AMBARI-2389. Registration fails sometimes because of openssl issues on signing the certs. (Dmitry Sen via swagle)

git-svn-id: https://svn.apache.org/repos/asf/incubator/ambari/trunk@1493189 13f79535-47bb-0310-9956-ffa450edef68

ambari-agent/src/main/python/ambari_agent/security.py

@@ -75,7 +75,12 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
       except ssl.SSLError as err:
         logger.error('Two-way SSL authentication failed. Ensure that '
                     'server and agent certificates were signed by the same CA '
-                    'and restart the agent.\nExiting..')
+                    'and restart the agent. '
+                    '\nIn order to receive a new agent certificate, remove '
+                    'existing certificate file from keys directory. As a '
+                    'workaround you can turn off two-way SSL authentication in '
+                    'server configuration(ambari.properties) '
+                    '\nExiting..')
         raise err
 
   def create_connection(self):
@@ -212,7 +217,13 @@ class CertificateManager():
       agentCrtF.write(agentCrtContent)
     else:
       # Possible exception is catched higher at Controller
-      logger.error("Certificate signing failed")
+      logger.error('Certificate signing failed.'
+                   '\nIn order to receive a new agent'
+                   ' certificate, remove existing certificate file from keys '
+                   'directory. As a workaround you can turn off two-way SSL '
+                   'authentication in server configuration(ambari.properties) '
+                   '\nExiting..')
+      raise ssl.SSLError
 
   def genAgentCrtReq(self):
     generate_script = GEN_AGENT_KEY % {'hostname': hostname.hostname(),

ambari-agent/src/test/python/TestController.py

@@ -20,6 +20,7 @@ limitations under the License.
 '''
 
 import StringIO
+import ssl
 import unittest
 from ambari_agent import Controller, ActionQueue
 from ambari_agent import hostname
@@ -346,6 +347,26 @@ class TestController(unittest.TestCase):
     self.controller.sendRequest = Controller.Controller.sendRequest
     self.controller.sendRequest = Controller.Controller.addToQueue
 
+  @patch("pprint.pformat")
+  @patch("time.sleep")
+  @patch("json.loads")
+  @patch("json.dumps")
+  def test_certSigningFailed(self, dumpsMock, loadsMock, sleepMock, pformatMock):
+    register = MagicMock()
+    self.controller.register = register
+
+    dumpsMock.return_value = "request"
+    response = {"responseId":1,}
+    loadsMock.return_value = response
+
+    self.controller.sendRequest = Mock(side_effect=ssl.SSLError())
+
+    self.controller.repeatRegistration=True
+    self.controller.registerWithServer()
+
+    #Conroller thread and the agent stop if the repeatRegistration flag is False
+    self.assertFalse(self.controller.repeatRegistration)
+
 if __name__ == "__main__":
   unittest.main(verbosity=2)
 

ambari-agent/src/test/python/TestSecurity.py

@@ -305,7 +305,12 @@ class TestSecurity(unittest.TestCase):
       'signedCa': 'fail-crt'
     }
 
-    man.reqSignCrt()
+    # If certificate signing failed, then exception must be raised
+    try:
+      man.reqSignCrt()
+      self.fail()
+    except ssl.SSLError:
+      pass
     self.assertFalse(open_mock.return_value.write.called)
 
     # Test connection fail