[jira] [Commented] (AMBARI-23850) PKIX SSL errors when creating SOLR index For Atlas when SSL is pre-enbaled

Robert Levas (JIRA) Fri, 25 May 2018 03:41:19 -0700

    [ 
https://issues.apache.org/jira/browse/AMBARI-23850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490543#comment-16490543
 ]


Robert Levas commented on AMBARI-23850:
---------------------------------------

[~Amer Issa], I needed to revert the patch for this. 

Your patch incorrectly sets the path to the credential store. Rather than 
looking in a local path on the file system, the path is set as the URL to 
obtain the CredentialUtil.jar file from Ambari's resources location: 
https://ambari-server:8443/resources/CredentialUtil.jar. Hence a failure to 
find the local path to https://ambari-server:8443/resources.

This happens at 
https://github.com/apache/ambari/pull/1276/files#diff-dfea3e17f6b4f03337f66169ad33816cR436:
{noformat}
truststore_password = 
PasswordString(get_password_from_credential_store('truststore.password', 
credential_provider, os.path.join(default_credential_shell_lib_path, '*'), 
java64_home, jdk_location))
{noformat}

Where {{default_credential_shell_lib_path}} has been previously set to 
{{jdk_location}} - which is the base URL to the Ambari resources directory 
(unfortunately, the name is misleading due to historical reasons).  
{{default_credential_shell_lib_path}} should really be the absolute path to the 
local directory where the CredentialUtil.jar file should be stored. 

See 
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py#L240
 for an example. 

See https://github.com/apache/ambari/pull/1378.

> PKIX SSL errors when creating SOLR index For Atlas when SSL is pre-enbaled
> --------------------------------------------------------------------------
>
>                 Key: AMBARI-23850
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23850
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk, 2.6.2
>            Reporter: Amer Issa
>            Priority: Minor
>
> When installing Atlas/Ranger with HTTPS ambari-infra (solr), the script does 
> not account for the truststore. By default we should be picking up the 
> truststore information from Ambari Infra. Failure to do so will result in 
> PKIX error. It happens when installing fresh and SSL is pre-enabled



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-23850) PKIX SSL errors when creating SOLR index For Atlas when SSL is pre-enbaled

Reply via email to