[
https://issues.apache.org/jira/browse/SLIDER-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14908053#comment-14908053
]
Jonathan Maron commented on SLIDER-942:
---------------------------------------
Possibly. But I think it may be a good idea to explore a mechanism for
enabling some sort of validated certificate mechanism - perhaps a Slider CA
cert ('slider create-cert -dn ...") that could then be used during the
generation of AM certs and pre-populated to hosts as a trusted CA cert? It
just seems like coming up with a validation scheme rather than continuing to
enable unverified certs would be preferable.
> Slider agent fails with SSL validation errors with python 2.7.9
> ---------------------------------------------------------------
>
> Key: SLIDER-942
> URL: https://issues.apache.org/jira/browse/SLIDER-942
> Project: Slider
> Issue Type: Bug
> Affects Versions: Slider 0.80
> Reporter: Sidharta Seethana
> Priority: Critical
>
> On an unsecure hadoop cluster with python 2.7.9 installed, slider agent
> fails with SSL validation errors.
> {code}
> INFO 2015-09-24 05:46:34,585 NetUtil.py:38 - Connecting to the following url
> http://stripped-machine-name:39414/ws/v1/slider/agents/
> ERROR 2015-09-24 05:46:34,702 NetUtil.py:52 - [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
> ERROR 2015-09-24 05:46:34,703 NetUtil.py:54 - SSLError: Failed to connect.
> Please check openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more
> details.
> INFO 2015-09-24 05:46:34,703 NetUtil.py:76 - Server at
> http://stripped-machine-name:39414/ws/v1/slider/agents/ is not reachable,
> sleeping for 10 seconds...
> {code}
> Validation is now enabled by default - for more context, please see :
> https://lwn.net/Articles/611243/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
