[
https://issues.apache.org/jira/browse/AMBARI-9581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Onischuk resolved AMBARI-9581.
-------------------------------------
Resolution: Fixed
Committed to trunk
> curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
> -----------------------------------------------------------------
>
> Key: AMBARI-9581
> URL: https://issues.apache.org/jira/browse/AMBARI-9581
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 2.0.0
>
>
> PROBLEM: AIG requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. AIG inquired about disabling curl
> calls in hive.py, or replacing curl with wget.
> BUSINESS IMPACT: Manual hive control instructions were provided as a
> workaround. Customer wants to know what options are available to have full
> Ambari functionality with the given constraints.
> STEPS TO REPRODUCE:
> * enable SSL in Ambari
> * add to ambari.properties:
> security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
> * attempt to restart Hive via Ambari
> SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
> hive_service.py).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
