AMBARI-18512. Ambari-Server restart causes all host components to go in Heartbeat Lost state indefinitely. (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2fc9a477 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2fc9a477 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2fc9a477 Branch: refs/heads/branch-dev-patch-upgrade Commit: 2fc9a477842ddd25057e07d084b31b7147c4f3bd Parents: a901d8a Author: Andrew Onishuk <aonis...@hortonworks.com> Authored: Wed Oct 5 15:55:42 2016 +0300 Committer: Andrew Onishuk <aonis...@hortonworks.com> Committed: Wed Oct 5 15:55:42 2016 +0300 ---------------------------------------------------------------------- .../python/ambari_agent/alerts/web_alert.py | 12 ++--------- .../main/python/ambari_commons/inet_utils.py | 21 ++++++++++++++++++++ .../HDFS/2.1.0.2.0/package/scripts/utils.py | 15 ++------------ 3 files changed, 25 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/2fc9a477/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py index 42ad96b..6caf1d0 100644 --- a/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py +++ b/ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py @@ -33,7 +33,7 @@ from resource_management.libraries.functions.get_port_from_url import get_port_f from resource_management.libraries.functions.get_path_from_url import get_path_from_url from resource_management.libraries.functions.curl_krb_request import curl_krb_request from ambari_commons import OSCheck -from ambari_commons.inet_utils import resolve_address +from ambari_commons.inet_utils import resolve_address, ensure_ssl_using_tls_v1 from ambari_agent import Constants # hashlib is supplied as of Python 2.5 as the replacement interface for md5 @@ -54,15 +54,7 @@ DEFAULT_CONNECTION_TIMEOUT = 5 WebResponse = namedtuple('WebResponse', 'status_code time_millis error_msg') -# patch ssl module to fix SSLv3 communication bug -# for more info see http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit -def sslwrap(func): - @wraps(func) - def bar(*args, **kw): - kw['ssl_version'] = ssl.PROTOCOL_TLSv1 - return func(*args, **kw) - return bar -ssl.wrap_socket = sslwrap(ssl.wrap_socket) +ensure_ssl_using_tls_v1() class WebAlert(BaseAlert): http://git-wip-us.apache.org/repos/asf/ambari/blob/2fc9a477/ambari-common/src/main/python/ambari_commons/inet_utils.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/ambari_commons/inet_utils.py b/ambari-common/src/main/python/ambari_commons/inet_utils.py index 987c761..b5cea75 100644 --- a/ambari-common/src/main/python/ambari_commons/inet_utils.py +++ b/ambari-common/src/main/python/ambari_commons/inet_utils.py @@ -22,6 +22,7 @@ import os import sys import urllib2 import socket +from functools import wraps from exceptions import FatalException, NonFatalException, TimeoutError @@ -181,3 +182,23 @@ def resolve_address(address): if address == '0.0.0.0': return '127.0.0.1' return address + +def ensure_ssl_using_tls_v1(): + """ + Monkey patching ssl module to force it use tls_v1. Do this in common module to avoid problems with + PythonReflectiveExecutor. + :return: + """ + from functools import wraps + import ssl + if hasattr(ssl.wrap_socket, "_ambari_patched"): + return # do not create chain of wrappers, patch only once + def sslwrap(func): + @wraps(func) + def bar(*args, **kw): + import ssl + kw['ssl_version'] = ssl.PROTOCOL_TLSv1 + return func(*args, **kw) + bar._ambari_patched = True + return bar + ssl.wrap_socket = sslwrap(ssl.wrap_socket) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/2fc9a477/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py index 966efa2..4577ad2 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py @@ -34,21 +34,10 @@ from resource_management.libraries.functions.curl_krb_request import curl_krb_re from resource_management.core.exceptions import Fail from resource_management.libraries.functions.namenode_ha_utils import get_namenode_states from resource_management.libraries.functions.show_logs import show_logs - +from ambari_commons.inet_utils import ensure_ssl_using_tls_v1 from zkfc_slave import ZkfcSlaveDefault -import ssl -from functools import wraps - -# patch ssl module to fix SSLv3 communication bug -# for more info see http://stackoverflow.com/questions/9835506/urllib-urlopen-works-on-sslv3-urls-with-python-2-6-6-on-1-machine-but-not-wit -def sslwrap(func): - @wraps(func) - def bar(*args, **kw): - kw['ssl_version'] = ssl.PROTOCOL_TLSv1 - return func(*args, **kw) - return bar -ssl.wrap_socket = sslwrap(ssl.wrap_socket) +ensure_ssl_using_tls_v1() def safe_zkfc_op(action, env): """