This is an automated email from the ASF dual-hosted git repository. aonishuk pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
commit 5cda3d3cd683063c77e0374b6bc50a398cf70097 Author: Srikanth Janardhan <sjanard...@hortonworks.com> AuthorDate: Mon Jun 11 14:45:25 2018 +0530 AMBARI-24070. Added missing 2-way SSL logs --- .../src/main/python/ambari_agent/security.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py index 563771a..99e0dcc 100644 --- a/ambari-agent/src/main/python/ambari_agent/security.py +++ b/ambari-agent/src/main/python/ambari_agent/security.py @@ -63,6 +63,10 @@ class VerifiedHTTPSConnection: if not self.two_way_ssl_required: conn = AmbariStompConnection(self.connection_url) + self.establish_connection(conn) + logger.info('SSL connection established. Two-way SSL authentication is ' + 'turned off on the server.') + return conn else: self.certMan = CertificateManager(self.config, self.host) self.certMan.initSecurity() @@ -79,8 +83,21 @@ class VerifiedHTTPSConnection: conn = AmbariStompConnection(self.connection_url, ssl_options=ssl_options) - self.establish_connection(conn) - return conn + try: + self.establish_connection(conn) + logger.info('SSL connection established. Two-way SSL authentication ' + 'completed successfully.') + except ambari_stomp.exception.ConnectFailedException as err: + logger.error('Two-way SSL authentication failed. Ensure that ' + 'server and agent certificates were signed by the same CA ' + 'and restart the agent. ' + '\nIn order to receive a new agent certificate, remove ' + 'existing certificate file from keys directory. As a ' + 'workaround you can turn off two-way SSL authentication in ' + 'server configuration(ambari.properties) ' + '\nExiting..') + raise err + return conn def establish_connection(self, conn): """ -- To stop receiving notification emails like this one, please contact aonis...@apache.org.