Ambari显示Heartbeat报错

kionf

启动Ambari web 界面显示服务Heartbeat Lost, 查看Ambari agent日志报错

0x00Agent报错如下

/var/log/ambari-agent/ambari-agent.log
ERROR 2015-09-23 09:47:07,402 NetUtil.py:77 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol
ERROR 2015-09-23 09:47:07,402 NetUtil.py:78 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2015-09-23 09:47:07,402 NetUtil.py:105 - Server at https://ambari-server:8440is not reachable, sleeping for 10 seconds...
WARNING 2015-09-23 09:47:07,402 NetUtil.py:105 - Server at https://ambari-server:8440is not reachable, sleeping for 10 seconds...


0x01解决办法

1. 配置Ambari-agent强制https版本为TLSv1_2

编辑/etc/ambari-agent/conf/ambari-agent.ini

此为sed添加命令
sed -i /\[security\]/a\/force_https_protocol=PROTOCOL_TLSv1_2 /etc/ambari-agent/conf/ambari-agent.ini

[security]后添加如下内容:

/etc/ambari-agent/conf/ambari-agent.ini
1
2
3
4
5
6
7
8
9
[security]
force_https_protocol=PROTOCOL_TLSv1_2
keysdir=/var/lib/ambari-agent/keys
server_crt=ca.crt
passphrase_env_var_name=AMBARI_PASSPHRASE
ssl_verify_cert=0
credential_lib_dir=/var/lib/ambari-agent/cred/lib
credential_conf_dir=/var/lib/ambari-agent/cred/conf
credential_shell_cmd=org.apache.hadoop.security.alias.CredentialShell

2. 更改python配置关闭https验证

编辑/etc/python/cert-verification.cfg 更改为verify=disable

此为sed更改命令
sed -i 's/verify=.*/verify=disable/g' /etc/python/cert-verification.cfg
/etc/python/cert-verification.cfg
1
2
3
[https]
verify=platform_default
verify=disable


0x02 重启agent

service ambari-agent restart

解决


0x03 原因

由于ambari server 端使用JDK1.7启动, 与openssl存在Bug, 更改如上配置文件,更改ssl版本,关闭python https校验.