[jira] [Created] (AMBARI-17225) Ambari Web UI stuck ON Repository Base URL validation when a local repository server is used and it's certificate is on the truststore that ambari is configured to use

Tue, 14 Jun 2016 07:08:13 -0700 

REYANE OUKPEDJO created AMBARI-17225:
----------------------------------------

             Summary: Ambari Web UI stuck ON Repository Base URL validation 
when a local repository server is used and it's certificate is on the 
truststore that ambari is configured to use
                 Key: AMBARI-17225
                 URL: https://issues.apache.org/jira/browse/AMBARI-17225
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.2.0
         Environment: REHL7
            Reporter: REYANE OUKPEDJO


a local repository server is set up with ssl enabled and ambari is configured 
to uses a truststore that has the local repository server certificate on it. 
Yet ambari is throwing the following error during base url validation:


13 Jun 2016 16:31:11,974  WARN [qtp-ambari-client-23] ServletHandler:563 - 
/api/v1/stacks/BigInsights/versions/4.2/operating_systems/redhat7/repositories/IOP-4.2
java.lang.IllegalStateException: Can't get secure connection to 
https://deployment.whac.local/repos/IOP/rhel/7/x86_64/4.2.0.0/beta/repodata/repomd.xml.
  Truststore path or password is not set.
        at 
org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:286)
        at 
org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:173)
        at 
org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:133)
        at 
org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:107)
        at 
org.apache.ambari.server.controller.internal.URLStreamProvider.readFrom(URLStreamProvider.java:112)
        at 
org.apache.ambari.server.controller.AmbariManagementControllerImpl.verifyRepository(AmbariManagementControllerImpl.java:3701)
        at 
org.apache.ambari.server.controller.AmbariManagementControllerImpl.updateRepositories(AmbariManagementControllerImpl.java:3639)
        at 
org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:120)
        at 
org.apache.ambari.server.controller.internal.RepositoryResourceProvider$4.invoke(RepositoryResourceProvider.java:117)
        at 
org.apache.ambari.server.controller.internal.AbstractResourceProvider.invokeWithRetry(AbstractResourceProvider.java:450)
        at 
org.apache.ambari.server.controller.internal.AbstractResourceProvider.modifyResources(AbstractResourceProvider.java:331)
        at 
org.apache.ambari.server.controller.internal.RepositoryResourceProvider.updateResources(RepositoryResourceProvider.java:117)
        at 
org.apache.ambari.server.controller.internal.ClusterControllerImpl.updateResources(ClusterControllerImpl.java:310)
        at 
org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl.update(PersistenceManagerImpl.java:104)
        at 
org.apache.ambari.server.api.handlers.UpdateHandler.persist(UpdateHandler.java:42)
        at 
org.apache.ambari.server.api.handlers.BaseManagementHandler.handleRequest(BaseManagementHandler.java:72)
        at 
org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest.java:135)
        at 
org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:106)
        at 
org.apache.ambari.server.api.services.BaseService.handleRequest(BaseService.java:75)
        at 
org.apache.ambari.server.api.services.RepositoryService.updateRepository(RepositoryService.java:145)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
        at 
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
        at 
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
        at 
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at 
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at 
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at 
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at 
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
        at 
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
        at 
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
        at 
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
        at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
        at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
        at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

Also note that the ambari configuration file : ambari.properties show the 
following lines :

ssl.trustStore.path=/etc/security/ambari-server-truststore
server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat
server.execution.scheduler.isClustered=false
server.stages.parallel=true
views.request.read.timeout.millis=10000
ssl.trustStore.type=jks
server.jdbc.database=postgres
ssl.trustStore.password=changeit
server.jdbc.database_name=ambari


As you can see the above suggests ambari is configured to use the trustore and 
yet it still complains with no path to the trsust store or password is not set.


