konar
>>>> Hortonworks Inc.
>>>> http://hortonworks.com/
>>>>
>>>>
>>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>>>> wrote:
>>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>>>> connect to
>>>> > my ambari-server at https://<ambari-server>:8440. The others can
>>>> connect and
>>>> > heartbeat without an issue.
>>>> >
>>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>>>> doesn't
>>>> > work either on the defective machines, but does work on the others.
>>>> >
>>>> > My initial thought is that the ambari-server and agent certs have
>>>> diverged,
>>>> > and the agent cert needs to be resigned. I know during the host
>>>> registration
>>>> > period, the server will sign the client cert; however, I am performing
>>>> > manual registration of my hosts, is that still the case?
>>>> >
>>>> >
>>>> > Roshan
>>>>
>>>> --
>>>> CONFIDENTIALITY NOTICE
>>>> NOTICE: This message is intended for the use of the individual or
>>>> entity to
>>>> which it is addressed and may contain information that is confidential,
>>>> privileged and exempt from disclosure under applicable law. If the
>>>> reader
>>>> of this message is not the intended recipient, you are hereby notified
>>>> that
>>>> any printing, copying, dissemination, distribution, disclosure or
>>>> forwarding of this communication is strictly prohibited. If you have
>>>> received this communication in error, please contact the sender
>>>> immediately
>>>> and delete it from your system. Thank You.
>>>>
>>>
>>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
>
Re: SSL issue
Posted by Roshan Punnoose <ro...@gmail.com>.
Yeah I have ntp running and the time is only a few seconds off on each
server.
Roshan Punnoose
On Dec 9, 2013, at 3:54 AM, Olivier Renault <or...@hortonworks.com>
wrote:
The symptoms looks like it could be a time sync issue. Could you confirm
that you ve got ntp running across all your servers?
Thanks
Olivier
On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
> Also, as a side thought. If I back up the ambari-server and move the data
> to another server, does that force hosts reregistering and resigning certs
> when the new ambari server comes up?
>
>
> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>wrote:
>
>> Ambari 1.4.1 from HDP 2
>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
>>
>>> Roshan,
>>> What version of ambari are you using?
>>>
>>> mahadev
>>> Mahadev Konar
>>> Hortonworks Inc.
>>> http://hortonworks.com/
>>>
>>>
>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>>> wrote:
>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>>> connect to
>>> > my ambari-server at https://<ambari-server>:8440. The others can
>>> connect and
>>> > heartbeat without an issue.
>>> >
>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>>> doesn't
>>> > work either on the defective machines, but does work on the others.
>>> >
>>> > My initial thought is that the ambari-server and agent certs have
>>> diverged,
>>> > and the agent cert needs to be resigned. I know during the host
>>> registration
>>> > period, the server will sign the client cert; however, I am performing
>>> > manual registration of my hosts, is that still the case?
>>> >
>>> >
>>> > Roshan
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to
>>> which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified
>>> that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender
>>> immediately
>>> and delete it from your system. Thank You.
>>>
>>
>
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: SSL issue
Posted by Olivier Renault <or...@hortonworks.com>.
The symptoms looks like it could be a time sync issue. Could you confirm
that you ve got ntp running across all your servers?
Thanks
Olivier
On 9 Dec 2013 01:51, "Roshan Punnoose" <ro...@gmail.com> wrote:
> Also, as a side thought. If I back up the ambari-server and move the data
> to another server, does that force hosts reregistering and resigning certs
> when the new ambari server comes up?
>
>
> On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com>wrote:
>
>> Ambari 1.4.1 from HDP 2
>> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
>>
>>> Roshan,
>>> What version of ambari are you using?
>>>
>>> mahadev
>>> Mahadev Konar
>>> Hortonworks Inc.
>>> http://hortonworks.com/
>>>
>>>
>>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>>> wrote:
>>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>>> connect to
>>> > my ambari-server at https://<ambari-server>:8440. The others can
>>> connect and
>>> > heartbeat without an issue.
