Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Ambari Agent cannot connect to Ambari Server - Two way SSL authentication

Explorer

I've encountered error upon reconnecting the node to Ambari. Two way SSL authentication is set as disabled which is in a default setup. Let me know how can I resolve this.

You may see the logs below

ERROR 2018-07-16 13:42:28,329 security.py:249 - Certificate signing failed. In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in server configuration(ambari.properties) Exiting.. ERROR 2018-07-16 13:42:28,329 Controller.py:212 - Unable to connect to: https://localhost:8441/agent/v1/register/localhost Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ambari_agent/Controller.py", line 165, in registerWithServer ret = self.sendRequest(self.registerUrl, data) File "/usr/lib/python2.6/site-packages/ambari_agent/Controller.py", line 496, in sendRequest raise IOError('Request to {0} failed due to {1}'.format(url, str(exception))) IOError: Request to https://localhost:8441/agent/v1/register/localhost failed due to () ERROR 2018-07-16 13:42:28,329 Controller.py:213 - Error:Request to https://localhost:8441/agent/v1/register/localhost failed due to () WARNING 2018-07-16 13:42:28,329 Controller.py:214 - Sleeping for 17 seconds and then trying again

1 ACCEPTED SOLUTION

Super Mentor

@Hamilton Castro

The error message indicates that you are running ambari agent on the same ambari server host? Or is it by mistake? We see "localhost" there

Error:Request to https://localhost:8441/agent/v1/register/localhost

.

So please check few things:

1. The hostname is correct? Ambari relies on FQDN. Run on ambari server host to findout it's FQDN

# hostname -f

Also verify is ambari has opened port 8440 and 8441 on all available interface address:

# netstat -tnlpa | grep `cat /var/run/ambari-server/ambari-server.pid`
tcp6       0      0 :::8080                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8440                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8441                 :::*                    LISTEN      13126/java          

2. Also please check the ambari-agent.ini file to findout if it is pointing to the correct ambari server FQDN?

# grep -A5 '\[server\]' /etc/ambari-agent/conf/ambari-agent.ini
[server]
hostname = ambariserver.example.com
url_port = 8440
secured_url_port = 8441
connect_retry_delay = 10
max_reconnect_retry_delay = 30

.

Also please verify if the "/etc/hosts" file is correct and it has the first two lines present as the note mentioned in https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation-ppc/content/edit_the...

Do not remove the following two lines from your hosts file. Removing or editing the following lines may cause various programs that require network functionality to fail.

.

View solution in original post

2 REPLIES 2

Try changing to forcefully use TLS v1.2 on all agent's ambari property file(ambari.properties) and see if that helps resolving the issue. Add following line under [security] section in "ambari.properties" of all agents.

[security]

force_https_protocol=PROTOCOL_TLSv1_2

Super Mentor

@Hamilton Castro

The error message indicates that you are running ambari agent on the same ambari server host? Or is it by mistake? We see "localhost" there

Error:Request to https://localhost:8441/agent/v1/register/localhost

.

So please check few things:

1. The hostname is correct? Ambari relies on FQDN. Run on ambari server host to findout it's FQDN

# hostname -f

Also verify is ambari has opened port 8440 and 8441 on all available interface address:

# netstat -tnlpa | grep `cat /var/run/ambari-server/ambari-server.pid`
tcp6       0      0 :::8080                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8440                 :::*                    LISTEN      13126/java          
tcp6       0      0 :::8441                 :::*                    LISTEN      13126/java          

2. Also please check the ambari-agent.ini file to findout if it is pointing to the correct ambari server FQDN?

# grep -A5 '\[server\]' /etc/ambari-agent/conf/ambari-agent.ini
[server]
hostname = ambariserver.example.com
url_port = 8440
secured_url_port = 8441
connect_retry_delay = 10
max_reconnect_retry_delay = 30

.

Also please verify if the "/etc/hosts" file is correct and it has the first two lines present as the note mentioned in https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation-ppc/content/edit_the...

Do not remove the following two lines from your hosts file. Removing or editing the following lines may cause various programs that require network functionality to fail.

.