You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2013/06/14 19:51:12 UTC
svn commit: r1493189 - in /incubator/ambari/trunk/ambari-agent/src:
main/python/ambari_agent/security.py test/python/TestController.py
test/python/TestSecurity.py
Author: swagle
Date: Fri Jun 14 17:51:12 2013
New Revision: 1493189
URL: http://svn.apache.org/r1493189
Log:
AMBARI-2389. Registration fails sometimes because of openssl issues on signing the certs. (Dmitry Sen via swagle)
Modified:
incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py
incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py
incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py
Modified: incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/python/ambari_agent/security.py Fri Jun 14 17:51:12 2013
@@ -75,7 +75,12 @@ class VerifiedHTTPSConnection(httplib.HT
except ssl.SSLError as err:
logger.error('Two-way SSL authentication failed. Ensure that '
'server and agent certificates were signed by the same CA '
- 'and restart the agent.\nExiting..')
+ 'and restart the agent. '
+ '\nIn order to receive a new agent certificate, remove '
+ 'existing certificate file from keys directory. As a '
+ 'workaround you can turn off two-way SSL authentication in '
+ 'server configuration(ambari.properties) '
+ '\nExiting..')
raise err
def create_connection(self):
@@ -212,7 +217,13 @@ class CertificateManager():
agentCrtF.write(agentCrtContent)
else:
# Possible exception is catched higher at Controller
- logger.error("Certificate signing failed")
+ logger.error('Certificate signing failed.'
+ '\nIn order to receive a new agent'
+ ' certificate, remove existing certificate file from keys '
+ 'directory. As a workaround you can turn off two-way SSL '
+ 'authentication in server configuration(ambari.properties) '
+ '\nExiting..')
+ raise ssl.SSLError
def genAgentCrtReq(self):
generate_script = GEN_AGENT_KEY % {'hostname': hostname.hostname(),
Modified: incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/test/python/TestController.py Fri Jun 14 17:51:12 2013
@@ -20,6 +20,7 @@ limitations under the License.
'''
import StringIO
+import ssl
import unittest
from ambari_agent import Controller, ActionQueue
from ambari_agent import hostname
@@ -346,6 +347,26 @@ class TestController(unittest.TestCase):
self.controller.sendRequest = Controller.Controller.sendRequest
self.controller.sendRequest = Controller.Controller.addToQueue
+ @patch("pprint.pformat")
+ @patch("time.sleep")
+ @patch("json.loads")
+ @patch("json.dumps")
+ def test_certSigningFailed(self, dumpsMock, loadsMock, sleepMock, pformatMock):
+ register = MagicMock()
+ self.controller.register = register
+
+ dumpsMock.return_value = "request"
+ response = {"responseId":1,}
+ loadsMock.return_value = response
+
+ self.controller.sendRequest = Mock(side_effect=ssl.SSLError())
+
+ self.controller.repeatRegistration=True
+ self.controller.registerWithServer()
+
+ #Conroller thread and the agent stop if the repeatRegistration flag is False
+ self.assertFalse(self.controller.repeatRegistration)
+
if __name__ == "__main__":
unittest.main(verbosity=2)
Modified: incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py?rev=1493189&r1=1493188&r2=1493189&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py (original)
+++ incubator/ambari/trunk/ambari-agent/src/test/python/TestSecurity.py Fri Jun 14 17:51:12 2013
@@ -305,7 +305,12 @@ class TestSecurity(unittest.TestCase):
'signedCa': 'fail-crt'
}
- man.reqSignCrt()
+ # If certificate signing failed, then exception must be raised
+ try:
+ man.reqSignCrt()
+ self.fail()
+ except ssl.SSLError:
+ pass
self.assertFalse(open_mock.return_value.write.called)
# Test connection fail