[jira] [Updated] (AMBARI-9581) curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled

Wed, 11 Feb 2015 15:09:52 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-9581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Onischuk updated AMBARI-9581:
------------------------------------
    Description: 
requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.

Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. Customer inquired about disabling 
curl
calls in hive.py, or replacing curl with wget.

STR:

  * enable SSL in Ambari
  * add to ambari.properties: 
security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
  * attempt to restart Hive via Ambari



  was:
PROBLEM: requires SSLv3 and TLSv1.0 to be disabled for security reasons
(see EAR - 660 & AMBARI-8019). The version of curl packaged with RHEL 6 does
not support newer versions of TLS. More recent versions of curl do support TLS
v1.1+ however they must use official packages with their automation system.

Ambari relies on curl when starting Hive, to download the DB connector jar, so
they are unable to start Hive using Ambari. Customer inquired about disabling 
curl
calls in hive.py, or replacing curl with wget.

BUSINESS IMPACT: Manual hive control instructions were provided as a
workaround. Customer wants to know what options are available to have full
Ambari functionality with the given constraints.

STEPS TO REPRODUCE:

  * enable SSL in Ambari
  * add to ambari.properties: 
security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
  * attempt to restart Hive via Ambari

SUPPORT ANALYSIS: A hotfix was delivered (see attachments hive.py &
hive_service.py).




> curl unable to connect to Ambari when SSLv3 and TLSv1 is disabled
> -----------------------------------------------------------------
>
>                 Key: AMBARI-9581
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9581
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 2.0.0
>
>
> requires SSLv3 and TLSv1.0 to be disabled for security reasons
> (see AMBARI-8019). The version of curl packaged with RHEL 6 does
> not support newer versions of TLS. More recent versions of curl do support TLS
> v1.1+ however they must use official packages with their automation system.
> Ambari relies on curl when starting Hive, to download the DB connector jar, so
> they are unable to start Hive using Ambari. Customer inquired about disabling 
> curl
> calls in hive.py, or replacing curl with wget.
> STR:
>   * enable SSL in Ambari
>   * add to ambari.properties: 
> security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1
>   * attempt to restart Hive via Ambari



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to