Review Request 19069: 2-way auth fails when using jdk7

Dmytro Sen Wed, 12 Mar 2014 04:17:26 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19069/
-----------------------------------------------------------


Review request for Ambari, Dmytro Shkvyra and Sid Wagle.


Bugs: AMBARI-5040
    https://issues.apache.org/jira/browse/AMBARI-5040


Repository: ambari


Description
-------

Steps to reproduce:

On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with 
a text editor.

Add the following property:
security.server.two_way_ssl = true

Error message
{noformat}
INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, 
sending sign request
INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. 
connecting to the server
ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication 
failed. Ensure that server and agent certificates were signed by the same CA 
and restart the agent. 
In order to receive a new agent certificate, remove existing certificate file 
from keys directory. As a workaround you can turn off two-way SSL 
authentication in server configuration(ambari.properties) 
Exiting..
{noformat}


Diffs
-----

  ambari-server/conf/unix/ca.config d838131 
  ambari-server/pom.xml 24c78ff 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 c02d633 
  
ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
 d0f7dba 
  ambari-server/src/main/resources/ca.config 7324275 
  
ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java
 b73b5c8 

Diff: https://reviews.apache.org/r/19069/diff/


Testing
-------

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Ambari Main ....................................... SUCCESS [0.067s]
[INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s]
[INFO] Ambari Web ........................................ SUCCESS [8.043s]
[INFO] Ambari Views ...................................... SUCCESS [1.468s]
[INFO] Ambari Server ..................................... SUCCESS [10:32.770s]
[INFO] Ambari Agent ...................................... SUCCESS [11.600s]
[INFO] Ambari Client ..................................... SUCCESS [0.414s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS


INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. 
connecting to the server
INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to 
https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL 
authentication..
INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, 
downloading
INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from 
https://c6401.ambari.apache.org:8440/cert/ca/
INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, generating 
request
INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey 
rsa:1024 -nodes -keyout /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key  
-subj /OU=c6401.ambari.apache.org/        -out 
/var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr
INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, 
sending sign request
INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. 
connecting to the server
INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. 
Two-way SSL authentication completed successfully.


Thanks,

Dmytro Sen

Review Request 19069: 2-way auth fails when using jdk7

Reply via email to