accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Billie Rinaldi <billie.rina...@gmail.com>
Subject Re: Failed to find an available server in the list of servers
Date Thu, 16 Jul 2015 13:34:51 GMT
Regarding the client.conf file, it seems you are using the Property enums
(such as INSTANCE_NAME) rather than their associated property names (such
as instance.name).  Your client.conf file should look like:

instance.name=comet
instance.rpc.ssl.enabled=true
instance.rpc.ssl.clientAuth=true

and so on.  If you're generating the file programmatically, you can get
those property names using the getKey() method of the Property:

Property.INSTANCE_RPC_SSL_ENABLED.getKey()

On Wed, Jul 15, 2015 at 8:05 PM, pundu tech <pundutech@gmail.com> wrote:

> Josh,
> I had miss this email from you before.
>
> So I have done as you suggested.  Let me summarize what I have done.
>
> 1- Followed
> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
> I have a master (master)node and 4 slaves (slave1, slave2, slave3, slave4)
> I have created certificates for the 5 nodes and I have also created
> certificate for a client which is sitting in slave1.
> 2-Since I am running the shell from slave1 I have created a client.conf
> file which I pass to the shell via the --config-file parameter.
>
> INSTANCE_NAME=comet
>
> INSTANCE_RPC_SSL_ENABLED=true
>
> INSTANCE_RPC_SSL_CLIENT_AUTH=true
>
> INSTANCE_ZK_HOST=slave1,slave2,slave3,slave4
>
> #the trustore is the same along all the nodes since it stores the pub key
> of the CA
>
>
> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/truststore.jks
>
> RPC_SSL_TRUSTSTORE_TYPE=JKS
>
> RPC_SSL_TRUSTSTORE_PASSWORD=accumuloAuth
>
> RPC_SSL_KEYSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/client.jks
>
> RPC_SSL_KEYSTORE_TYPE=JKS
>
> RPC_SSL_KEYSTORE_PASSWORD=mypass
>
> 3-I run the shell with --debug and this is what I get:
>
> 2015-07-15 22:53:06,380 [impl.ThriftTransportPool] DEBUG: Failed to
> connect to ssl:slave1:9997 (120000)
>
> org.apache.thrift.transport.TTransportException: Error creating the
> transport
>
> at
> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:371)
>
> at
> org.apache.accumulo.core.rpc.ThriftUtil.createClientTransport(ThriftUtil.java:248)
>
> at
> org.apache.accumulo.core.client.impl.ThriftTransportPool.createNewTransport(ThriftTransportPool.java:478)
>
> at
> org.apache.accumulo.core.client.impl.ThriftTransportPool.getAnyTransport(ThriftTransportPool.java:466)
>
> at
> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:141)
>
> at
> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:117)
>
> at
> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:113)
>
> at
> org.apache.accumulo.core.client.impl.ServerClient.executeRaw(ServerClient.java:95)
>
> at
> org.apache.accumulo.core.client.impl.ServerClient.execute(ServerClient.java:61)
>
> at
> org.apache.accumulo.core.client.impl.ConnectorImpl.<init>(ConnectorImpl.java:67)
>
> at
> org.apache.accumulo.core.client.ZooKeeperInstance.getConnector(ZooKeeperInstance.java:248)
>
> at org.apache.accumulo.shell.Shell.config(Shell.java:362)
>
> at org.apache.accumulo.shell.Shell.execute(Shell.java:571)
>
> at org.apache.accumulo.start.Main$1.run(Main.java:93)
>
> at java.lang.Thread.run(Thread.java:745)
>
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
>
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>
> at java.security.KeyStore.load(KeyStore.java:1214)
>
> at
> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:348)
>
> ... 14 more
>
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
>
>  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>
> This error repeats for every slave.
> I have tested the password for every keystore and truststore file in the
> cluster and it is correct--it is the same everywhere.  I am very positive
> about this at this point.  Do you have any suggestion on what else could be
> wrong?
>
> I appreciate your help. I am stuck!
>
> pundutech
>
> On Tue, Jul 7, 2015 at 2:56 PM, Josh Elser <josh.elser@gmail.com> wrote:
>
>> Pundu,
>>
>> The password to use would be the "root" user's password that you set when
>> calling `accumulo init`. A limitation of the SSL approach is that it only
>> uses sets up a secure RPC, it isn't a "complete" security implementation
>> (as you might get with Kerberos in 1.7).
>>
>> Sadly, the error messages for SSL are very sparse when the client fails
>> to negotiate the handshake with a server. With the Accumulo shell, you can
>> try passing in the --debug option to get more information.
>>
>> Alternatively, try turning up org.apache.accumulo.core.client to DEBUG or
>> TRACE in $ACCUMULO_CONF_DIR/log4j.properties.
>>
>> - Josh
>>
>>
>> pundu tech wrote:
>>
>>> I have a SSL enabled-accumulo setup.
>>>
>>> I have followed:
>>>
>>> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
>>>   to the teeth and as far as my undersatnding goes on SSL it is all
>>> correct.
>>>
>>> I have created a $ACCUMULO_HOME/conf/client.conf with the following
>>> properties
>>>
>>> INSTANCE_NAME=accumulo
>>>
>>> INSTANCE_RPC_SSL_ENABLED=true
>>>
>>> NSTANCE_RPC_SSL_CLIENT_AUTH=true
>>>
>>> INSTANCE_ZK_HOST=host1
>>>
>>> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/truststore.jks
>>>
>>> RPC_SSL_TRUSTSTORE_TYPE=JKS
>>>
>>> RPC_SSL_TRUSTSTORE_PASSWORD=mypass
>>>
>>> RPC_SSL_KEYSTORE_PATH=/home/hadoop/server.jks
>>>
>>> RPC_SSL_KEYSTORE_TYPE=JKS
>>>
>>> RPC_SSL_KEYSTORE_PASSWORD=mypass
>>>
>>>
>>> but when I try to connect via shell I am prompted for a password. Which
>>> password is this? It does not seem to be the tracer password (which user
>>> is "root").
>>>
>>> ./accumulo shell -u root
>>>
>>> /usr/local/zookeeper-3.4.6
>>>
>>> /usr/local/jdk1.7.0_79
>>>
>>> Password:   ----> ?
>>>
>>>
>>> Thanks
>>>
>>> pundu tech
>>>
>>>
>

Mime
View raw message