You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Dmytro Sen <ds...@hortonworks.com> on 2014/03/12 12:16:13 UTC

Review Request 19069: 2-way auth fails when using jdk7

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/
-----------------------------------------------------------

Review request for Ambari, Dmytro Shkvyra and Sid Wagle.


Bugs: AMBARI-5040
    https://issues.apache.org/jira/browse/AMBARI-5040


Repository: ambari


Description
-------

Steps to reproduce:

On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.

Add the following property:
security.server.two_way_ssl = true

Error message
{noformat}
INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. 
In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties) 
Exiting..
{noformat}


Diffs
-----

  ambari-server/conf/unix/ca.config d838131 
  ambari-server/pom.xml 24c78ff 
  ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633 
  ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba 
  ambari-server/src/main/resources/ca.config 7324275 
  ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8 

Diff: https://reviews.apache.org/r/19069/diff/


Testing
-------

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Ambari Main ....................................... SUCCESS [0.067s]
[INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
[INFO] Ambari Web ........................................ SUCCESS [8.043s]
[INFO] Ambari Views ...................................... SUCCESS [1.468s]
[INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
[INFO] Ambari Agent ...................................... SUCCESS [11.600s]
[INFO] Ambari Client ..................................... SUCCESS [0.414s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS


INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key	-subj /OU=c6401.ambari.apache.org/        -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.


Thanks,

Dmytro Sen

Re: Review Request 19069: 2-way auth fails when using jdk7

Posted by Dmytro Shkvyra <ds...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/#review37228
-----------------------------------------------------------

Ship it!


Ship It!

- Dmytro Shkvyra


On March 12, 2014, 11:16 a.m., Dmytro Sen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19069/
> -----------------------------------------------------------
> 
> (Updated March 12, 2014, 11:16 a.m.)
> 
> 
> Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
> 
> 
> Bugs: AMBARI-5040
>     https://issues.apache.org/jira/browse/AMBARI-5040
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Steps to reproduce:
> 
> On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
> 
> Add the following property:
> security.server.two_way_ssl = true
> 
> Error message
> {noformat}
> INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
> ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. 
> In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties) 
> Exiting..
> {noformat}
> 
> 
> Diffs
> -----
> 
>   ambari-server/conf/unix/ca.config d838131 
>   ambari-server/pom.xml 24c78ff 
>   ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633 
>   ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba 
>   ambari-server/src/main/resources/ca.config 7324275 
>   ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8 
> 
> Diff: https://reviews.apache.org/r/19069/diff/
> 
> 
> Testing
> -------
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO] 
> [INFO] Ambari Main ....................................... SUCCESS [0.067s]
> [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
> [INFO] Ambari Web ........................................ SUCCESS [8.043s]
> [INFO] Ambari Views ...................................... SUCCESS [1.468s]
> [INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
> [INFO] Ambari Agent ...................................... SUCCESS [11.600s]
> [INFO] Ambari Client ..................................... SUCCESS [0.414s]
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> 
> 
> INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
> INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
> INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
> INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
> INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key	-subj /OU=c6401.ambari.apache.org/        -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
> INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.
> 
> 
> Thanks,
> 
> Dmytro Sen
> 
>

Re: Review Request 19069: 2-way auth fails when using jdk7

Posted by Sid Wagle <sw...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/#review36931
-----------------------------------------------------------

Ship it!


Ship It!

- Sid Wagle


On March 12, 2014, 11:16 a.m., Dmytro Sen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19069/
> -----------------------------------------------------------
> 
> (Updated March 12, 2014, 11:16 a.m.)
> 
> 
> Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
> 
> 
> Bugs: AMBARI-5040
>     https://issues.apache.org/jira/browse/AMBARI-5040
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Steps to reproduce:
> 
> On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
> 
> Add the following property:
> security.server.two_way_ssl = true
> 
> Error message
> {noformat}
> INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
> ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. 
> In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties) 
> Exiting..
> {noformat}
> 
> 
> Diffs
> -----
> 
>   ambari-server/conf/unix/ca.config d838131 
>   ambari-server/pom.xml 24c78ff 
>   ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633 
>   ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba 
>   ambari-server/src/main/resources/ca.config 7324275 
>   ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8 
> 
> Diff: https://reviews.apache.org/r/19069/diff/
> 
> 
> Testing
> -------
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO] 
> [INFO] Ambari Main ....................................... SUCCESS [0.067s]
> [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
> [INFO] Ambari Web ........................................ SUCCESS [8.043s]
> [INFO] Ambari Views ...................................... SUCCESS [1.468s]
> [INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
> [INFO] Ambari Agent ...................................... SUCCESS [11.600s]
> [INFO] Ambari Client ..................................... SUCCESS [0.414s]
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> 
> 
> INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
> INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
> INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
> INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
> INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key	-subj /OU=c6401.ambari.apache.org/        -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
> INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.
> 
> 
> Thanks,
> 
> Dmytro Sen
> 
>