Restore Ambari with newer JDK security policies
Recent changes in JDK security policies disabled TLSv1, which is used by default in the communications between ambari-agent and ambari-server. More details here: https://community.hortonworks.com/articles/188269/javapython-updates-and-ambari-agent-tls-settings.html In order to restore the functionalities, two changes are needed: - Ambari 2.4.3.0, a minor update in the 2.4.x line; - a change in the ambari-agent configuration file to force a newer TLS. Story: 2002012 Task: 19651 Change-Id: I3782ce9acb8c895e4e1f3fb9046b54f2a57acdbf
This commit is contained in:
parent
e8bcce90f7
commit
522627e0e6
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash -x
|
||||
|
||||
AMBARI_AGENT_INI="/etc/ambari-agent/conf/ambari-agent.ini"
|
||||
FORCE_HTTPS_CONF="force_https_protocol=PROTOCOL_TLSv1_2"
|
||||
|
||||
if [ $test_only -eq 0 ]; then
|
||||
if grep -q '\[security\]' ${AMBARI_AGENT_INI}; then
|
||||
if ! grep -q "${FORCE_HTTPS_CONF}" ${AMBARI_AGENT_INI}; then
|
||||
sed -i '/^\[security\]/a\'${FORCE_HTTPS_CONF} ${AMBARI_AGENT_INI}
|
||||
fi
|
||||
else
|
||||
echo -e "[security]\n${FORCE_HTTPS_CONF}" >>${AMBARI_AGENT_INI}
|
||||
fi
|
||||
else
|
||||
grep -q "${FORCE_HTTPS_CONF}" ${AMBARI_AGENT_INI}
|
||||
exit $?
|
||||
fi
|
|
@ -1,9 +1,9 @@
|
|||
arguments:
|
||||
ambari_version:
|
||||
description: The version of Ambari to install. Defaults to 2.4.2.0.
|
||||
default: 2.4.2.0
|
||||
description: The version of Ambari to install. Defaults to 2.4.3.0.
|
||||
default: 2.4.3.0
|
||||
choices:
|
||||
- 2.4.2.0 # HDP 2.5 / HDP 2.4 / HDP 2.3
|
||||
- 2.4.3.0 # HDP 2.5 / HDP 2.4 / HDP 2.3
|
||||
- 2.2.0.0 # HDP 2.3
|
||||
- 2.2.1.0 # HDP 2.4
|
||||
java_distro:
|
||||
|
@ -68,6 +68,7 @@ validators:
|
|||
- mysql-server-5.5
|
||||
- libmysql-java
|
||||
- package: ambari-agent
|
||||
- script: common/fix_tls_ambari_agent
|
||||
- package:
|
||||
- unzip
|
||||
- zip
|
||||
|
|
Loading…
Reference in New Issue