Repository: ambari Updated Branches: refs/heads/trunk d55dfc27f -> 6277a648c
AMBARI-20115 Ambari reports grafana service is down when its running causing other services to not start (dsen) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6277a648 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6277a648 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6277a648 Branch: refs/heads/trunk Commit: 6277a648c44e8f5540adf569cff10d494d3c701c Parents: d55dfc2 Author: Dmytro Sen <d...@apache.org> Authored: Fri Feb 24 14:39:27 2017 +0200 Committer: Dmytro Sen <d...@apache.org> Committed: Fri Feb 24 14:39:27 2017 +0200 ---------------------------------------------------------------------- .../src/main/python/ambari_commons/network.py | 41 ++++++++++++++++---- .../package/scripts/metrics_grafana_util.py | 27 +++++++++++-- 2 files changed, 57 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6277a648/ambari-common/src/main/python/ambari_commons/network.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/ambari_commons/network.py b/ambari-common/src/main/python/ambari_commons/network.py index b5b1cd6..9bc16ed 100644 --- a/ambari-common/src/main/python/ambari_commons/network.py +++ b/ambari-common/src/main/python/ambari_commons/network.py @@ -20,20 +20,47 @@ limitations under the License. import httplib import ssl +import socket +from ambari_commons.logging_utils import print_warning_msg from resource_management.core.exceptions import Fail +# overrides default httplib.HTTPSConnection implementation to use specified ssl version +class HTTPSConnectionWithCustomSslVersion(httplib.HTTPSConnection): + def __init__(self, host, port, ssl_version, **kwargs): + httplib.HTTPSConnection.__init__(self, host, port, **kwargs) + self.ssl_version = ssl_version + + def connect(self): + conn_socket = socket.create_connection((self.host, self.port), + self.timeout) + if getattr(self, '_tunnel_host', None): + self.sock = conn_socket + self._tunnel() + + self.sock = ssl.wrap_socket(conn_socket, self.key_file, self.cert_file, + ssl_version=self.ssl_version) + def get_http_connection(host, port, https_enabled=False, ca_certs=None): if https_enabled: + ssl_version = ssl.PROTOCOL_SSLv23 if ca_certs: - check_ssl_certificate(host, port, ca_certs) - return httplib.HTTPSConnection(host, port) + ssl_version = check_ssl_certificate_and_return_ssl_version(host, port, ca_certs) + return HTTPSConnectionWithCustomSslVersion(host, port, ssl_version) else: return httplib.HTTPConnection(host, port) -def check_ssl_certificate(host, port, ca_certs): +def check_ssl_certificate_and_return_ssl_version(host, port, ca_certs): try: - ssl.get_server_certificate((host, port), ssl_version=ssl.PROTOCOL_SSLv23, ca_certs=ca_certs) - except (ssl.SSLError) as ssl_error: - raise Fail("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2}" - .format(host, port, ca_certs)) + ssl_version = ssl.PROTOCOL_TLSv1 + ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs) + except ssl.SSLError as ssl_error: + print_warning_msg("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2} using ssl.PROTOCOL_TLSv1." + " Trying to use less secure ssl.PROTOCOL_SSLv23. Error : {3}".format(host, port, ca_certs, str(ssl_error))) + try: + ssl_version = ssl.PROTOCOL_SSLv23 + ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs) + except ssl.SSLError as ssl_error: + raise Fail("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate in {2}. Error : {3}" + .format(host, port, ca_certs, str(ssl_error))) + return ssl_version http://git-wip-us.apache.org/repos/asf/ambari/blob/6277a648/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py index a751330..95424f9 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py @@ -46,12 +46,16 @@ Server = namedtuple('Server', [ 'protocol', 'host', 'port', 'user', 'password' ] def perform_grafana_get_call(url, server): grafana_https_enabled = server.protocol.lower() == 'https' response = None + ca_certs = None + if grafana_https_enabled: + import params + ca_certs = params.ams_grafana_cert_file for i in xrange(0, GRAFANA_CONNECT_TRIES): try: conn = network.get_http_connection(server.host, int(server.port), - grafana_https_enabled) + grafana_https_enabled, ca_certs) userAndPass = b64encode('{0}:{1}'.format(server.user, server.password)) headers = { 'Authorization' : 'Basic %s' % userAndPass } @@ -82,9 +86,14 @@ def perform_grafana_put_call(url, id, payload, server): 'Authorization' : 'Basic %s' % userAndPass } grafana_https_enabled = server.protocol.lower() == 'https' + ca_certs = None + if grafana_https_enabled: + import params + ca_certs = params.ams_grafana_cert_file + for i in xrange(0, GRAFANA_CONNECT_TRIES): try: - conn = network.get_http_connection(server.host, int(server.port), grafana_https_enabled) + conn = network.get_http_connection(server.host, int(server.port), grafana_https_enabled, ca_certs) conn.request("PUT", url + "/" + str(id), payload, headers) response = conn.getresponse() data = response.read() @@ -112,12 +121,17 @@ def perform_grafana_post_call(url, payload, server): 'Authorization' : 'Basic %s' % userAndPass} grafana_https_enabled = server.protocol.lower() == 'https' + ca_certs = None + if grafana_https_enabled: + import params + ca_certs = params.ams_grafana_cert_file + for i in xrange(0, GRAFANA_CONNECT_TRIES): try: Logger.info("Connecting (POST) to %s:%s%s" % (server.host, server.port, url)) conn = network.get_http_connection(server.host, int(server.port), - grafana_https_enabled) + grafana_https_enabled, ca_certs) conn.request("POST", url, payload, headers) @@ -149,11 +163,16 @@ def perform_grafana_delete_call(url, server): grafana_https_enabled = server.protocol.lower() == 'https' response = None + ca_certs = None + if grafana_https_enabled: + import params + ca_certs = params.ams_grafana_cert_file + for i in xrange(0, GRAFANA_CONNECT_TRIES): try: conn = network.get_http_connection(server.host, int(server.port), - grafana_https_enabled) + grafana_https_enabled, ca_certs) userAndPass = b64encode('{0}:{1}'.format(server.user, server.password)) headers = { 'Authorization' : 'Basic %s' % userAndPass }