[ https://issues.apache.org/jira/browse/IMPALA-6990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16494139#comment-16494139 ]
Philip Zeyliger commented on IMPALA-6990: ----------------------------------------- Is this user-visible? Let's say that a user had impala-shell working on RH6 or RH7 before. Does it still work? Does it work when using the same {{ssl-minimum-version}} and {{ssl-cipher-list}} flags? I think this test is saying that these flags don't work for the Python shipped in RH7. I suspect they didn't work before either: did they somehow work before? Surely before the Thrift change, we were using the same RH image? Once we've figured this out, I think the easier thing to do is to disable the test when using a too-old version of Python. We already have a "skip if legacy SSL" flag on the test; this is just one more skip if. We still want to run the test for Ubuntu16 or whatever. I think we can assume that the Python running the test and the python running impala-shell are the same for our purposes. Is there a weaker test that we'd want to add? > TestClientSsl.test_tls_v12 failing due to Python SSL error > ---------------------------------------------------------- > > Key: IMPALA-6990 > URL: https://issues.apache.org/jira/browse/IMPALA-6990 > Project: IMPALA > Issue Type: Bug > Affects Versions: Impala 3.0 > Reporter: Sailesh Mukil > Assignee: Sailesh Mukil > Priority: Blocker > Labels: broken-build, flaky > > We've seen quite a few jobs fail with the following error: > *_ssl.c:504: EOF occurred in violation of protocol* > {code:java} > custom_cluster/test_client_ssl.py:128: in test_tls_v12 > self._validate_positive_cases("%s/server-cert.pem" % self.CERT_DIR) > custom_cluster/test_client_ssl.py:181: in _validate_positive_cases > result = run_impala_shell_cmd(shell_options) > shell/util.py:97: in run_impala_shell_cmd > result.stderr) > E AssertionError: Cmd --ssl -q 'select 1 + 2' was expected to succeed: > Starting Impala Shell without Kerberos authentication > E SSL is enabled. Impala server certificates will NOT be verified (set > --ca_cert to change) > E > /data/jenkins/workspace/impala-cdh6.x-exhaustive-rhel7/Impala-Toolchain/thrift-0.9.3-p4/python/lib64/python2.7/site-packages/thrift/transport/TSSLSocket.py:80: > DeprecationWarning: 3th positional argument is deprecated. Use keyward > argument insteand. > E DeprecationWarning) > E > /data/jenkins/workspace/impala-cdh6.x-exhaustive-rhel7/Impala-Toolchain/thrift-0.9.3-p4/python/lib64/python2.7/site-packages/thrift/transport/TSSLSocket.py:80: > DeprecationWarning: 4th positional argument is deprecated. Use keyward > argument insteand. > E DeprecationWarning) > E > /data/jenkins/workspace/impala-cdh6.x-exhaustive-rhel7/Impala-Toolchain/thrift-0.9.3-p4/python/lib64/python2.7/site-packages/thrift/transport/TSSLSocket.py:80: > DeprecationWarning: 5th positional argument is deprecated. Use keyward > argument insteand. > E DeprecationWarning) > E > /data/jenkins/workspace/impala-cdh6.x-exhaustive-rhel7/Impala-Toolchain/thrift-0.9.3-p4/python/lib64/python2.7/site-packages/thrift/transport/TSSLSocket.py:216: > DeprecationWarning: validate is deprecated. Use cert_reqs=ssl.CERT_NONE > instead > E DeprecationWarning) > E No handlers could be found for logger "thrift.transport.TSSLSocket" > E Error connecting: TTransportException, Could not connect to > localhost:21000: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol > E Not connected to Impala, could not execute queries. > {code} > We need to investigate why this is happening and fix it. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org