question Re: Ambari Agent cannot connect to Ambari Server - Two way SSL authentication in Archives of Support Questions (Read Only)

Ambari Agent cannot connect to Ambari Server - Two way SSL authentication

hlcastro — Mon, 16 Jul 2018 21:15:33 GMT

I've encountered error upon reconnecting the node to Ambari. Two way SSL authentication is set as disabled which is in a default setup. Let me know how can I resolve this.

You may see the logs below

ERROR 2018-07-16 13:42:28,329 security.py:249 - Certificate signing failed. In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties) Exiting.. ERROR 2018-07-16 13:42:28,329 Controller.py:212 - Unable to connect to: https://localhost:8441/agent/v1/register/localhost Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ambari_agent/Controller.py", line 165, in registerWithServer ret = self.sendRequest(self.registerUrl, data) File "/usr/lib/python2.6/site-packages/ambari_agent/Controller.py", line 496, in sendRequest raise IOError('Request to {0} failed due to {1}'.format(url, str(exception))) IOError: Request to https://localhost:8441/agent/v1/register/localhost failed due to () ERROR 2018-07-16 13:42:28,329 Controller.py:213 - Error:Request to https://localhost:8441/agent/v1/register/localhost failed due to () WARNING 2018-07-16 13:42:28,329 Controller.py:214 - Sleeping for 17 seconds and then trying again

Re: Ambari Agent cannot connect to Ambari Server - Two way SSL authentication

winnie_philip — Mon, 16 Jul 2018 21:48:02 GMT

Try changing to forcefully use TLS v1.2 on all agent's ambari property file(ambari.properties) and see if that helps resolving the issue. Add following line under [security] section in "ambari.properties" of all agents.

[security]

force_https_protocol=PROTOCOL_TLSv1_2

Re: Ambari Agent cannot connect to Ambari Server - Two way SSL authentication

jsensharma — Tue, 17 Jul 2018 06:51:29 GMT

@Hamilton Castro

The error message indicates that you are running ambari agent on the same ambari server host? Or is it by mistake? We see "localhost" there

Error:Request to https://localhost:8441/agent/v1/register/localhost

So please check few things:

1. The hostname is correct? Ambari relies on FQDN. Run on ambari server host to findout it's FQDN

# hostname -f

Also verify is ambari has opened port 8440 and 8441 on all available interface address:

# netstat -tnlpa | grep `cat /var/run/ambari-server/ambari-server.pid`
tcp6       0      0 :::8080                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8440                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8441                 :::*                    LISTEN      13126/java

2. Also please check the ambari-agent.ini file to findout if it is pointing to the correct ambari server FQDN?

# grep -A5 '\[server\]' /etc/ambari-agent/conf/ambari-agent.ini
[server]
hostname = ambariserver.example.com
url_port = 8440
secured_url_port = 8441
connect_retry_delay = 10
max_reconnect_retry_delay = 30

Also please verify if the "/etc/hosts" file is correct and it has the first two lines present as the note mentioned in https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation-ppc/content/edit_the_host_file.html

Do not remove the following two lines from your hosts file. Removing or editing the following lines may cause various programs that require network functionality to fail.