accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Billie Rinaldi <billie.rina...@gmail.com>
Subject Re: Failed to find an available server in the list of servers
Date Thu, 16 Jul 2015 14:25:16 GMT
That's great! :-)
On Jul 16, 2015 10:19 AM, "pundu tech" <pundutech@gmail.com> wrote:

> Billie,
> **THANKS**
> Hard to believe I missed this. I was able to login to the shell.
>
>
> On Thu, Jul 16, 2015 at 9:34 AM, Billie Rinaldi <billie.rinaldi@gmail.com>
> wrote:
>
>> Regarding the client.conf file, it seems you are using the Property enums
>> (such as INSTANCE_NAME) rather than their associated property names
>> (such as instance.name).  Your client.conf file should look like:
>>
>> instance.name=comet
>> instance.rpc.ssl.enabled=true
>> instance.rpc.ssl.clientAuth=true
>>
>> and so on.  If you're generating the file programmatically, you can get
>> those property names using the getKey() method of the Property:
>>
>> Property.INSTANCE_RPC_SSL_ENABLED.getKey()
>>
>> On Wed, Jul 15, 2015 at 8:05 PM, pundu tech <pundutech@gmail.com> wrote:
>>
>>> Josh,
>>> I had miss this email from you before.
>>>
>>> So I have done as you suggested.  Let me summarize what I have done.
>>>
>>> 1- Followed
>>> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
>>> I have a master (master)node and 4 slaves (slave1, slave2, slave3,
>>> slave4)
>>> I have created certificates for the 5 nodes and I have also created
>>> certificate for a client which is sitting in slave1.
>>> 2-Since I am running the shell from slave1 I have created a client.conf
>>> file which I pass to the shell via the --config-file parameter.
>>>
>>> INSTANCE_NAME=comet
>>>
>>> INSTANCE_RPC_SSL_ENABLED=true
>>>
>>> INSTANCE_RPC_SSL_CLIENT_AUTH=true
>>>
>>> INSTANCE_ZK_HOST=slave1,slave2,slave3,slave4
>>>
>>> #the trustore is the same along all the nodes since it stores the pub
>>> key of the CA
>>>
>>>
>>> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/truststore.jks
>>>
>>> RPC_SSL_TRUSTSTORE_TYPE=JKS
>>>
>>> RPC_SSL_TRUSTSTORE_PASSWORD=accumuloAuth
>>>
>>>
>>> RPC_SSL_KEYSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/client.jks
>>>
>>> RPC_SSL_KEYSTORE_TYPE=JKS
>>>
>>> RPC_SSL_KEYSTORE_PASSWORD=mypass
>>>
>>> 3-I run the shell with --debug and this is what I get:
>>>
>>> 2015-07-15 22:53:06,380 [impl.ThriftTransportPool] DEBUG: Failed to
>>> connect to ssl:slave1:9997 (120000)
>>>
>>> org.apache.thrift.transport.TTransportException: Error creating the
>>> transport
>>>
>>> at
>>> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:371)
>>>
>>> at
>>> org.apache.accumulo.core.rpc.ThriftUtil.createClientTransport(ThriftUtil.java:248)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ThriftTransportPool.createNewTransport(ThriftTransportPool.java:478)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ThriftTransportPool.getAnyTransport(ThriftTransportPool.java:466)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:141)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:117)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:113)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ServerClient.executeRaw(ServerClient.java:95)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ServerClient.execute(ServerClient.java:61)
>>>
>>> at
>>> org.apache.accumulo.core.client.impl.ConnectorImpl.<init>(ConnectorImpl.java:67)
>>>
>>> at
>>> org.apache.accumulo.core.client.ZooKeeperInstance.getConnector(ZooKeeperInstance.java:248)
>>>
>>> at org.apache.accumulo.shell.Shell.config(Shell.java:362)
>>>
>>> at org.apache.accumulo.shell.Shell.execute(Shell.java:571)
>>>
>>> at org.apache.accumulo.start.Main$1.run(Main.java:93)
>>>
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> Caused by: java.io.IOException: Keystore was tampered with, or password
>>> was incorrect
>>>
>>> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>>>
>>> at
>>> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>>>
>>> at java.security.KeyStore.load(KeyStore.java:1214)
>>>
>>> at
>>> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:348)
>>>
>>> ... 14 more
>>>
>>> Caused by: java.security.UnrecoverableKeyException: Password
>>> verification failed
>>>
>>>  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>>>
>>> This error repeats for every slave.
>>> I have tested the password for every keystore and truststore file in the
>>> cluster and it is correct--it is the same everywhere.  I am very positive
>>> about this at this point.  Do you have any suggestion on what else could be
>>> wrong?
>>>
>>> I appreciate your help. I am stuck!
>>>
>>> pundutech
>>>
>>> On Tue, Jul 7, 2015 at 2:56 PM, Josh Elser <josh.elser@gmail.com> wrote:
>>>
>>>> Pundu,
>>>>
>>>> The password to use would be the "root" user's password that you set
>>>> when calling `accumulo init`. A limitation of the SSL approach is that it
>>>> only uses sets up a secure RPC, it isn't a "complete" security
>>>> implementation (as you might get with Kerberos in 1.7).
>>>>
>>>> Sadly, the error messages for SSL are very sparse when the client fails
>>>> to negotiate the handshake with a server. With the Accumulo shell, you can
>>>> try passing in the --debug option to get more information.
>>>>
>>>> Alternatively, try turning up org.apache.accumulo.core.client to DEBUG
>>>> or TRACE in $ACCUMULO_CONF_DIR/log4j.properties.
>>>>
>>>> - Josh
>>>>
>>>>
>>>> pundu tech wrote:
>>>>
>>>>> I have a SSL enabled-accumulo setup.
>>>>>
>>>>> I have followed:
>>>>>
>>>>> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
>>>>>   to the teeth and as far as my undersatnding goes on SSL it is all
>>>>> correct.
>>>>>
>>>>> I have created a $ACCUMULO_HOME/conf/client.conf with the following
>>>>> properties
>>>>>
>>>>> INSTANCE_NAME=accumulo
>>>>>
>>>>> INSTANCE_RPC_SSL_ENABLED=true
>>>>>
>>>>> NSTANCE_RPC_SSL_CLIENT_AUTH=true
>>>>>
>>>>> INSTANCE_ZK_HOST=host1
>>>>>
>>>>> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/truststore.jks
>>>>>
>>>>> RPC_SSL_TRUSTSTORE_TYPE=JKS
>>>>>
>>>>> RPC_SSL_TRUSTSTORE_PASSWORD=mypass
>>>>>
>>>>> RPC_SSL_KEYSTORE_PATH=/home/hadoop/server.jks
>>>>>
>>>>> RPC_SSL_KEYSTORE_TYPE=JKS
>>>>>
>>>>> RPC_SSL_KEYSTORE_PASSWORD=mypass
>>>>>
>>>>>
>>>>> but when I try to connect via shell I am prompted for a password. Which
>>>>> password is this? It does not seem to be the tracer password (which
>>>>> user
>>>>> is "root").
>>>>>
>>>>> ./accumulo shell -u root
>>>>>
>>>>> /usr/local/zookeeper-3.4.6
>>>>>
>>>>> /usr/local/jdk1.7.0_79
>>>>>
>>>>> Password:   ----> ?
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> pundu tech
>>>>>
>>>>>
>>>
>>
>

Mime
View raw message