You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ds...@apache.org on 2017/02/24 12:39:36 UTC
ambari git commit: AMBARI-20115 Ambari reports grafana service is
down when its running causing other services to not start (dsen)
Repository: ambari
Updated Branches:
refs/heads/trunk d55dfc27f -> 6277a648c
AMBARI-20115 Ambari reports grafana service is down when its running causing other services to not start (dsen)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6277a648
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6277a648
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6277a648
Branch: refs/heads/trunk
Commit: 6277a648c44e8f5540adf569cff10d494d3c701c
Parents: d55dfc2
Author: Dmytro Sen <ds...@apache.org>
Authored: Fri Feb 24 14:39:27 2017 +0200
Committer: Dmytro Sen <ds...@apache.org>
Committed: Fri Feb 24 14:39:27 2017 +0200
----------------------------------------------------------------------
.../src/main/python/ambari_commons/network.py | 41 ++++++++++++++++----
.../package/scripts/metrics_grafana_util.py | 27 +++++++++++--
2 files changed, 57 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/6277a648/ambari-common/src/main/python/ambari_commons/network.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/ambari_commons/network.py b/ambari-common/src/main/python/ambari_commons/network.py
index b5b1cd6..9bc16ed 100644
--- a/ambari-common/src/main/python/ambari_commons/network.py
+++ b/ambari-common/src/main/python/ambari_commons/network.py
@@ -20,20 +20,47 @@ limitations under the License.
import httplib
import ssl
+import socket
+from ambari_commons.logging_utils import print_warning_msg
from resource_management.core.exceptions import Fail
+# overrides default httplib.HTTPSConnection implementation to use specified ssl version
+class HTTPSConnectionWithCustomSslVersion(httplib.HTTPSConnection):
+ def __init__(self, host, port, ssl_version, **kwargs):
+ httplib.HTTPSConnection.__init__(self, host, port, **kwargs)
+ self.ssl_version = ssl_version
+
+ def connect(self):
+ conn_socket = socket.create_connection((self.host, self.port),
+ self.timeout)
+ if getattr(self, '_tunnel_host', None):
+ self.sock = conn_socket
+ self._tunnel()
+
+ self.sock = ssl.wrap_socket(conn_socket, self.key_file, self.cert_file,
+ ssl_version=self.ssl_version)
+
def get_http_connection(host, port, https_enabled=False, ca_certs=None):
if https_enabled:
+ ssl_version = ssl.PROTOCOL_SSLv23
if ca_certs:
- check_ssl_certificate(host, port, ca_certs)
- return httplib.HTTPSConnection(host, port)
+ ssl_version = check_ssl_certificate_and_return_ssl_version(host, port, ca_certs)
+ return HTTPSConnectionWithCustomSslVersion(host, port, ssl_version)
else:
return httplib.HTTPConnection(host, port)
-def check_ssl_certificate(host, port, ca_certs):
+def check_ssl_certificate_and_return_ssl_version(host, port, ca_certs):
try:
- ssl.get_server_certificate((host, port), ssl_version=ssl.PROTOCOL_SSLv23, ca_certs=ca_certs)
- except (ssl.SSLError) as ssl_error:
- raise Fail("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2}"
- .format(host, port, ca_certs))
+ ssl_version = ssl.PROTOCOL_TLSv1
+ ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs)
+ except ssl.SSLError as ssl_error:
+ print_warning_msg("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2} using ssl.PROTOCOL_TLSv1."
+ " Trying to use less secure ssl.PROTOCOL_SSLv23. Error : {3}".format(host, port, ca_certs, str(ssl_error)))
+ try:
+ ssl_version = ssl.PROTOCOL_SSLv23
+ ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs)
+ except ssl.SSLError as ssl_error:
+ raise Fail("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2}. Error : {3}"
+ .format(host, port, ca_certs, str(ssl_error)))
+ return ssl_version
http://git-wip-us.apache.org/repos/asf/ambari/blob/6277a648/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
index a751330..95424f9 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
@@ -46,12 +46,16 @@ Server = namedtuple('Server', [ 'protocol', 'host', 'port', 'user', 'password' ]
def perform_grafana_get_call(url, server):
grafana_https_enabled = server.protocol.lower() == 'https'
response = None
+ ca_certs = None
+ if grafana_https_enabled:
+ import params
+ ca_certs = params.ams_grafana_cert_file
for i in xrange(0, GRAFANA_CONNECT_TRIES):
try:
conn = network.get_http_connection(server.host,
int(server.port),
- grafana_https_enabled)
+ grafana_https_enabled, ca_certs)
userAndPass = b64encode('{0}:{1}'.format(server.user, server.password))
headers = { 'Authorization' : 'Basic %s' % userAndPass }
@@ -82,9 +86,14 @@ def perform_grafana_put_call(url, id, payload, server):
'Authorization' : 'Basic %s' % userAndPass }
grafana_https_enabled = server.protocol.lower() == 'https'
+ ca_certs = None
+ if grafana_https_enabled:
+ import params
+ ca_certs = params.ams_grafana_cert_file
+
for i in xrange(0, GRAFANA_CONNECT_TRIES):
try:
- conn = network.get_http_connection(server.host, int(server.port), grafana_https_enabled)
+ conn = network.get_http_connection(server.host, int(server.port), grafana_https_enabled, ca_certs)
conn.request("PUT", url + "/" + str(id), payload, headers)
response = conn.getresponse()
data = response.read()
@@ -112,12 +121,17 @@ def perform_grafana_post_call(url, payload, server):
'Authorization' : 'Basic %s' % userAndPass}
grafana_https_enabled = server.protocol.lower() == 'https'
+ ca_certs = None
+ if grafana_https_enabled:
+ import params
+ ca_certs = params.ams_grafana_cert_file
+
for i in xrange(0, GRAFANA_CONNECT_TRIES):
try:
Logger.info("Connecting (POST) to %s:%s%s" % (server.host, server.port, url))
conn = network.get_http_connection(server.host,
int(server.port),
- grafana_https_enabled)
+ grafana_https_enabled, ca_certs)
conn.request("POST", url, payload, headers)
@@ -149,11 +163,16 @@ def perform_grafana_delete_call(url, server):
grafana_https_enabled = server.protocol.lower() == 'https'
response = None
+ ca_certs = None
+ if grafana_https_enabled:
+ import params
+ ca_certs = params.ams_grafana_cert_file
+
for i in xrange(0, GRAFANA_CONNECT_TRIES):
try:
conn = network.get_http_connection(server.host,
int(server.port),
- grafana_https_enabled)
+ grafana_https_enabled, ca_certs)
userAndPass = b64encode('{0}:{1}'.format(server.user, server.password))
headers = { 'Authorization' : 'Basic %s' % userAndPass }