----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19069/#review37228 -----------------------------------------------------------
Ship it! Ship It! - Dmytro Shkvyra On March 12, 2014, 11:16 a.m., Dmytro Sen wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19069/ > ----------------------------------------------------------- > > (Updated March 12, 2014, 11:16 a.m.) > > > Review request for Ambari, Dmytro Shkvyra and Sid Wagle. > > > Bugs: AMBARI-5040 > https://issues.apache.org/jira/browse/AMBARI-5040 > > > Repository: ambari > > > Description > ------- > > Steps to reproduce: > > On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties > with a text editor. > > Add the following property: > security.server.two_way_ssl = true > > Error message > {noformat} > INFO 2014-03-07 13:57:17,184 security.py:184 - Agent certificate not exists, > sending sign request > INFO 2014-03-07 13:57:17,335 security.py:89 - SSL Connect being called.. > connecting to the server > ERROR 2014-03-07 13:57:17,414 security.py:76 - Two-way SSL authentication > failed. Ensure that server and agent certificates were signed by the same CA > and restart the agent. > In order to receive a new agent certificate, remove existing certificate file > from keys directory. As a workaround you can turn off two-way SSL > authentication in server configuration(ambari.properties) > Exiting.. > {noformat} > > > Diffs > ----- > > ambari-server/conf/unix/ca.config d838131 > ambari-server/pom.xml 24c78ff > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > c02d633 > > ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java > d0f7dba > ambari-server/src/main/resources/ca.config 7324275 > > ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java > b73b5c8 > > Diff: https://reviews.apache.org/r/19069/diff/ > > > Testing > ------- > > [INFO] > ------------------------------------------------------------------------ > [INFO] Reactor Summary: > [INFO] > [INFO] Ambari Main ....................................... SUCCESS [0.067s] > [INFO] Apache Ambari Project POM ......................... SUCCESS [0.024s] > [INFO] Ambari Web ........................................ SUCCESS [8.043s] > [INFO] Ambari Views ...................................... SUCCESS [1.468s] > [INFO] Ambari Server ..................................... SUCCESS > [10:32.770s] > [INFO] Ambari Agent ...................................... SUCCESS [11.600s] > [INFO] Ambari Client ..................................... SUCCESS [0.414s] > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > > > INFO 2014-03-12 11:06:08,451 security.py:89 - SSL Connect being called.. > connecting to the server > INFO 2014-03-12 11:06:08,609 security.py:56 - Insecure connection to > https://c6401.ambari.apache.org:8441/ failed. Reconnecting using two-way SSL > authentication.. > INFO 2014-03-12 11:06:08,610 security.py:168 - Server certicate not exists, > downloading > INFO 2014-03-12 11:06:08,610 security.py:191 - Downloading server cert from > https://c6401.ambari.apache.org:8440/cert/ca/ > INFO 2014-03-12 11:06:08,731 security.py:176 - Agent key not exists, > generating request > INFO 2014-03-12 11:06:08,731 security.py:231 - openssl req -new -newkey > rsa:1024 -nodes -keyout > /var/lib/ambari-agent/keys/c6401.ambari.apache.org.key -subj > /OU=c6401.ambari.apache.org/ -out > /var/lib/ambari-agent/keys/c6401.ambari.apache.org.csr > INFO 2014-03-12 11:06:08,953 security.py:184 - Agent certificate not exists, > sending sign request > INFO 2014-03-12 11:06:09,125 security.py:89 - SSL Connect being called.. > connecting to the server > INFO 2014-03-12 11:06:09,205 security.py:73 - SSL connection established. > Two-way SSL authentication completed successfully. > > > Thanks, > > Dmytro Sen > >
