[ https://issues.apache.org/jira/browse/AMBARI-20049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15870130#comment-15870130 ]
Hadoop QA commented on AMBARI-20049: ------------------------------------ {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12853051/AMBARI-20049.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in ambari-agent. Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/10618//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/10618//console This message is automatically generated. > One way SSL fallback logic can cause some agents to be connected with 2-way > SSL > ------------------------------------------------------------------------------- > > Key: AMBARI-20049 > URL: https://issues.apache.org/jira/browse/AMBARI-20049 > Project: Ambari > Issue Type: Bug > Reporter: Andrew Onischuk > Assignee: Andrew Onischuk > Fix For: 2.5.0 > > Attachments: AMBARI-20049.patch > > > We have fallback logic since a long time in the agent to try to connect to the > server with 2-way SSL if one-way SSL throws an exception. This can cause some > agents to connect with 2-way SSL (connection timeout exception for one-way > SSL) and thereby a cluster having a mix of agents, some connected with one-way > SSL and some connected with 2-way SSL. > Investigate why we have had this logic and if it is no longer appropriate, > remove this fallback logic. > <https://github.com/apache/ambari/blob/trunk/ambari- > agent/src/main/python/ambari_agent/security.py#L57-L67> > > > > if not self.two_way_ssl_required: > try: > sock = self.create_connection() > self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE) > logger.info('SSL connection established. Two-way SSL > authentication is ' > 'turned off on the server.') > except (ssl.SSLError, AttributeError): > self.two_way_ssl_required = True > logger.info( > 'Insecure connection to https://' + self.host + ':' + self.port > + > '/ failed. Reconnecting using two-way SSL authentication..') > -- This message was sent by Atlassian JIRA (v6.3.15#6346)