>>> >
>>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>>> doesn't
>>> > work either on the defective machines, but does work on the others.
>>> >
>>> > My initial thought is that the ambari-server and agent certs have
>>> diverged,
>>> > and the agent cert needs to be resigned. I know during the host
>>> registration
>>> > period, the server will sign the client cert; however, I am performing
>>> > manual registration of my hosts, is that still the case?
>>> >
>>> >
>>> > Roshan
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to
>>> which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified
>>> that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender
>>> immediately
>>> and delete it from your system. Thank You.
>>>
>>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: SSL issue
Posted by Roshan Punnoose <ro...@gmail.com>.
Also, as a side thought. If I back up the ambari-server and move the data
to another server, does that force hosts reregistering and resigning certs
when the new ambari server comes up?
On Fri, Dec 6, 2013 at 10:17 PM, Roshan Punnoose <ro...@gmail.com> wrote:
> Ambari 1.4.1 from HDP 2
> On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
>
>> Roshan,
>> What version of ambari are you using?
>>
>> mahadev
>> Mahadev Konar
>> Hortonworks Inc.
>> http://hortonworks.com/
>>
>>
>> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
>> wrote:
>> > I have a cluster of about 6 nodes, half of which suddenly cannot
>> connect to
>> > my ambari-server at https://<ambari-server>:8440. The others can
>> connect and
>> > heartbeat without an issue.
>> >
>> > I noticed that if I run: openssl s_client -connect <host>:8440, it
>> doesn't
>> > work either on the defective machines, but does work on the others.
>> >
>> > My initial thought is that the ambari-server and agent certs have
>> diverged,
>> > and the agent cert needs to be resigned. I know during the host
>> registration
>> > period, the server will sign the client cert; however, I am performing
>> > manual registration of my hosts, is that still the case?
>> >
>> >
>> > Roshan
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified
>> that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender
>> immediately
>> and delete it from your system. Thank You.
>>
>
Re: SSL issue
Posted by Roshan Punnoose <ro...@gmail.com>.
Ambari 1.4.1 from HDP 2
On Dec 6, 2013 7:40 PM, "Mahadev Konar" <ma...@hortonworks.com> wrote:
> Roshan,
> What version of ambari are you using?
>
> mahadev
> Mahadev Konar
> Hortonworks Inc.
> http://hortonworks.com/
>
>
> On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com>
> wrote:
> > I have a cluster of about 6 nodes, half of which suddenly cannot connect
> to
> > my ambari-server at https://<ambari-server>:8440. The others can
> connect and
> > heartbeat without an issue.
> >
> > I noticed that if I run: openssl s_client -connect <host>:8440, it
> doesn't
> > work either on the defective machines, but does work on the others.
> >
> > My initial thought is that the ambari-server and agent certs have
> diverged,
> > and the agent cert needs to be resigned. I know during the host
> registration
> > period, the server will sign the client cert; however, I am performing
> > manual registration of my hosts, is that still the case?
> >
> >
> > Roshan
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
Re: SSL issue
Posted by Mahadev Konar <ma...@hortonworks.com>.
Roshan,
What version of ambari are you using?
mahadev
Mahadev Konar
Hortonworks Inc.
http://hortonworks.com/
On Fri, Dec 6, 2013 at 10:31 AM, Roshan Punnoose <ro...@gmail.com> wrote:
> I have a cluster of about 6 nodes, half of which suddenly cannot connect to
> my ambari-server at https://<ambari-server>:8440. The others can connect and
> heartbeat without an issue.
>
> I noticed that if I run: openssl s_client -connect <host>:8440, it doesn't
> work either on the defective machines, but does work on the others.
>
> My initial thought is that the ambari-server and agent certs have diverged,
> and the agent cert needs to be resigned. I know during the host registration
> period, the server will sign the client cert; however, I am performing
> manual registration of my hosts, is that still the case?
>
>
> Roshan
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.