ambari2.6.50 openssl 版本问题：SSLError: Failed to connect. Please check openssl library versions. Openssl error upon host registration

I'm trying to register hostnames in Ambari but getting the error below. We tried to run yum update openssl but its got the latest version. 
We tried to run yum - update it didn’t help. I also tried removing the other openssl packages openssl-devel-1.0.1e-42.el6.x86_64, 
openssl098e-0.9.8e-17.el6.centos.2.x86_64 and restarting the ambari server/agents and same error. Tried running yum -y install opens* as well but didn’t help. Any ideas?

ERROR 2015-09-23 09:47:07,402 NetUtil.py:77 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol
ERROR 2015-09-23 09:47:07,402 NetUtil.py:78 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2015-09-23 09:47:07,402 NetUtil.py:105 - Server at https://test.org:8440is not reachable, sleeping for 10 seconds...
WARNING 2015-09-23 09:47:07,402 NetUtil.py:105 - Server at https://test.org:8440is not reachable, sleeping for 10 seconds...
INFO 2015-09-23 09:47:14,746 main.py:74 - loglevel=logging.INFO
INFO 2015-09-23 09:47:14,746 main.py:74 - loglevel=logging.INFO
INFO 2015-09-23 09:47:17,403 NetUtil.py:59 - Connecting to https://test.org:8440/ca
WARNING 2015-09-23 09:47:17,404 NetUtil.py:82 - Failed to connect to https://test.org:8440/ca due to [Errno 111] Connection refused
WARNING 2015-09-23 09:47:17,404 NetUtil.py:105 - Server at https://test.org:8440is not reachable, sleeping for 10 seconds...
WARNING 2015-09-23 09:47:17,404 NetUtil.py:105 - Server at https://test.org:8440is not reachable, sleeping for 10 seconds...
ERROR 2015-09-23 09:47:19,780 main.py:315 - Fatal exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 312, in <module>
    main(heartbeat_stop_callback)
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 248, in main
    stop_agent()
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 198, in stop_agent
    sys.exit(1)
SystemExit: 1
ERROR 2015-09-23 09:47:19,780 main.py:315 - Fatal exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 312, in <module>
    main(heartbeat_stop_callback)
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 248, in main
    stop_agent()
  File "/usr/lib/python2.6/site-packages/ambari_agent/main.py", line 198, in stop_agent
    sys.exit(1)
SystemExit: 1

Yes. That is a known issue. Modify Ambari Server's java.home to the standard oracle jdk.

 

 

 3  隐藏 6 · 分享

rgarcia · 2015年09月23日 20:27 0

 

that fixed it. Thanks.

gaurav sharma· 2015年12月24日 13:21 0

 

Hi,

We are also facing same issue. Even after setting java.home=/usr/jdk64/jdk1.8.0_40 in ambari.properties , it is not resolved.

Is standard oracle jdk path different from this ?

Below are logs snippet from ambari-agent.log ::

ERROR 2015-12-24 18:43:31,604 NetUtil.py:77 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) ERROR 2015-12-24 18:43:31,604 NetUtil.py:78 - SSLError: Failed to connect. Please check openssl library versions. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.

Ali Gouta· 2015年12月24日 22:11 0

 

@gaurav sharma I am actually facing the same issue, I have the same SSL error message during the registration. Did you find a solution ?

gaurav sharma· 2015年12月26日 05:51 1

 

@Ali Gouta No, we are still trying to figure out the solution.

OpenSSl version in my case is ::

[root@dehdteste7778b54apse01 ~]# rpm -qa | grep openssl

openssl-devel-1.0.1k-13.88.amzn1.x86_64

openssl-1.0.1k-13.88.amzn1.x86_64

Can this be a problem ?

Ali Gouta· 2015年12月26日 23:11 0

 

@gaurav sharma

In the documentation, it is said that we should user OpenSSL (v1.01, build 16 or later). So I think you should upgrade your OpenSSL version. Actually, I am running openssl-1.0.1e-42.el6_7.1.x86_64, and still not being able to register my agent :(

显示更多的评论

 

个解答，截止Prashant Band · 2018年07月17日 06:54

[ RESOLVED ]

Gone through same issue only when we are using oVirt Virtualization For our cluster deployment.

