[
https://issues.apache.org/jira/browse/AMBARI-14236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15375378#comment-15375378
]
Robert Levas edited comment on AMBARI-14236 at 7/13/16 5:19 PM:
----------------------------------------------------------------
[~tctruong213]
The fix [~aonishuk] provided in this patch appears to force TLSv1. The code is
{code:title=ambari_agent/alerts/web_alert.py:56}
# patch ssl module to fix SSLv3 communication bug
# for more info see
http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit
def sslwrap(func):
@wraps(func)
def bar(*args, **kw):
kw['ssl_version'] = ssl.PROTOCOL_TLSv1
return func(*args, **kw)
return bar
ssl.wrap_socket = sslwrap(ssl.wrap_socket)
{code}
As a work around, I have done the following:
# Stop Ambari Agent
# Edit {{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.py}}
and comment out the code above
# Remove
{{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.pyc}}, note
the *PYC* extension
# Start Ambari Agent
I still want to investigate the real solution, however I believe that
http://bugs.python.org/issue11220 describes possible solutions for SSLv3 - See
http://bugs.python.org/issue11220#msg128686.
was (Author: rlevas):
[~tctruong213]
The fix [~aonishuk] provided in this patch appears to for TLSV1. The code is
{code:title=ambari_agent/alerts/web_alert.py:56}
# patch ssl module to fix SSLv3 communication bug
# for more info see
http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit
def sslwrap(func):
@wraps(func)
def bar(*args, **kw):
kw['ssl_version'] = ssl.PROTOCOL_TLSv1
return func(*args, **kw)
return bar
ssl.wrap_socket = sslwrap(ssl.wrap_socket)
{code}
As a work around, I have done the following:
# Stop Ambari Agent
# Edit {{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.py}}
and comment out the code above
# Remove
{{/usr/lib/python2.6/site-packages/ambari_agent/alerts/web_alert.pyc}}, note
the *PYC* extension
# Start Ambari Agent
I still want to investigate the real solution, however I believe that
http://bugs.python.org/issue11220 describes possible solutions for SSLv3 - See
http://bugs.python.org/issue11220#msg128686.
> HDFS and Yarn alerts in https mode when kerberos is disabled
> ------------------------------------------------------------
>
> Key: AMBARI-14236
> URL: https://issues.apache.org/jira/browse/AMBARI-14236
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 2.2.0
>
>
> From NN logs:
>
>
> javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
> at
> sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637)
> at sun.security.ssl.InputRecord.read(InputRecord.java:527)
> at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
> at
> org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>
> Please check the live cluster for debugging: <https://172.22.74.208:8080>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
