[SSL: CERTIFICATE_VERIFY_FAILED] Certificate Verify Failed (_ssl.C:579)

安装HDP过程中，一直遇到问题。（一开始两个都是Failed）。网上搜索，有说是OpenSSL版本太旧要更新，更新后问题解决，但是自己的centos7尝试更新，但显示已经是最新的版本了。最终查到问题所在，是python2.7.5版本问题。网上答案详见错误代码后。）

1. ==========================
2. Creating target directory...
3. ==========================
5. Command start time 2018-02-27 09:30:03
7. Connection to node2.jky.com closed.
8. SSH command execution finished
9. host=node2.jky.com, exitcode=0
10. Command end time 2018-02-27 09:30:03
12. ==========================
13. Copying ambari sudo script...
14. ==========================
16. Command start time 2018-02-27 09:30:03
18. scp /var/lib/ambari-server/ambari-sudo.sh
19. host=node2.jky.com, exitcode=0
20. Command end time 2018-02-27 09:30:03
22. ==========================
23. Copying common functions script...
24. ==========================
26. Command start time 2018-02-27 09:30:03
28. scp /usr/lib/python2.6/site-packages/ambari_commons
29. host=node2.jky.com, exitcode=0
30. Command end time 2018-02-27 09:30:04
32. ==========================
33. Copying OS type check script...
34. ==========================
36. Command start time 2018-02-27 09:30:04
38. scp /usr/lib/python2.6/site-packages/ambari_server/os_check_type.py
39. host=node2.jky.com, exitcode=0
40. Command end time 2018-02-27 09:30:04
42. ==========================
43. Running OS type check...
44. ==========================
46. Command start time 2018-02-27 09:30:04
47. Cluster primary/cluster OS family is redhat7 and local/current OS family is redhat7
49. Connection to node2.jky.com closed.
50. SSH command execution finished
51. host=node2.jky.com, exitcode=0
52. Command end time 2018-02-27 09:30:04
54. ==========================
55. Checking 'sudo' package on remote host...
56. ==========================
58. Command start time 2018-02-27 09:30:04
60. Connection to node2.jky.com closed.
61. SSH command execution finished
62. host=node2.jky.com, exitcode=0
63. Command end time 2018-02-27 09:30:05
65. ==========================
66. Copying repo file to 'tmp' folder...
67. ==========================
69. Command start time 2018-02-27 09:30:05
71. scp /etc/yum.repos.d/ambari.repo
72. host=node2.jky.com, exitcode=0
73. Command end time 2018-02-27 09:30:05
75. ==========================
76. Moving file to repo dir...
77. ==========================
79. Command start time 2018-02-27 09:30:05
81. Connection to node2.jky.com closed.
82. SSH command execution finished
83. host=node2.jky.com, exitcode=0
84. Command end time 2018-02-27 09:30:05
86. ==========================
87. Changing permissions for ambari.repo...
88. ==========================
90. Command start time 2018-02-27 09:30:05
92. Connection to node2.jky.com closed.
93. SSH command execution finished
94. host=node2.jky.com, exitcode=0
95. Command end time 2018-02-27 09:30:06
97. ==========================
98. Copying setup script file...
99. ==========================
101. Command start time 2018-02-27 09:30:06
103. scp /usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
104. host=node2.jky.com, exitcode=0
105. Command end time 2018-02-27 09:30:06
107. ==========================
108. Running setup agent script...
109. ==========================
111. Command start time 2018-02-27 09:30:06
112. ('WARNING 2018-02-27 09:30:14,621 NetUtil.py:116 - Server at https://master.jky.com:8440 is not reachable, sleeping for 10 seconds...
113. INFO 2018-02-27 09:30:14,621 HeartbeatHandlers.py:115 - Stop event received
114. INFO 2018-02-27 09:30:14,621 NetUtil.py:122 - Stop event received
115. INFO 2018-02-27 09:30:14,621 ExitHelper.py:53 - Performing cleanup before exiting...
116. INFO 2018-02-27 09:30:14,621 ExitHelper.py:67 - Cleanup finished, exiting with code:0
117. INFO 2018-02-27 09:30:16,903 main.py:223 - Agent died gracefully, exiting.
118. INFO 2018-02-27 09:30:16,904 ExitHelper.py:53 - Performing cleanup before exiting...
119. INFO 2018-02-27 09:30:17,196 main.py:90 - loglevel=logging.INFO
120. INFO 2018-02-27 09:30:17,197 main.py:90 - loglevel=logging.INFO
121. INFO 2018-02-27 09:30:17,197 main.py:90 - loglevel=logging.INFO
122. INFO 2018-02-27 09:30:17,198 DataCleaner.py:39 - Data cleanup thread started
123. INFO 2018-02-27 09:30:17,199 DataCleaner.py:120 - Data cleanup started
124. INFO 2018-02-27 09:30:17,199 DataCleaner.py:122 - Data cleanup finished
125. INFO 2018-02-27 09:30:17,252 PingPortListener.py:50 - Ping port listener started on port: 8670
126. INFO 2018-02-27 09:30:17,254 main.py:349 - Connecting to Ambari server at https://master.jky.com:8440 (192.168.201.13)
127. INFO 2018-02-27 09:30:17,254 NetUtil.py:62 - Connecting to https://master.jky.com:8440/ca
128. ERROR 2018-02-27 09:30:17,314 NetUtil.py:88 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
129. ERROR 2018-02-27 09:30:17,314 NetUtil.py:89 - SSLError: Failed to connect. Please check openssl library versions.
130. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
131. WARNING 2018-02-27 09:30:17,315 NetUtil.py:116 - Server at https://master.jky.com:8440 is not reachable, sleeping for 10 seconds...
132. ', None)
133. ('WARNING 2018-02-27 09:30:14,621 NetUtil.py:116 - Server at https://master.jky.com:8440 is not reachable, sleeping for 10 seconds...
134. INFO 2018-02-27 09:30:14,621 HeartbeatHandlers.py:115 - Stop event received
135. INFO 2018-02-27 09:30:14,621 NetUtil.py:122 - Stop event received
136. INFO 2018-02-27 09:30:14,621 ExitHelper.py:53 - Performing cleanup before exiting...
137. INFO 2018-02-27 09:30:14,621 ExitHelper.py:67 - Cleanup finished, exiting with code:0
138. INFO 2018-02-27 09:30:16,903 main.py:223 - Agent died gracefully, exiting.
139. INFO 2018-02-27 09:30:16,904 ExitHelper.py:53 - Performing cleanup before exiting...
140. INFO 2018-02-27 09:30:17,196 main.py:90 - loglevel=logging.INFO
141. INFO 2018-02-27 09:30:17,197 main.py:90 - loglevel=logging.INFO
142. INFO 2018-02-27 09:30:17,197 main.py:90 - loglevel=logging.INFO
143. INFO 2018-02-27 09:30:17,198 DataCleaner.py:39 - Data cleanup thread started
144. INFO 2018-02-27 09:30:17,199 DataCleaner.py:120 - Data cleanup started
145. INFO 2018-02-27 09:30:17,199 DataCleaner.py:122 - Data cleanup finished
146. INFO 2018-02-27 09:30:17,252 PingPortListener.py:50 - Ping port listener started on port: 8670
147. INFO 2018-02-27 09:30:17,254 main.py:349 - Connecting to Ambari server at https://master.jky.com:8440 (192.168.201.13)
148. INFO 2018-02-27 09:30:17,254 NetUtil.py:62 - Connecting to https://master.jky.com:8440/ca
149. ERROR 2018-02-27 09:30:17,314 NetUtil.py:88 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
150. ERROR 2018-02-27 09:30:17,314 NetUtil.py:89 - SSLError: Failed to connect. Please check openssl library versions.
151. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
152. WARNING 2018-02-27 09:30:17,315 NetUtil.py:116 - Server at https://master.jky.com:8440 is not reachable, sleeping for 10 seconds...
153. ', None)
155. Connection to node2.jky.com closed.
156. SSH command execution finished
157. host=node2.jky.com, exitcode=0
158. Command end time 2018-02-27 09:30:19
160. Registering with the server...
161. Registration with the server failed.