Also I tried to use a java program that is able to pull the  repomd.xml using 
the same trust store that was set for ambari


[root@ip-10-155-82-180 ~]# java 
-Djavax.net.ssl.trustStore=/etc/security/ambari-server-truststore 
-Djsse.enableSNIExtension=false TestTrustStore 
https://deployment.whac.local/repos/IOP-UTILS/RHEL7/x86_64/1.2/repodata/repomd.xml
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo"; 
xmlns:rpm="http://linux.duke.edu/metadata/rpm";>
<revision>1461860617</revision>
<data type="filelists">
 <checksum 
type="sha256">bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427</checksum>
 <open-checksum 
type="sha256">b4d19a2f6912a1c41c242f94fd453dde4b538033e4dfb4ca7a3afc8f3baace15</open-checksum>
 <location 
href="repodata/bd49d23030e9e8f20f91d2c53966cb8ff4bf379632d34174202f6956464c2427-filelists.xml.gz"/>
 <timestamp>1461860618</timestamp>
 <size>2769</size>
 <open-size>18408</open-size>
</data>
<data type="primary">
 <checksum 
type="sha256">18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047</checksum>
 <open-checksum 
type="sha256">f42768d89bfdacbe49bfbc1263cc6365b93fbef118a07e5d1d25b0855c0af62e</open-checksum>
 <location 
href="repodata/18f9119bf687a492f7c88b91b44e7d25a6976b132497109e291419ec584ac047-primary.xml.gz"/>
 <timestamp>1461860618</timestamp>
 <size>4636</size>
 <open-size>23050</open-size>
</data>
<data type="primary_db">
 <checksum 
type="sha256">f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0</checksum>
 <open-checksum 
type="sha256">9819c0d684a4f9c89f487d02259081667be66234721d38b5c5fb3f2ecaf79466</open-checksum>
 <location 
href="repodata/f252f6463d7b3d0f84df4c03d0e93c5e5867086b14266c91f73eb679bbd239d0-primary.sqlite.bz2"/>
 <timestamp>1461860618.27</timestamp>
 <database_version>10</database_version>
 <size>9717</size>
 <open-size>41984</open-size>
</data>
<data type="other_db">
 <checksum 
type="sha256">2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7</checksum>
 <open-checksum 
type="sha256">832e44a958a10d0a4ee6437eaa6473f9f61b373aaf8b7689c0131f4345dcc93f</open-checksum>
 <location 
href="repodata/2d0172834288a09c90b976d3f571e36dccc8936c76d228b844c974e47992aef7-other.sqlite.bz2"/>
 <timestamp>1461860618.23</timestamp>
 <database_version>10</database_version>
 <size>4087</size>
 <open-size>13312</open-size>
</data>
<data type="other">
 <checksum 
type="sha256">b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4</checksum>
 <open-checksum 
type="sha256">1c2924c2566da9e6a4295989db59b34afbd66d03daf40a9d9a43fba6eeed042d</open-checksum>
 <location 
href="repodata/b58069c5d0b3541944e6a0c6a0f78cd0b3587c1c128b1eec2f7fab62777d50e4-other.xml.gz"/>
 <timestamp>1461860618</timestamp>
 <size>2477</size>
 <open-size>10948</open-size>
</data>
<data type="filelists_db">
 <checksum 
type="sha256">f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164</checksum>
 <open-checksum 
type="sha256">f2fdc37abc9df60b8f577d6dcb671fc1b67997ce67feae511ac73c1a2fe474a4</open-checksum>
 <location 
href="repodata/f235abde3b3b6231d12bbea20dd5edb9e3d34a2e1a40d21b7d1b9599ca909164-filelists.sqlite.bz2"/>
 <timestamp>1461860618.24</timestamp>
 <database_version>10</database_version>
 <size>5529</size>
 <open-size>17408</open-size>
</data>
</repomd>  

as you can see this works fine and I believe ambari should not complain about 
not finding the path to the trust store or the password not being set.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to