-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47715/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-16810
https://issues.apache.org/jira/browse/AMBARI-16810
Repository: ambari
Description
-------
We hard-coded the Ambari Agents to ignore certification
verification. But the reason why this was required was Python be un-secure by
default:
<https://access.redhat.com/articles/2039753>
<https://www.python.org/dev/peps/pep-0476/>
That method will cause signed certificates to not serve any purpose & is
discouraged by RedHat & Python security experts:
> "It is also possible, though highly discouraged , to globally disable
verification by monkeypatching the ssl module in versions of Python"
Instead we should abstract it to a setting (e.g. ssl_verify_cert) in the
ambari-agent.ini such that users can turn certification verification if they
provide a signed/trusted certificate.
Diffs
-----
ambari-agent/conf/unix/ambari-agent.ini 4ec16d6
ambari-agent/src/main/python/ambari_agent/AmbariConfig.py f849fd1
ambari-agent/src/main/python/ambari_agent/Controller.py aee0eec
ambari-agent/src/main/python/ambari_agent/NetUtil.py 1d5cb29
ambari-agent/src/main/python/ambari_agent/main.py 5340239
Diff: https://reviews.apache.org/r/47715/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
