[AMBARI-22417] Ambari checks fail with FIPS mode is activated on the OS - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.5.1
Fix Version/s: 2.6.1
Component/s: ambari-agent, ambari-server
Labels:
None

Description

Ambari checks fail with FIPS mode is activated on the OS (Rhel7). FIPS mode disables weak ciphers (such as MD5).
Ambari code is doing

ccache_file_name = _md5("
{0}|{1}".format(principal, keytab)).hexdigest(). MD5 is disabled on the OS (RHEL7) so ambari throws errors.

All service checks fail, Ranger KMS start fails via ambari.
However all the services are actually running and fine.

Also Ranger KMS succesfully started from command Line

Here is the stack trace from Ambari

service_check
params.kinit_path_local, False, None, params.smoke_user)
File "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/curl_krb_request.py", line 109, in curl_krb_request
ccache_file_name = _md5("{0}
|
{1}
".format(principal, keytab)).hexdigest()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Fix:
MD5 is disabled on the OS, Code needs to be updated to use SHA?

This is required when FIPS mode is enabled on the RHEL OS

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-22417_branch-2.6_01.patch
10/Nov/17 16:34
2 kB
Robert Levas
AMBARI-22417_trunk_01.patch
10/Nov/17 16:34
2 kB
Robert Levas

Issue Links

is related to

AMBARI-23035 HDFS Balancer via Ambari fails when FIPS mode is activated on the OS

Resolved

links to

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Nov/17 16:29

Updated:: 20/Feb/18 21:26

Resolved:: 13/Nov/17 10:22