----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47715/ -----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko. Bugs: AMBARI-16810 https://issues.apache.org/jira/browse/AMBARI-16810 Repository: ambari Description ------- We hard-coded the Ambari Agents to ignore certification verification. But the reason why this was required was Python be un-secure by default: <https://access.redhat.com/articles/2039753> <https://www.python.org/dev/peps/pep-0476/> That method will cause signed certificates to not serve any purpose & is discouraged by RedHat & Python security experts: > "It is also possible, though highly discouraged , to globally disable verification by monkeypatching the ssl module in versions of Python" Instead we should abstract it to a setting (e.g. ssl_verify_cert) in the ambari-agent.ini such that users can turn certification verification if they provide a signed/trusted certificate. Diffs ----- ambari-agent/conf/unix/ambari-agent.ini 4ec16d6 ambari-agent/src/main/python/ambari_agent/AmbariConfig.py f849fd1 ambari-agent/src/main/python/ambari_agent/Controller.py aee0eec ambari-agent/src/main/python/ambari_agent/NetUtil.py 1d5cb29 ambari-agent/src/main/python/ambari_agent/main.py 5340239 Diff: https://reviews.apache.org/r/47715/diff/ Testing ------- mvn clean test Thanks, Andrew Onischuk