You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/11/10 16:30:00 UTC
[jira] [Created] (AMBARI-22417) Ambari checks fail with FIPS mode
is activated on the OS
Robert Levas created AMBARI-22417:
-------------------------------------
Summary: Ambari checks fail with FIPS mode is activated on the OS
Key: AMBARI-22417
URL: https://issues.apache.org/jira/browse/AMBARI-22417
Project: Ambari
Issue Type: Bug
Components: ambari-agent, ambari-server
Affects Versions: 2.5.1
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.6.1
Ambari checks fail with FIPS mode is activated on the OS (Rhel7). FIPS mode disables weak ciphers (such as MD5).
Ambari code is doing
{code}
ccache_file_name = _md5("
{0}|{1}".format(principal, keytab)).hexdigest(). MD5 is disabled on the OS (RHEL7) so ambari throws errors.
{code}
- All service checks fail, Ranger KMS start fails via ambari.
- However all the services are actually running and fine.
- Also Ranger KMS succesfully started from command Line
Here is the stack trace from Ambari
{code}
service_check
params.kinit_path_local, False, None, params.smoke_user)
File "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/curl_krb_request.py", line 109, in curl_krb_request
ccache_file_name = _md5("{0}
|
{1}
".format(principal, keytab)).hexdigest()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
{code}
Fix:
MD5 is disabled on the OS, Code needs to be updated to use SHA?
This is required when FIPS mode is enabled on the RHEL OS
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)