You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/02/11 21:45:07 UTC
Review Request 30889: curl unable to connect to Ambari when SSLv3 and
TLSv1 is disabled
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-9581
https://issues.apache.org/jira/browse/AMBARI-9581
Repository: ambari
Description
-------
PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.
BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
Diffs
-----
ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
ambari-common/src/main/python/resource_management/core/environment.py b96765e
ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
Diff: https://reviews.apache.org/r/30889/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 30889: curl unable to connect to Ambari when SSLv3
and TLSv1 is disabled
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/#review72137
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On Feb. 12, 2015, 11:59 a.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30889/
> -----------------------------------------------------------
>
> (Updated Feb. 12, 2015, 11:59 a.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-9581
> https://issues.apache.org/jira/browse/AMBARI-9581
>
>
> Repository: ambari
>
>
> Description
> -------
>
> PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
> ( AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
>
> STEPS TO REPRODUCE:
>
> * enable SSL in Ambari
> * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
> * attempt to restart Hive via Ambari
>
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).
>
>
> Diffs
> -----
>
> ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
> ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
> ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
> ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2761c5b
> ambari-agent/src/test/python/resource_management/TestContentSources.py 651ff83
> ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
> ambari-common/src/main/python/resource_management/core/environment.py b96765e
> ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
> ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
> ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
> ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
> ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
> ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
> ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
> ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
>
> Diff: https://reviews.apache.org/r/30889/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 30889: curl unable to connect to Ambari when SSLv3
and TLSv1 is disabled
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/
-----------------------------------------------------------
(Updated Feb. 12, 2015, 11:59 a.m.)
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-9581
https://issues.apache.org/jira/browse/AMBARI-9581
Repository: ambari
Description (updated)
-------
PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
( AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
Diffs
-----
ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2761c5b
ambari-agent/src/test/python/resource_management/TestContentSources.py 651ff83
ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
ambari-common/src/main/python/resource_management/core/environment.py b96765e
ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
Diff: https://reviews.apache.org/r/30889/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 30889: curl unable to connect to Ambari when SSLv3
and TLSv1 is disabled
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/
-----------------------------------------------------------
(Updated Feb. 12, 2015, 11:58 a.m.)
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-9581
https://issues.apache.org/jira/browse/AMBARI-9581
Repository: ambari
Description
-------
PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.
BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
Diffs (updated)
-----
ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2761c5b
ambari-agent/src/test/python/resource_management/TestContentSources.py 651ff83
ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
ambari-common/src/main/python/resource_management/core/environment.py b96765e
ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
Diff: https://reviews.apache.org/r/30889/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 30889: curl unable to connect to Ambari when SSLv3
and TLSv1 is disabled
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/
-----------------------------------------------------------
(Updated Feb. 11, 2015, 8:50 p.m.)
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-9581
https://issues.apache.org/jira/browse/AMBARI-9581
Repository: ambari
Description
-------
PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.
Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. AIG inquired about disabling curl
calls in hive.py, or replacing curl with wget.
BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.
STEPS TO REPRODUCE:
* enable SSL in Ambari
* add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
* attempt to restart Hive via Ambari
SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).
Diffs (updated)
-----
ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
ambari-common/src/main/python/resource_management/core/environment.py b96765e
ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
Diff: https://reviews.apache.org/r/30889/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 30889: curl unable to connect to Ambari when SSLv3
and TLSv1 is disabled
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30889/#review72019
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On Feb. 11, 2015, 8:45 p.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30889/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2015, 8:45 p.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-9581
> https://issues.apache.org/jira/browse/AMBARI-9581
>
>
> Repository: ambari
>
>
> Description
> -------
>
> PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
>
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. AIG inquired about disabling curl
> calls in hive.py, or replacing curl with wget.
>
> BUSINESS IMPACT: Manual hive control instructions were provided as a
> workaround. Customer wants to know what options are available to have full
> Ambari functionality with the given constraints.
>
> STEPS TO REPRODUCE:
>
> * enable SSL in Ambari
> * add to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
> * attempt to restart Hive via Ambari
>
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).
>
>
> Diffs
> -----
>
> ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py 66b1758
> ambari-agent/src/main/python/ambari_agent/Controller.py f8a9f04
> ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 660bddf
> ambari-common/src/main/python/resource_management/core/constants.py 4e4a89e
> ambari-common/src/main/python/resource_management/core/environment.py b96765e
> ambari-common/src/main/python/resource_management/core/source.py 22e1c6d
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 9b32b92
> ambari-common/src/main/python/resource_management/libraries/functions/constants.py PRE-CREATION
> ambari-common/src/main/python/resource_management/libraries/script/__init__.py 72d3aaf
> ambari-common/src/main/python/resource_management/libraries/script/script.py 683397a
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ef31ae7
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode_upgrade.py 15d2b8e
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py df7063b
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b9677e7
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py 410fb9a
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b4bafac
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py 3fe6da4
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py e1356ca
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py fe1d995
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py d128cff
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py 055ab40
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py dd2c57e
> ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py 17f68ff
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 3c3bf7e
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ef34cab
> ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py e0c683c
> ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ca5d789
> ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py eeec7ff
> ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py 8c9dce8
> ambari-server/src/test/python/stacks/utils/RMFTestCase.py 5f47a28
>
> Diff: https://reviews.apache.org/r/30889/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>