During agent registration. They all fail to register because the ssl cert validation fails and it can't connect to the ambari server.
I should note that we *are not* using bootstrapping. We preinstall the agents manually. Nothing has changed since it was working other than updating to the latest CentOS and Ambari updates (still Ambari 1.7.0, though, we're not using trunk or anything). Greg On 1/7/15 2:54 PM, "Erin Boyd" <[email protected]> wrote: >When do you get this error? During registration or some other time? > >Erin > >----- Original Message ----- >From: "Greg Hill" <[email protected]> >To: "Erin Boyd" <[email protected]>, [email protected] >Sent: Wednesday, January 7, 2015 1:52:03 PM >Subject: Re: ssl changes recently? > >[root@ambari ~]# rpm -qa | grep openssl >openssl-1.0.1e-30.el6_6.4.x86_64 > > >We apparently have an even newer version. Perhaps they broke something >else more recently? We just spun up this image yesterday with the latest >CentOS 6.5 stuff. > >Greg > >On 1/7/15 2:48 PM, "Erin Boyd" <[email protected]> wrote: > >>Hey Greg, >>On RHEL 6.5 we got a similar error during agent registration. >>Here is the workaround: >>http://hortonworks.com/community/forums/topic/ambari-agent-registration-f >>a >>ilure-on-rhel-6-5-due-to-openssl-2/ >> >>Hope that helps, >>Erin >> >> >>----- Original Message ----- >>From: "Greg Hill" <[email protected]> >>To: [email protected] >>Sent: Wednesday, January 7, 2015 1:44:40 PM >>Subject: ssl changes recently? >> >>I sent this to the wrong list earlier. >> >>I recently updated our Ambari 1.7.0 image and am now getting SSL errors >>from the agents: >> >>INFO 2015-01-07 16:59:02,116 NetUtil.py:48 - Connecting to >>https://ambari.local:8440/ca >>ERROR 2015-01-07 16:59:02,645 NetUtil.py:66 - [SSL: >>CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) >>ERROR 2015-01-07 16:59:02,646 NetUtil.py:67 - SSLError: Failed to >>connect. Please check openssl library versions. >>Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more >>details. >>WARNING 2015-01-07 16:59:02,651 NetUtil.py:92 - Server at >>https://ambari.local:8440<https://ambari.local:8440/> is not reachable, >>sleeping for 10 secondsÅ >> >>We're just using the default SSL certs that Ambari creates for agent >>communication. This worked up until we made this new image, which pull >>in upstream CentOS system updates. >> >>Is it possible that some change in upstream has broken this for Ambari? >>Is there a workaround? >> >>I have noticed that the "server_crt" (/var/lib/ambari-agent/keys/ca.crt) >>does not exist on the hosts. Is this something I'm supposed to inject? >>We weren't before, but it was working just fine without it. >> >>Greg >> >
