You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2017/11/10 23:12:00 UTC

[jira] [Commented] (AMBARI-22417) Ambari checks fail with FIPS mode is activated on the OS

    [ https://issues.apache.org/jira/browse/AMBARI-22417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16248139#comment-16248139 ] 

Hadoop QA commented on AMBARI-22417:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12897110/AMBARI-22417_branch-2.6_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/12649//console

This message is automatically generated.

> Ambari checks fail with FIPS mode is activated on the OS
> --------------------------------------------------------
>
>                 Key: AMBARI-22417
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22417
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.5.1
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>             Fix For: 2.6.1
>
>         Attachments: AMBARI-22417_branch-2.6_01.patch, AMBARI-22417_trunk_01.patch
>
>
> Ambari checks fail with FIPS mode is activated on the OS (Rhel7). FIPS mode disables weak ciphers (such as MD5). 
> Ambari code is doing 
> {code}
> ccache_file_name = _md5("
> {0}|{1}".format(principal, keytab)).hexdigest(). MD5 is disabled on the OS (RHEL7) so ambari throws errors.
> {code}
> - All service checks fail, Ranger KMS start fails via ambari. 
> - However all the services are actually running and fine. 
> - Also Ranger KMS succesfully started from command Line
> Here is the stack trace from Ambari
> {code}
> service_check
> params.kinit_path_local, False, None, params.smoke_user)
> File "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/curl_krb_request.py", line 109, in curl_krb_request
> ccache_file_name = _md5("{0}
> |
> {1}
> ".format(principal, keytab)).hexdigest()
> ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
> {code}
> Fix: 
> MD5 is disabled on the OS, Code needs to be updated to use SHA?
> This is required when FIPS mode is enabled on the RHEL OS



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)