You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2013/06/14 19:51:12 UTC

svn commit: r1493189 - in /incubator/ambari/trunk/ambari-agent/src: main/python/ambari_agent/security.py test/python/TestController.py test/python/TestSecurity.py

Author: swagle
Date: Fri Jun 14 17:51:12 2013
New Revision: 1493189

URL: http://svn.apache.org/r1493189
Log:
AMBARI-2389. Registration fails sometimes because of openssl issues on signing the certs. (Dmitry Sen via swagle)

Modified:
    incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py
    incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py
    incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py

Modified: incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py Fri Jun 14 17:51:12 2013
@@ -75,7 +75,12 @@ class VerifiedHTTPSConnection(httplib.HT
       except ssl.SSLError as err:
         logger.error('Two-way SSL authentication failed. Ensure that '
                     'server and agent certificates were signed by the same CA '
-                    'and restart the agent.\nExiting..')
+                    'and restart the agent. '
+                    '\nIn order to receive a new agent certificate, remove '
+                    'existing certificate file from keys directory. As a '
+                    'workaround you can turn off two-way SSL authentication in '
+                    'server configuration(ambari.properties) '
+                    '\nExiting..')
         raise err
 
   def create_connection(self):
@@ -212,7 +217,13 @@ class CertificateManager():
       agentCrtF.write(agentCrtContent)
     else:
       # Possible exception is catched higher at Controller
-      logger.error("Certificate signing failed")
+      logger.error('Certificate signing failed.'
+                   '\nIn order to receive a new agent'
+                   ' certificate, remove existing certificate file from keys '
+                   'directory. As a workaround you can turn off two-way SSL '
+                   'authentication in server configuration(ambari.properties) '
+                   '\nExiting..')
+      raise ssl.SSLError
 
   def genAgentCrtReq(self):
     generate_script = GEN_AGENT_KEY % {'hostname': hostname.hostname(),

Modified: incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py Fri Jun 14 17:51:12 2013
@@ -20,6 +20,7 @@ limitations under the License.
 '''
 
 import StringIO
+import ssl
 import unittest
 from ambari_agent import Controller, ActionQueue
 from ambari_agent import hostname
@@ -346,6 +347,26 @@ class TestController(unittest.TestCase):
     self.controller.sendRequest = Controller.Controller.sendRequest
     self.controller.sendRequest = Controller.Controller.addToQueue
 
+  @patch("pprint.pformat")
+  @patch("time.sleep")
+  @patch("json.loads")
+  @patch("json.dumps")
+  def test_certSigningFailed(self, dumpsMock, loadsMock, sleepMock, pformatMock):
+    register = MagicMock()
+    self.controller.register = register
+
+    dumpsMock.return_value = "request"
+    response = {"responseId":1,}
+    loadsMock.return_value = response
+
+    self.controller.sendRequest = Mock(side_effect=ssl.SSLError())
+
+    self.controller.repeatRegistration=True
+    self.controller.registerWithServer()
+
+    #Conroller thread and the agent stop if the repeatRegistration flag is False
+    self.assertFalse(self.controller.repeatRegistration)
+
 if __name__ == "__main__":
   unittest.main(verbosity=2)
 

Modified: incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py Fri Jun 14 17:51:12 2013
@@ -305,7 +305,12 @@ class TestSecurity(unittest.TestCase):
       'signedCa': 'fail-crt'
     }
 
-    man.reqSignCrt()
+    # If certificate signing failed, then exception must be raised
+    try:
+      man.reqSignCrt()
+      self.fail()
+    except ssl.SSLError:
+      pass
     self.assertFalse(open_mock.return_value.write.called)
 
     # Test connection fail