Only following solution resolved the problem (Thanks to @bing lv and @Deven Fan:

By adding below config in [security] section of

1. vi /etc/ambari-agent/conf/ambari-agent.ini
2. force_https_protocol=PROTOCOL_TLSv1_2

1. vi /etc/python/cert-verification.cfg
2. [https]
3. verify=disable

 

 

 6  隐藏 3 · 分享

Tanmoy· 2018年09月02日 09:50 1

 

Thanks!! These changes should be performed on all hosts

Vishal Malviya Tanmoy · 2018年11月27日 16:03 0

 

Thanks Prashant

Santoshkumar Hiremath· 2018年12月10日 16:52 0

 

Perfect solution, it works

 

个解答，截止Arian Trayen · 2017年09月20日 14:25

I've been stuck with this problem for a day and I've tried everything on this post, but nothing works.

However, the link from this post solved my problem so I thought I should link it to here.

https://community.hortonworks.com/questions/121978/openssl-compatibility.html?childToView=138080#answer-138080

Basically, disable certificate verification on all nodes

1. vi /etc/python/cert-verification.cfg
2. [https]
3. verify=disable

good luck.

 

 

 3 · 分享

 

 

个解答，截止Boualem SAOULA· 2018年07月30日 15:21

Hello

I've just add these two line below under security section and it works 
[security]
ssl_verify_cert=0
force_https_protocol=PROTOCOL_TLSv1_2

 

 

 1 · 分享

 

 

个解答，截止Eduardo Di Santi · 2016年11月25日 11:04

In our case the problem was that the other nodes have OpenJDK instead of oracle's, installing Oracle JDK on those nodes solves the problem

 

 

 0 · 分享

 

 

个解答，截止Eduardo Di Santi · 2016年11月25日 11:03

In our case the problem was that the other nodes have OpenJDK instead of oracle's, installing Oracle JDK on those nodes solves the problem

 

 

 0 · 分享

 

 

个解答，截止sharath pappula · 2016年09月20日 04:35

I am facing below issue even after upgrading ambari-server,ambari agent, openssl,rebooting ambari,ssh

1. ERROR 2016-09-20 09:48:52,494 NetUtil.py:77 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
2. ERROR 2016-09-20 09:48:52,495 NetUtil.py:78 - SSLError: Failed to connect. Please check openssl library versions.
3. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
4. WARNING 2016-09-20 09:48:52,495 NetUtil.py:105 - Server at https://localhost:8440 is not reachable, sleeping for 10 seconds...
5. ', None)
6. Connection to localhost closed.
7. SSH command execution finished
8. host=localhost, exitcode=0
9. Command end time 2016-09-20 09:48:54
10. Registering with the server...
11. Registration with the server failed.
12. Can anyone pls help me?
13. I am using ubuntu 16 OS

 

 

 0 · 分享

 

 

个解答，截止zkfs · 2016年08月12日 06:26

i have faced the same issue, for this Java up-grade is not required.

Just intall the openssl package and run installation host registration went fine.

1) from vm connect to the internet

2) Install the opnssl package

#yum install openssl

if it installed fine, you can proceed with host Registration .

it worked for me.

 

 

 0 · 分享

 

 

个解答，截止darkz yu · 2016年03月29日 03:39

I use openjdk 1.8,then the problem is resolved.

So, I think is just the java version problem...

 

 

 0 · 分享

 

 

个解答，截止darkz yu · 2016年03月24日 04:19

I am still not very clearly what's the resolve?

rpm -qa | grep java

tzdata-java-2014g-1.el6.noarch

java-1.6.0-openjdk-1.6.0.0-11.1.13.4.el6.x86_64

java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64

alternatives --display java

java - status is auto. Current `best' version is /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java.

and the python problem @Ali Gouta said ,it still the same ....