Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

SSL Error while connecting to ambari server after hardware change

avatar
Expert Contributor

Hello,

We had a problem with one of our node's mainboard and it was changed.

As we re-opened the node ambari agent could not connect to ambari server with below error:

INFO 2018-12-27 16:59:24,790 NetUtil.py:70 - Connecting to https://master01:8440/ca
ERROR 2018-12-27 16:59:24,797 NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:618)
ERROR 2018-12-27 16:59:24,797 NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2018-12-27 16:59:24,797 NetUtil.py:124 - Server at https://master01:8440 is not reachable, sleeping for 10 seconds...

My humble guess is that old keys were not accepted by ambari server with new hardware. Guys who installed the mainboard says they updated the seriel with the old one.

How can I get back this node? Is there any way to renew keys?

PS: There are no files in path /var/lib/ambari-agent/keys/

Thanks in advance.

1 ACCEPTED SOLUTION

avatar
Master Collaborator

@Sedat Kestepe To resolve this issue, add the following property in ambari-agent.ini (/etc/ambari-agent/conf/ambari-agent.ini) file under [security]and restart ambari-agent:

========

[security]

force_https_protocol=PROTOCOL_TLSv1_2

===========

Please accept this answer if its helpful

View solution in original post

5 REPLIES 5

avatar
Master Collaborator

@Sedat Kestepe To resolve this issue, add the following property in ambari-agent.ini (/etc/ambari-agent/conf/ambari-agent.ini) file under [security]and restart ambari-agent:

========

[security]

force_https_protocol=PROTOCOL_TLSv1_2

===========

Please accept this answer if its helpful

avatar
Expert Contributor

Hello @scharan ,

Thanks for your reply.

I have a feeling that renewal of agent keys (maybe both on agent and server) would be the proper way. Do you aggree?


Regardless of that, of course I accept this answer! Agent can connect now and works fine! Thanks a lot @scharan!

Best regards. Have a nice day and new year!

avatar
Master Collaborator
@Sedat Kestepe

this issue occurs when Java is restricting the TLSv1 used by the Ambari Agents. By default, ambari-agent connects to TLSv1, unless specified by force_https_protocol=PROTOCOL_TLSv1_2 in ambari-agent.ini.

avatar
Expert Contributor

This issue occurred after mainboard change. Do you think it is related with this change? Or nothing to do with it?

avatar
Master Collaborator
@Sedat Kestepe

no it is not related to mainboard changed