You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2018/06/12 07:51:45 UTC

[ambari] 01/03: AMBARI-24070. Added missing 2-way SSL logs

This is an automated email from the ASF dual-hosted git repository.

aonishuk pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git

commit 5cda3d3cd683063c77e0374b6bc50a398cf70097
Author: Srikanth Janardhan <sj...@hortonworks.com>
AuthorDate: Mon Jun 11 14:45:25 2018 +0530

    AMBARI-24070. Added missing 2-way SSL logs
---
 .../src/main/python/ambari_agent/security.py        | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py
index 563771a..99e0dcc 100644
--- a/ambari-agent/src/main/python/ambari_agent/security.py
+++ b/ambari-agent/src/main/python/ambari_agent/security.py
@@ -63,6 +63,10 @@ class VerifiedHTTPSConnection:
 
     if not self.two_way_ssl_required:
       conn = AmbariStompConnection(self.connection_url)
+      self.establish_connection(conn)
+      logger.info('SSL connection established. Two-way SSL authentication is '
+                  'turned off on the server.')
+      return conn
     else:
       self.certMan = CertificateManager(self.config, self.host)
       self.certMan.initSecurity()
@@ -79,8 +83,21 @@ class VerifiedHTTPSConnection:
 
       conn = AmbariStompConnection(self.connection_url, ssl_options=ssl_options)
 
-    self.establish_connection(conn)
-    return conn
+      try:
+        self.establish_connection(conn)
+        logger.info('SSL connection established. Two-way SSL authentication '
+                    'completed successfully.')
+      except ambari_stomp.exception.ConnectFailedException as err:
+        logger.error('Two-way SSL authentication failed. Ensure that '
+                     'server and agent certificates were signed by the same CA '
+                     'and restart the agent. '
+                     '\nIn order to receive a new agent certificate, remove '
+                     'existing certificate file from keys directory. As a '
+                     'workaround you can turn off two-way SSL authentication in '
+                     'server configuration(ambari.properties) '
+                     '\nExiting..')
+        raise err
+      return conn
 
   def establish_connection(self, conn):
     """

-- 
To stop receiving notification emails like this one, please contact
aonishuk@apache.org.