Christian Danner created AMBARI-24579:
-----------------------------------------
Summary: Wrong Ambari Alert of HiveServer2 Process critical due to
unescaped password of keystore
Key: AMBARI-24579
URL: https://issues.apache.org/jira/browse/AMBARI-24579
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.6.2
Environment: Ambari 2.6.2.2
HDP 2.6.5.0
Reporter: Christian Danner
After Enabling SSL for Hive Server 2, Ambari Alerts showing "HiveServer2
Process critical".
When the keystore passphrase is having spacial characters like '(', ')' , '\{'
or '}' the alert in Ambari is triggered and the following traceback is shown:
{code:java}
Connection failed on host hive.server2.example.com:10000 (Traceback (most
recent call last):
File
"/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/alerts/alert_hive_thrift_port.py",
line 212, in execute
ldap_password=ldap_password)
File
"/usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py",
line 81, in check_thrift_port_sasl
timeout_kill_strategy=TerminateStrategy.KILL_PROCESS_TREE,
File "/usr/lib/ambari-agent/lib/resource_management/core/base.py", line 166, in
__init__
self.env.run()
File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line
160, in run
self.run_action(resource, action)
File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line
124, in run_action
provider_action()
File "/usr/lib/ambari-agent/lib/resource_management/core/providers/system.py",
line 262, in action_run
tries=self.resource.tries, try_sleep=self.resource.try_sleep)
File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 72, in
inner
result = function(command, **kwargs)
File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 102,
in checked_call
tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy)
File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 150,
in _call_wrapper
result = _call(command, **kwargs_copy)
File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 303,
in _call
raise ExecutionFailed(err_msg, code, out, err)
ExecutionFailed: Execution of '! beeline -u
'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]'
-e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL''
returned 1. -bash: -c: line 0: syntax error near unexpected token `('
-bash: -c: line 0: `export
PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/sbin:/sbin:/usr/lib/ambari-server/*:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/mit/bin:/var/lib/ambari-agent:/var/lib/ambari-agent:/bin/:/usr/bin/:/usr/lib/hive/bin/:/usr/sbin/'
; ! beeline -u
'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]'
-e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL''
)
{code}
Therefore I am suggesting that the password should be escaped before handing
over to bash in the following file:
{code:java}
/usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py
{code}
Line 60:
{code:java}
beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}',
'trustStorePassword={ssl_password!p}'])
{code}
should be replaced to this:
{code:java}
beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}',
'trustStorePassword=\'{ssl_password!p}\''])
{code}
This solved my problem on my cluster.
Since I am new to the community and don't know the process and was not able to
find the right repository to change it I am going this way by explaining my
solution.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
