You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Mahadev konar (JIRA)" <ji...@apache.org> on 2015/02/11 21:53:11 UTC
[jira] [Updated] (AMBARI-9581) curl unable to connect to Ambari
when SSLv3 and TLSv1 is disabled
[ https://issues.apache.org/jira/browse/AMBARI-9581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated AMBARI-9581:
----------------------------------
Description:
PROBLEM: requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.
BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
was:
PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.
BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
> curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
> -----------------------------------------------------------------
>
> Key: AMBARI-9581
> URL: https://issues.apache.org/jira/browse/AMBARI-9581
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 2.0.0
>
>
> PROBLEM: requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. AIG inquired about disabling curl
> calls in hive.py, or replacing curl with wget.
> BUSINESS IMPACT: Manual hive control instructions were provided as a
> workaround. Customer wants to know what options are available to have full
> Ambari functionality with the given constraints.
> STEPS TO REPRODUCE:
> * enable SSL in Ambari
> * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
> * attempt to restart Hive via Ambari
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)