I sent this to the wrong list earlier. I recently updated our Ambari 1.7.0 image and am now getting SSL errors from the agents:
INFO 2015-01-07 16:59:02,116 NetUtil.py:48 - Connecting to https://ambari.local:8440/ca ERROR 2015-01-07 16:59:02,645 NetUtil.py:66 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) ERROR 2015-01-07 16:59:02,646 NetUtil.py:67 - SSLError: Failed to connect. Please check openssl library versions. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details. WARNING 2015-01-07 16:59:02,651 NetUtil.py:92 - Server at https://ambari.local:8440<https://ambari.local:8440/> is not reachable, sleeping for 10 seconds… We're just using the default SSL certs that Ambari creates for agent communication. This worked up until we made this new image, which pull in upstream CentOS system updates. Is it possible that some change in upstream has broken this for Ambari? Is there a workaround? I have noticed that the "server_crt" (/var/lib/ambari-agent/keys/ca.crt) does not exist on the hosts. Is this something I'm supposed to inject? We weren't before, but it was working just fine without it. Greg
