Repository: ambari Updated Branches: refs/heads/trunk c7809d99d -> 064be9fe5
AMBARI-17770 HDFS Service Check failure on Wireencrypted clusters with Ambari2400+HDP2.4.2.0 (dsen) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/064be9fe Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/064be9fe Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/064be9fe Branch: refs/heads/trunk Commit: 064be9fe538e5d7e7db3337d019df810ebdbcde4 Parents: c7809d9 Author: Dmytro Sen <[email protected]> Authored: Mon Jul 18 18:53:22 2016 +0300 Committer: Dmytro Sen <[email protected]> Committed: Mon Jul 18 18:53:22 2016 +0300 ---------------------------------------------------------------------- .../HDFS/2.1.0.2.0/package/files/checkWebUI.py | 45 ++++++++++++++++---- 1 file changed, 37 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/064be9fe/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py index aa60ffc..ddeb116 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/files/checkWebUI.py @@ -20,7 +20,43 @@ limitations under the License. import optparse import httplib +import socket +import ssl +class TLS1HTTPSConnection(httplib.HTTPSConnection): + """ + Some of python implementations does not work correctly with sslv3 but trying to use it, we need to change protocol to + tls1. + """ + def __init__(self, host, port, **kwargs): + httplib.HTTPSConnection.__init__(self, host, port, **kwargs) + + def connect(self): + sock = socket.create_connection((self.host, self.port), self.timeout) + if getattr(self, '_tunnel_host', None): + self.sock = sock + self._tunnel() + self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1) + +def make_connection(host, port, https): + try: + conn = httplib.HTTPConnection(host, port) if not https else httplib.HTTPSConnection(host, port) + conn.request("GET", "/") + return conn.getresponse().status + except ssl.SSLError: + # got ssl error, lets try to use TLS1 protocol, maybe it will work + try: + tls1_conn = TLS1HTTPSConnection(host, port) + tls1_conn.request("GET", "/") + return tls1_conn.getresponse().status + except Exception as e: + print e + finally: + tls1_conn.close() + except Exception as e: + print e + finally: + conn.close() # # Main. # @@ -37,14 +73,7 @@ def main(): https = options.https for host in hosts: - try: - conn = httplib.HTTPConnection(host, port) if not https.lower() == "true" else httplib.HTTPSConnection(host, port) - # This can be modified to get a partial url part to be sent with request - conn.request("GET", "/") - httpCode = conn.getresponse().status - conn.close() - except Exception: - httpCode = 404 + httpCode = make_connection(host, port, https.lower() == "true") if httpCode != 200: print "Cannot access WEB UI on: http://"; + host + ":" + port if not https.lower() == "true" else "Cannot access WEB UI on: https://"; + host + ":" + port