Cause:

This is due to a defect in newer releases of Python 2.7.5 which causes certificate validation to fail regardless of certificate status. 

（这是由于Python 2.7.5的新版本中存在缺陷，导致无论证书状态如何，证书验证都失败。）

Resolution Steps:

NOTE: As a workaround, we strongly recommend that Python not be updated to a version newer than python-2.7.5-48.el*.x86_64 (or downgraded to that version, if newer).

You can verify your release through python -V or python -c 'import sys; print(sys.version)' or yum list installed |grep python. You'll want to confirm that the major version is 2.7.5, the build is from Feb 2017 or older, and the full release is 2.7.5-48 or older.

Alternatively, you can disable certificate verification in Python if you wish to remain on a newer version:

sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg

**我用这条命令解决了问题。只需要两个节点都输入这条命令即可。本文截图只在第一个节点执行了，所以第二个节点还是failed

（注意：作为一种解决方法，我们强烈建议 不要 将Python  更新为比python-2.7.5-48.el * .x86_64更新的版本（或者降级到该版本，如果更新的话）。

你可以通过  python -V 或者  python -c'import sys; 打印（sys.version）'或  安装的yum列表| grep python。 您需要确认主要版本为2.7.5，版本为2017年2月或更早版本，完整版本为2.7.5-48或更早版本。

或者，如果您希望保留在新版本中，则可以在Python中禁用证书验证：）

*我通过python -V 只能查看到自己的python版本为2.7.5，但是不知道是否为2.7.5-48，因此没法按照他人的解决办法，把版本降至2.7.5-48，智能禁用证书验证。希望，可以有通过改变python版本的办法解决问题

解决问题参考资料：

1.https://interset.zendesk.com/hc/en-us/articles/115011874548--SSL-CERTIFICATE-VERIFY-FAILED-certificate-verify-failed-ssl-c-579-

2.https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certifi.html