You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "REYANE OUKPEDJO (JIRA)" <ji...@apache.org> on 2016/06/14 14:08:01 UTC
[jira] [Created] (AMBARI-17225) Ambari Web UI stuck ON Repository
Base URL validation when a local repository server is used and it's
certificate is on the truststore that ambari is configured to use
REYANE OUKPEDJO created AMBARI-17225:
----------------------------------------
Summary: Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use
Key: AMBARI-17225
URL: https://issues.apache.org/jira/browse/AMBARI-17225
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.2.0
Environment: REHL7
Reporter: REYANE OUKPEDJO
a local repository server is set up with ssl enabled and ambari is configured to uses a truststore that has the local repository server certificate on it. Yet ambari is throwing the following error during base url validation:
13 Jun 2016 16:31:11,974 WARN [qtp-ambari-client-23] ServletHandler:563 - /api/v1/stacks/BigInsights/versions/4.2/operating_systems/redhat7/repositories/IOP-4.2
java.lang.IllegalStateException: Can't get secure connection to https://deployment.whac.local/repos/IOP/rhel/7/x86_64/4.2.0.0/beta/repodata/repomd.xml. Truststore path or password is not set.
at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:286)
at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:173)
at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:133)
at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:107)
at org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:112)
at org.apache.ambari.server.controller.AmbariManagementControllerImpl.verifyRepository(AmbariManagementControllerImpl.java:3701)
at org.apache.ambari.server.controller.AmbariManagementControllerImpl.updateRepositories(AmbariManagementControllerImpl.java:3639)
at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:120)
at org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:117)
at org.apache.ambari.server.controller.internal.AbstractResourceProvider.invokeWithRetry(AbstractResourceProvider.java:450)
at org.apache.ambari.server.controller.internal.AbstractResourceProvider.modifyResources(AbstractResourceProvider.java:331)
at org.apache.ambari.server.controller.internal.RepositoryResourceProvider.updateResources(RepositoryResourceProvider.java:117)
at org.apache.ambari.server.controller.internal.ClusterControllerImpl.updateResources(ClusterControllerImpl.java:310)
at org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl.update(PersistenceManagerImpl.java:104)
at org.apache.ambari.server.api.handlers.UpdateHandler.persist(UpdateHandler.java:42)
at org.apache.ambari.server.api.handlers.BaseManagementHandler.handleRequest(BaseManagementHandler.java:72)
at org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest.java:135)
at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:106)
at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:75)
at org.apache.ambari.server.api.services.RepositoryService.updateRepository(RepositoryService.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
Also note that the ambari configuration file : ambari.properties show the following lines :
ssl.trustStore.path=/etc/security/ambari-server-truststore
server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat
server.execution.scheduler.isClustered=false
server.stages.parallel=true
views.request.read.timeout.millis=10000
ssl.trustStore.type=jks
server.jdbc.database=postgres
ssl.trustStore.password=changeit
server.jdbc.database_name=ambari
As you can see the above suggests ambari is configured to use the trustore and yet it still complains with no path to the trsust store or password is not set.
Also I tried to use a java program that is able to pull the repomd.xml using the same trust store that was set for ambari
[root@ip-10-155-82-180 ~]# java -Djavax.net.ssl.trustStore=/etc/security/ambari-server-truststore -Djsse.enableSNIExtension=false TestTrustStore https://deployment.whac.local/repos/IOP-UTILS/RHEL7/x86_64/1.2/repodata/repomd.xml
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
<revision>1461860617</revision>
<data type="filelists">
<checksum type="sha256">bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427</checksum>
<open-checksum type="sha256">b4d19a2f6912a1c41c242f94fd453dde4b538033e4dfb4ca7a3afc8f3baace15</open-checksum>
<location href="repodata/bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427-filelists.xml.gz"/>
<timestamp>1461860618</timestamp>
<size>2769</size>
<open-size>18408</open-size>
</data>
<data type="primary">
<checksum type="sha256">18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047</checksum>
<open-checksum type="sha256">f42768d89bfdacbe49bfbc1263cc6365b93fbef118a07e5d1d25b0855c0af62e</open-checksum>
<location href="repodata/18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047-primary.xml.gz"/>
<timestamp>1461860618</timestamp>
<size>4636</size>
<open-size>23050</open-size>
</data>
<data type="primary_db">
<checksum type="sha256">f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0</checksum>
<open-checksum type="sha256">9819c0d684a4f9c89f487d02259081667be66234721d38b5c5fb3f2ecaf79466</open-checksum>
<location href="repodata/f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0-primary.sqlite.bz2"/>
<timestamp>1461860618.27</timestamp>
<database_version>10</database_version>
<size>9717</size>
<open-size>41984</open-size>
</data>
<data type="other_db">
<checksum type="sha256">2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7</checksum>
<open-checksum type="sha256">832e44a958a10d0a4ee6437eaa6473f9f61b373aaf8b7689c0131f4345dcc93f</open-checksum>
<location href="repodata/2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7-other.sqlite.bz2"/>
<timestamp>1461860618.23</timestamp>
<database_version>10</database_version>
<size>4087</size>
<open-size>13312</open-size>
</data>
<data type="other">
<checksum type="sha256">b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4</checksum>
<open-checksum type="sha256">1c2924c2566da9e6a4295989db59b34afbd66d03daf40a9d9a43fba6eeed042d</open-checksum>
<location href="repodata/b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4-other.xml.gz"/>
<timestamp>1461860618</timestamp>
<size>2477</size>
<open-size>10948</open-size>
</data>
<data type="filelists_db">
<checksum type="sha256">f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164</checksum>
<open-checksum type="sha256">f2fdc37abc9df60b8f577d6dcb671fc1b67997ce67feae511ac73c1a2fe474a4</open-checksum>
<location href="repodata/f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164-filelists.sqlite.bz2"/>
<timestamp>1461860618.24</timestamp>
<database_version>10</database_version>
<size>5529</size>
<open-size>17408</open-size>
</data>
</repomd>
as you can see this works fine and I believe ambari should not complain about not finding the path to the trust store or the password not being set.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)