-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63735/
-----------------------------------------------------------
Review request for Ambari, Attila Magyar, Andrew Onischuk, Balázs Bence Sári,
Eugene Chekanskiy, Jonathan Hurley, Robert Nettleton, Swapan Shridhar, and
Vitalyi Brodetskyi.
Bugs: AMBARI-22417
https://issues.apache.org/jira/browse/AMBARI-22417
Repository: ambari
Description
-------
Ambari checks fail with FIPS mode is activated on the OS (Rhel7). FIPS mode
disables weak ciphers (such as MD5).
Ambari code is doing
```
ccache_file_name = _md5("
{0}|{1}".format(principal, keytab)).hexdigest(). MD5 is disabled on the OS
(RHEL7) so ambari throws errors.
```
- All service checks fail, Ranger KMS start fails via ambari.
- However all the services are actually running and fine.
- Also Ranger KMS succesfully started from command Line
Here is the stack trace from Ambari
```
service_check
params.kinit_path_local, False, None, params.smoke_user)
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/curl_krb_request.py",
line 109, in curl_krb_request
ccache_file_name = _md5("{0}
|
{1}
".format(principal, keytab)).hexdigest()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled
for fips
```
Fix:
MD5 is disabled on the OS, Code needs to be updated to use SHA?
This is required when FIPS mode is enabled on the RHEL OS
Diffs
-----
ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
95e8625d67
Diff: https://reviews.apache.org/r/63735/diff/1/
Testing
-------
Manually tested
Thanks,
Robert Levas
