-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56751/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-20049
https://issues.apache.org/jira/browse/AMBARI-20049
Repository: ambari
Description
-------
We have fallback logic since a long time in the agent to try to connect to the
server with 2-way SSL if one-way SSL throws an exception. This can cause some
agents to connect with 2-way SSL (connection timeout exception for one-way
SSL) and thereby a cluster having a mix of agents, some connected with one-way
SSL and some connected with 2-way SSL.
Investigate why we have had this logic and if it is no longer appropriate,
remove this fallback logic.
<https://github.com/apache/ambari/blob/trunk/ambari-
agent/src/main/python/ambari_agent/security.py#L57-L67>
if not self.two_way_ssl_required:
try:
sock = self.create_connection()
self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
logger.info('SSL connection established. Two-way SSL authentication
is '
'turned off on the server.')
except (ssl.SSLError, AttributeError):
self.two_way_ssl_required = True
logger.info(
'Insecure connection to https://' + self.host + ':' + self.port +
'/ failed. Reconnecting using two-way SSL authentication..')
Diffs
-----
ambari-agent/src/main/python/ambari_agent/security.py 779b85c
ambari-agent/src/test/python/ambari_agent/TestSecurity.py 9e28ae7
Diff: https://reviews.apache.org/r/56751/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
