Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

SSL errors

Labels:
igor_grinkin
New Contributor

Created on ‎11-13-2018 08:31 PM - edited ‎09-16-2022 06:53 AM

I'm trying to setup my Hortonworks cluster. I manually installed ambari-agent-2.6.2.2 and modified /etc/ambari-agent/conf/ambari-agent.ini to point to my server. It's giving me SSL errors trying to connect to the server.

I was under the impression that HW server supports both secure and non-secure connection with ports 8440 and 8441 respectively. Is it not true? Am I supposed to setup SSL certificates?

621 Views
0 Kudos
Tags (2)
3 REPLIES 3

jsensharma
Super Mentor

Created ‎11-13-2018 10:11 PM

@Igor Grinkin

Can you please share the exact SSL error that you are noticing on the ambari Agents log.

However most common error is the one mentioned in the following Article with solution:

NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:579)
NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.

https://community.hortonworks.com/articles/188269/javapython-updates-and-ambari-agent-tls-settings.h...

562 Views
0 Kudos

igor_grinkin
New Contributor

Created ‎11-13-2018 10:41 PM

The error was:

INFO 2018-11-13 19:23:20,083 main.py:439 - Connecting to Ambari server at https://hw-server.dev.com:8440 (10.0.2.34) INFO 2018-11-13 19:23:20,083 NetUtil.py:70 - Connecting to https://hw-server.dev.com:8440/ca ERROR 2018-11-13 19:23:20,104 NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:579) ERROR 2018-11-13 19:23:20,104 NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.

The following seem to clear the issue.

[security]

force_https_protocol=PROTOCOL_TLSv1_2

Is there any way to register the agent from cli once the ambari-agent is running?

562 Views
0 Kudos

jsensharma
Super Mentor

Created ‎11-13-2018 10:43 PM

@Igor Grinkin

Correct as mentioned in the previously shared link that the solution is applicable for

Solution For CentOS 7, Debian 7, Ubuntu 14 & 16, or SLES 12 (Python 2.7)

To solve this problem simply configure the Ambari Agent to use TLSv1.2 when communicating with the Ambari Server by editing each Ambari Agent’s /etc/ambari-agent/conf/ambari-agent.ini file and adding the following configuration property to the security section:

[security]
force_https_protocol=PROTOCOL_TLSv1_2

.

Regarding your query : "Is there any way to register the agent from cli once the ambari-agent is running?"

Once the ambari agent is restarted it will automatically send a registration request to Ambari Server. And you should be able to see heartbeat message in ambari UI when you click on the Hosts page in the ambari UI. The hose should be shown as green.

# ambari-agent restart

.

562 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements