Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
Impala 3.2.0
-
None
-
ghx-label-8
Description
Ubuntu 18.04 upgraded OpenSSL to 1.1.0, which raised the bar in what ciphers are considered "strong".
Some of the Impala BE tests specify their own ciphers for various test purposes. These tests use RC4, which is no longer accepted by OpenSSL by default, making these tests fail on Ubuntu 18.04. Affected tests are:
- rpc-mgr-test
- thrift-server-test
- webserver-test
56/104 Test #56: thrift-util-test ................. Passed 3.34 sec Start 57: thrift-server-test 57/104 Test #57: thrift-server-test ...............***Exception: SegFault 4.25 sec Turning perftools heap leak checking off Loading random data Initializing database 'de52-8af6-6a92-1e99/krb5kdc/principal' for realm 'KRBTEST.COM', master key name 'K/M@KRBTEST.COM' Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): setting up network... krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): set up 2 sockets Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): commencing operation krb5kdc: starting... WARNING: no policy specified for impala/localhost@KRBTEST.COM; defaulting to no policy Authenticating as principal ubuntu/admin@KRBTEST.COM with password. Principal "impala/localhost@KRBTEST.COM" created. Authenticating as principal ubuntu/admin@KRBTEST.COM with password. Entry for principal impala/localhost with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab. Entry for principal impala/localhost with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab. [==========] Running 16 tests from 6 test cases. [----------] Global test environment set-up. [----------] 1 test from ThriftTestBase [ RUN ] ThriftTestBase.Connectivity [ OK ] ThriftTestBase.Connectivity (85 ms) [----------] 1 test from ThriftTestBase (85 ms total) [----------] 8 tests from SslTest [ RUN ] SslTest.BadCertificate [ OK ] SslTest.BadCertificate (17 ms) [ RUN ] SslTest.ClientBeforeServer [ OK ] SslTest.ClientBeforeServer (4 ms) [ RUN ] SslTest.BadCiphers [ OK ] SslTest.BadCiphers (1 ms) [ RUN ] SslTest.MismatchedCiphers /home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:314: Failure Value of: status_.ok() Actual: false Expected: true Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match /home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:322: Failure Value of: status_.ok() Actual: false Expected: true Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match Wrote minidump to /home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp Wrote minidump to /home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp
Start 59: rpc-mgr-test 59/104 Test #59: rpc-mgr-test .....................***Failed 5.13 sec Turning perftools heap leak checking off [==========] Running 11 tests from 1 test case. [----------] Global test environment set-up. [----------] 11 tests from RpcMgrTest [ RUN ] RpcMgrTest.MultipleServicesTls 19/04/18 22:20:51 INFO util.JvmPauseMonitor: Starting JVM pause monitor [ OK ] RpcMgrTest.MultipleServicesTls (923 ms) [ RUN ] RpcMgrTest.MultipleServices [ OK ] RpcMgrTest.MultipleServices (61 ms) [ RUN ] RpcMgrTest.BadCertificateTls [ OK ] RpcMgrTest.BadCertificateTls (35 ms) [ RUN ] RpcMgrTest.BadPasswordTls [ OK ] RpcMgrTest.BadPasswordTls (58 ms) [ RUN ] RpcMgrTest.CorrectPasswordTls [ OK ] RpcMgrTest.CorrectPasswordTls (61 ms) [ RUN ] RpcMgrTest.BadCiphersTls [ OK ] RpcMgrTest.BadCiphersTls (34 ms) [ RUN ] RpcMgrTest.ValidCiphersTls /home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:142: Failure Value of: status_.ok() Actual: false Expected: true Error: Could not build messenger: Runtime error: failed to set TLS ciphers: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2129 [ FAILED ] RpcMgrTest.ValidCiphersTls (32 ms) [ RUN ] RpcMgrTest.ValidMultiCiphersTls /home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:161: Failure Value of: status_.ok() Actual: false Expected: true Error: Could not build messenger: Runtime error: failed to set TLS ciphers: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2129 [ FAILED ] RpcMgrTest.ValidMultiCiphersTls (44 ms) [ RUN ] RpcMgrTest.SlowCallback [ OK ] RpcMgrTest.SlowCallback (333 ms) [ RUN ] RpcMgrTest.AsyncCall [ OK ] RpcMgrTest.AsyncCall (36 ms) [ RUN ] RpcMgrTest.NegotiationTimeout [ OK ] RpcMgrTest.NegotiationTimeout (35 ms) [----------] 11 tests from RpcMgrTest (1652 ms total) [----------] Global test environment tear-down [==========] 11 tests from 1 test case ran. (1652 ms total) [ PASSED ] 9 tests. [ FAILED ] 2 tests, listed below: [ FAILED ] RpcMgrTest.ValidCiphersTls [ FAILED ] RpcMgrTest.ValidMultiCiphersTls 2 FAILED TESTS
Start 102: webserver-test 102/104 Test #102: webserver-test ...................***Failed 3.02 sec Turning perftools heap leak checking off [==========] Running 18 tests from 1 test case. [----------] Global test environment set-up. [----------] 18 tests from Webserver [ RUN ] Webserver.SmokeTest [ OK ] Webserver.SmokeTest (18 ms) [ RUN ] Webserver.ArgsTest [ OK ] Webserver.ArgsTest (14 ms) [ RUN ] Webserver.JsonTest [ OK ] Webserver.JsonTest (11 ms) [ RUN ] Webserver.EscapingTest [ OK ] Webserver.EscapingTest (11 ms) [ RUN ] Webserver.EscapeErrorUriTest [ OK ] Webserver.EscapeErrorUriTest (11 ms) [ RUN ] Webserver.SslTest [ OK ] Webserver.SslTest (10 ms) [ RUN ] Webserver.SslBadCertTest [ OK ] Webserver.SslBadCertTest (0 ms) [ RUN ] Webserver.SslWithPrivateKeyPasswordTest [ OK ] Webserver.SslWithPrivateKeyPasswordTest (12 ms) [ RUN ] Webserver.SslBadPrivateKeyPasswordTest [ OK ] Webserver.SslBadPrivateKeyPasswordTest (2 ms) [ RUN ] Webserver.SslCipherSuite /home/ubuntu/Impala/be/src/util/webserver-test.cc:273: Failure Value of: status_.ok() Actual: false Expected: true Error: Webserver: Could not start on address 0.0.0.0:27890 [ FAILED ] Webserver.SslCipherSuite (3 ms) [ RUN ] Webserver.SslBadTlsVersion [ OK ] Webserver.SslBadTlsVersion (1 ms) [ RUN ] Webserver.SslGoodTlsVersion [ OK ] Webserver.SslGoodTlsVersion (35 ms) [ RUN ] Webserver.StartWithPasswordFileTest [ OK ] Webserver.StartWithPasswordFileTest (11 ms) [ RUN ] Webserver.StartWithMissingPasswordFileTest [ OK ] Webserver.StartWithMissingPasswordFileTest (0 ms) [ RUN ] Webserver.DirectoryListingDisabledTest [ OK ] Webserver.DirectoryListingDisabledTest (10 ms) [ RUN ] Webserver.NoFrameEmbeddingTest [ OK ] Webserver.NoFrameEmbeddingTest (11 ms) [ RUN ] Webserver.FrameAllowEmbeddingTest [ OK ] Webserver.FrameAllowEmbeddingTest (11 ms) [ RUN ] Webserver.NullCharTest [ OK ] Webserver.NullCharTest (10 ms) [----------] 18 tests from Webserver (181 ms total) [----------] Global test environment tear-down [==========] 18 tests from 1 test case ran. (181 ms total) [ PASSED ] 17 tests. [ FAILED ] 1 test, listed below: [ FAILED ] Webserver.SslCipherSuite 1 FAILED TEST
Since we don't have regular tests on Ubuntu 18 (though arguably we should), I'm not making this a blocker.
Attachments
Issue Links
- is related to
-
IMPALA-6826 Add support for Ubuntu 18.04
- Resolved