You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/08/31 17:18:00 UTC

[jira] [Updated] (AMBARI-24579) Wrong Ambari Alert of HiveServer2 Process critical due to unescaped password of keystore

     [ https://issues.apache.org/jira/browse/AMBARI-24579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated AMBARI-24579:
------------------------------------
    Labels: pull-request-available  (was: )

> Wrong Ambari Alert of HiveServer2 Process critical due to unescaped password of keystore
> ----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-24579
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24579
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.6.2
>         Environment: Ambari 2.6.2.2
> HDP 2.6.5.0
>            Reporter: Christian Danner
>            Priority: Minor
>              Labels: pull-request-available
>
> After Enabling SSL for Hive Server 2, Ambari Alerts showing "HiveServer2 Process critical".
> When the keystore passphrase is having spacial characters like '(', ')' , '\{' or '}' the alert in Ambari is triggered and the following traceback is shown:
>  
> {code:java}
> Connection failed on host hive.server2.example.com:10000 (Traceback (most recent call last):
> File "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/alerts/alert_hive_thrift_port.py", line 212, in execute
> ldap_password=ldap_password)
> File "/usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py", line 81, in check_thrift_port_sasl
> timeout_kill_strategy=TerminateStrategy.KILL_PROCESS_TREE,
> File "/usr/lib/ambari-agent/lib/resource_management/core/base.py", line 166, in __init__
> self.env.run()
> File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 160, in run
> self.run_action(resource, action)
> File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 124, in run_action
> provider_action()
> File "/usr/lib/ambari-agent/lib/resource_management/core/providers/system.py", line 262, in action_run
> tries=self.resource.tries, try_sleep=self.resource.try_sleep)
> File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 72, in inner
> result = function(command, **kwargs)
> File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 102, in checked_call
> tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy)
> File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 150, in _call_wrapper
> result = _call(command, **kwargs_copy)
> File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 303, in _call
> raise ExecutionFailed(err_msg, code, out, err)
> ExecutionFailed: Execution of '! beeline -u 'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]' -e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL'' returned 1. -bash: -c: line 0: syntax error near unexpected token `('
> -bash: -c: line 0: `export PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/sbin:/sbin:/usr/lib/ambari-server/*:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/mit/bin:/var/lib/ambari-agent:/var/lib/ambari-agent:/bin/:/usr/bin/:/usr/lib/hive/bin/:/usr/sbin/' ; ! beeline -u 'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]' -e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL''
> )
> {code}
> Therefore I am suggesting that the password should be escaped before handing over to bash in the following file:
> {code:java}
> /usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py
> {code}
> Line 60:
> {code:java}
> beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}', 'trustStorePassword={ssl_password!p}'])
> {code}
> should be replaced to this:
> {code:java}
> beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}', 'trustStorePassword=\'{ssl_password!p}\''])
> {code}
> This solved my problem on my cluster.
>  
> Since I am new to the community and don't know the process and was not able to find the right repository to change it I am going this way by explaining my solution.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)