----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47715/#review134355 -----------------------------------------------------------
Ship it! Ship It! - Vitalyi Brodetskyi On Травень 23, 2016, 6:46 до полудня, Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47715/ > ----------------------------------------------------------- > > (Updated Травень 23, 2016, 6:46 до полудня) > > > Review request for Ambari and Dmitro Lisnichenko. > > > Bugs: AMBARI-16810 > https://issues.apache.org/jira/browse/AMBARI-16810 > > > Repository: ambari > > > Description > ------- > > We hard-coded the Ambari Agents to ignore certification > verification. But the reason why this was required was Python be un-secure by > default: > <https://access.redhat.com/articles/2039753> > <https://www.python.org/dev/peps/pep-0476/> > > That method will cause signed certificates to not serve any purpose & is > discouraged by RedHat & Python security experts: > > > "It is also possible, though highly discouraged , to globally disable > verification by monkeypatching the ssl module in versions of Python" > > Instead we should abstract it to a setting (e.g. ssl_verify_cert) in the > ambari-agent.ini such that users can turn certification verification if they > provide a signed/trusted certificate. > > > Diffs > ----- > > ambari-agent/conf/unix/ambari-agent.ini 4ec16d6 > ambari-agent/src/main/python/ambari_agent/AmbariConfig.py f849fd1 > ambari-agent/src/main/python/ambari_agent/Controller.py aee0eec > ambari-agent/src/main/python/ambari_agent/NetUtil.py 1d5cb29 > ambari-agent/src/main/python/ambari_agent/main.py 5340239 > > Diff: https://reviews.apache.org/r/47715/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Andrew Onischuk > >