----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63735/#review190739 -----------------------------------------------------------
Ship it! Ship It! - Balázs Bence Sári On Nov. 10, 2017, 4:43 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63735/ > ----------------------------------------------------------- > > (Updated Nov. 10, 2017, 4:43 p.m.) > > > Review request for Ambari, Attila Magyar, Andrew Onischuk, Balázs Bence Sári, > Eugene Chekanskiy, Jonathan Hurley, Robert Nettleton, Swapan Shridhar, and > Vitalyi Brodetskyi. > > > Bugs: AMBARI-22417 > https://issues.apache.org/jira/browse/AMBARI-22417 > > > Repository: ambari > > > Description > ------- > > Ambari checks fail with FIPS mode is activated on the OS (Rhel7). FIPS mode > disables weak ciphers (such as MD5). > Ambari code is doing > > ``` > ccache_file_name = _md5(" > {0}|{1}".format(principal, keytab)).hexdigest(). MD5 is disabled on the OS > (RHEL7) so ambari throws errors. > ``` > > - All service checks fail, Ranger KMS start fails via ambari. > - However all the services are actually running and fine. > > - Also Ranger KMS succesfully started from command Line > > Here is the stack trace from Ambari > > ``` > service_check > params.kinit_path_local, False, None, params.smoke_user) > File > "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/curl_krb_request.py", > line 109, in curl_krb_request > ccache_file_name = _md5("{0} > | > {1} > ".format(principal, keytab)).hexdigest() > ValueError: error:060800A3:digital envelope > routines:EVP_DigestInit_ex:disabled for fips > ``` > > Fix: > MD5 is disabled on the OS, Code needs to be updated to use SHA? > > This is required when FIPS mode is enabled on the RHEL OS > > > Diffs > ----- > > > ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py > 95e8625d67 > > > Diff: https://reviews.apache.org/r/63735/diff/1/ > > > Testing > ------- > > Manually tested > > > Thanks, > > Robert Levas > >