[
https://issues.apache.org/jira/browse/AMBARI-17666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15754632#comment-15754632
]
Hadoop QA commented on AMBARI-17666:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12843598/AMBARI-17666_test_trunk.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
ambari-server.
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/9703//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/9703//console
This message is automatically generated.
> Ambari agent can't start when TLSv1 is disabled in Java security
> ----------------------------------------------------------------
>
> Key: AMBARI-17666
> URL: https://issues.apache.org/jira/browse/AMBARI-17666
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
> Affects Versions: 2.2.0
> Reporter: Tuong Truong
> Assignee: Dmitry Lysnichenko
> Labels: security
> Fix For: 2.5.0
>
> Attachments: AMBARI-17666_test_trunk.patch
>
>
> Currently, the commit for https://issues.apache.org/jira/browse/AMBARI-14236
> explicit force the SSL protocol to TLSv1 in
> ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py. Unfortunate,
> this setting in effect whenever web_alert pacackged is loaded
> (ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py)
> regardless whether ssl is used or not.
> As a result, disabling TLSv1 in Ambari server will cause the agent to fail to
> start.
> Recreate:
> In Ambari's acitve JDK on Ambari server node, in java.security file, set
> jdk.tls.disabledAlgorithms=MD5, SSLv2, SSLv3, TLSv1, DSA, RC4, RSA keySize <
> 2048
> restart ambari-server, and you will see errors in ambari agent logs:
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:84 - [Errno 8] _ssl.c:492: EOF
> occurred in violation of protocol
> ERROR 2016-07-11 15:11:15,269 NetUtil.py:85 - SSLError: Failed to connect.
> Please check openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more
> details.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
