You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Dmytro Sen <ds...@hortonworks.com> on 2014/03/12 12:16:13 UTC
Review Request 19069: 2-way auth fails when using jdk7
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/
-----------------------------------------------------------
Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
Bugs: AMBARI-5040
https://issues.apache.org/jira/browse/AMBARI-5040
Repository: ambari
Description
-------
Steps to reproduce:
On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
Add the following property:
security.server.two_way_ssl = true
Error message
{noformat}
INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent.
In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties)
Exiting..
{noformat}
Diffs
-----
ambari-server/conf/unix/ca.config d838131
ambari-server/pom.xml 24c78ff
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633
ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba
ambari-server/src/main/resources/ca.config 7324275
ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8
Diff: https://reviews.apache.org/r/19069/diff/
Testing
-------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Ambari Main ....................................... SUCCESS [0.067s]
[INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
[INFO] Ambari Web ........................................ SUCCESS [8.043s]
[INFO] Ambari Views ...................................... SUCCESS [1.468s]
[INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
[INFO] Ambari Agent ...................................... SUCCESS [11.600s]
[INFO] Ambari Client ..................................... SUCCESS [0.414s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key -subj /OU=c6401.ambari.apache.org/ -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.
Thanks,
Dmytro Sen
Re: Review Request 19069: 2-way auth fails when using jdk7
Posted by Dmytro Shkvyra <ds...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/#review37228
-----------------------------------------------------------
Ship it!
Ship It!
- Dmytro Shkvyra
On March 12, 2014, 11:16 a.m., Dmytro Sen wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19069/
> -----------------------------------------------------------
>
> (Updated March 12, 2014, 11:16 a.m.)
>
>
> Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
>
>
> Bugs: AMBARI-5040
> https://issues.apache.org/jira/browse/AMBARI-5040
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Steps to reproduce:
>
> On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
>
> Add the following property:
> security.server.two_way_ssl = true
>
> Error message
> {noformat}
> INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
> ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent.
> In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties)
> Exiting..
> {noformat}
>
>
> Diffs
> -----
>
> ambari-server/conf/unix/ca.config d838131
> ambari-server/pom.xml 24c78ff
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633
> ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba
> ambari-server/src/main/resources/ca.config 7324275
> ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8
>
> Diff: https://reviews.apache.org/r/19069/diff/
>
>
> Testing
> -------
>
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Ambari Main ....................................... SUCCESS [0.067s]
> [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
> [INFO] Ambari Web ........................................ SUCCESS [8.043s]
> [INFO] Ambari Views ...................................... SUCCESS [1.468s]
> [INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
> [INFO] Ambari Agent ...................................... SUCCESS [11.600s]
> [INFO] Ambari Client ..................................... SUCCESS [0.414s]
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
>
>
> INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
> INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
> INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
> INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
> INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key -subj /OU=c6401.ambari.apache.org/ -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
> INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.
>
>
> Thanks,
>
> Dmytro Sen
>
>
Re: Review Request 19069: 2-way auth fails when using jdk7
Posted by Sid Wagle <sw...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/#review36931
-----------------------------------------------------------
Ship it!
Ship It!
- Sid Wagle
On March 12, 2014, 11:16 a.m., Dmytro Sen wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19069/
> -----------------------------------------------------------
>
> (Updated March 12, 2014, 11:16 a.m.)
>
>
> Review request for Ambari, Dmytro Shkvyra and Sid Wagle.
>
>
> Bugs: AMBARI-5040
> https://issues.apache.org/jira/browse/AMBARI-5040
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Steps to reproduce:
>
> On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
>
> Add the following property:
> security.server.two_way_ssl = true
>
> Error message
> {noformat}
> INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. connecting to the server
> ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent.
> In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties)
> Exiting..
> {noformat}
>
>
> Diffs
> -----
>
> ambari-server/conf/unix/ca.config d838131
> ambari-server/pom.xml 24c78ff
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java c02d633
> ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java d0f7dba
> ambari-server/src/main/resources/ca.config 7324275
> ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java b73b5c8
>
> Diff: https://reviews.apache.org/r/19069/diff/
>
>
> Testing
> -------
>
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Ambari Main ....................................... SUCCESS [0.067s]
> [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
> [INFO] Ambari Web ........................................ SUCCESS [8.043s]
> [INFO] Ambari Views ...................................... SUCCESS [1.468s]
> [INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
> [INFO] Ambari Agent ...................................... SUCCESS [11.600s]
> [INFO] Ambari Client ..................................... SUCCESS [0.414s]
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
>
>
> INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL authentication..
> INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, downloading
> INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from https://c6401.ambari.apache.org:8440/cert/ca/
> INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating request
> INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key -subj /OU=c6401.ambari.apache.org/ -out /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
> INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, sending sign request
> INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. connecting to the server
> INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. Two-way SSL authentication completed successfully.
>
>
> Thanks,
>
> Dmytro Sen
>
>