----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/20834/#review41710 -----------------------------------------------------------
Ship it! Ship It! - Dmitro Lisnichenko On April 29, 2014, 11:54 a.m., Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/20834/ > ----------------------------------------------------------- > > (Updated April 29, 2014, 11:54 a.m.) > > > Review request for Ambari and Dmitro Lisnichenko. > > > Bugs: AMBARI-5610 > https://issues.apache.org/jira/browse/AMBARI-5610 > > > Repository: ambari > > > Description > ------- > > PROBLEM: When setting up https for Ambari-server, ambari ask for the path to > certificate and private key. It actually ask for the file name or the folder > name. But ambari will not validate the path and give misleading error message. > STEPS TO REPRODUCE: > 1\. generate self-signed certificate in /root/cert/ > 2\. Run ambari-server setup-security > 3. > Do you want to configure HTTPS > [y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn) > ? y > SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ? > Enter path to Certificate: /root/cert > Enter path to Private Key: /root/cert > ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out > misleading error: > INFO: about to run command: openssl x509 -dates -subject -in /root/cert/ > Error getting Certificate info > unable to load certificate > 140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE > WARNING: Unable to get Certificate information > Generating random password for HTTPS keystore...done. > INFO: about to run command: openssl rsa -in /root/cert -des3 -out > /root/cert.secured -passout > pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA > ERROR: Could not import Certificate and Private Key. > SSL error on exporting keystore: unable to load Private Key > 140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:703:Expecting: ANY PRIVATE KEY. > Please ensure that provided Private Key password is correct and re-import > Certificate. > EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good > that ambari can validate the path name before it launch the openssl command, > asking the customer to provide the correct path name, which should be > /root/cert/klss20.test.com.crt > > > Diffs > ----- > > ambari-server/src/main/python/ambari-server.py 5adf44d > ambari-server/src/test/python/TestAmbariServer.py 51d3c64 > > Diff: https://reviews.apache.org/r/20834/diff/ > > > Testing > ------- > > > Thanks, > > Andrew Onischuk > >
