Support Questions

sree_kuppa · ‎09-21-2017

I have a 5 node cluster with 4 data nodes which is in a good condition.

But in order to add a secondary name node, I tried to generate the ssh key again instead of copying the already existing key onto the new machine. The new host was not registering with the following error:

INFO 2017-09-21 17:24:06,811 NetUtil.py:67 - Connecting to https://asterix01.cem.spirent.com:8440/ca
ERROR 2017-09-21 17:24:06,934 NetUtil.py:93 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
ERROR 2017-09-21 17:24:06,934 NetUtil.py:94 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2017-09-21 17:24:06,937 NetUtil.py:121 - Server at https://asterix01.cem.spirent.com:8440 is not reachable, sleeping for 10 seconds...

So I stopped trying to add the new host and checked if the existing hosts are doing any good and restarted ambari-agent of one of them. The logs show failure with the same error as above- which confirms there is an issue with the keys.

What can I do to resolve this? I tried to setup passwordless SSH as root user afresh as given in the documentation but it still fails. Can someone help me fix this please?

I definitely can ssh without passwords from the command line.

jsensharma · ‎09-22-2017

@Sree Kupp

It happens Python version is "python-2.7.5" or higher, hence you should try to either downgrade the python version to lower than python-2.7.5 as it causes this issue.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

(OR)

Else you will need to following the steps mentioned in the following doc to fix the "certificate verify failed (_ssl.c" issue while using RHEL7: Controlling and troubleshooting certificate verification: https://access.redhat.com/articles/2039753#controlling-certificate-verification-7

# vi /etc/python/cert-verification.cfg
[https]
verify=disable

.
Valid values are enable (verification is enabled by default), disable (verification is disabled by default),
.

Also please check the related threads:
1. https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certif...
2. https://community.hortonworks.com/questions/121978/openssl-compatibility.html
3. https://community.hortonworks.com/questions/138820/ambari-server-failing-to-communicate-with-ambari-...

.

View solution in original post

jsensharma · ‎09-22-2017

@Sree Kupp

It happens Python version is "python-2.7.5" or higher, hence you should try to either downgrade the python version to lower than python-2.7.5 as it causes this issue.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

(OR)

Else you will need to following the steps mentioned in the following doc to fix the "certificate verify failed (_ssl.c" issue while using RHEL7: Controlling and troubleshooting certificate verification: https://access.redhat.com/articles/2039753#controlling-certificate-verification-7

# vi /etc/python/cert-verification.cfg
[https]
verify=disable

.
Valid values are enable (verification is enabled by default), disable (verification is disabled by default),
.

Also please check the related threads:
1. https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certif...
2. https://community.hortonworks.com/questions/121978/openssl-compatibility.html
3. https://community.hortonworks.com/questions/138820/ambari-server-failing-to-communicate-with-ambari-...

.

sree_kuppa · ‎09-22-2017

Thanks a ton @Jay SenSharma. That really helped.

Cloudera Community

Support Questions

Datanode Can't connect to Namenode due to SSL Error