accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pundu tech <pundut...@gmail.com>
Subject Re: Failed to find an available server in the list of servers
Date Thu, 16 Jul 2015 14:19:33 GMT
Billie,
**THANKS**
Hard to believe I missed this. I was able to login to the shell.


On Thu, Jul 16, 2015 at 9:34 AM, Billie Rinaldi <billie.rinaldi@gmail.com>
wrote:

> Regarding the client.conf file, it seems you are using the Property enums
> (such as INSTANCE_NAME) rather than their associated property names (such
> as instance.name).  Your client.conf file should look like:
>
> instance.name=comet
> instance.rpc.ssl.enabled=true
> instance.rpc.ssl.clientAuth=true
>
> and so on.  If you're generating the file programmatically, you can get
> those property names using the getKey() method of the Property:
>
> Property.INSTANCE_RPC_SSL_ENABLED.getKey()
>
> On Wed, Jul 15, 2015 at 8:05 PM, pundu tech <pundutech@gmail.com> wrote:
>
>> Josh,
>> I had miss this email from you before.
>>
>> So I have done as you suggested.  Let me summarize what I have done.
>>
>> 1- Followed
>> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
>> I have a master (master)node and 4 slaves (slave1, slave2, slave3, slave4)
>> I have created certificates for the 5 nodes and I have also created
>> certificate for a client which is sitting in slave1.
>> 2-Since I am running the shell from slave1 I have created a client.conf
>> file which I pass to the shell via the --config-file parameter.
>>
>> INSTANCE_NAME=comet
>>
>> INSTANCE_RPC_SSL_ENABLED=true
>>
>> INSTANCE_RPC_SSL_CLIENT_AUTH=true
>>
>> INSTANCE_ZK_HOST=slave1,slave2,slave3,slave4
>>
>> #the trustore is the same along all the nodes since it stores the pub key
>> of the CA
>>
>>
>> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/truststore.jks
>>
>> RPC_SSL_TRUSTSTORE_TYPE=JKS
>>
>> RPC_SSL_TRUSTSTORE_PASSWORD=accumuloAuth
>>
>>
>> RPC_SSL_KEYSTORE_PATH=/home/hadoop/accumulo-1.7.0/conf/clientSSL/client.jks
>>
>> RPC_SSL_KEYSTORE_TYPE=JKS
>>
>> RPC_SSL_KEYSTORE_PASSWORD=mypass
>>
>> 3-I run the shell with --debug and this is what I get:
>>
>> 2015-07-15 22:53:06,380 [impl.ThriftTransportPool] DEBUG: Failed to
>> connect to ssl:slave1:9997 (120000)
>>
>> org.apache.thrift.transport.TTransportException: Error creating the
>> transport
>>
>> at
>> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:371)
>>
>> at
>> org.apache.accumulo.core.rpc.ThriftUtil.createClientTransport(ThriftUtil.java:248)
>>
>> at
>> org.apache.accumulo.core.client.impl.ThriftTransportPool.createNewTransport(ThriftTransportPool.java:478)
>>
>> at
>> org.apache.accumulo.core.client.impl.ThriftTransportPool.getAnyTransport(ThriftTransportPool.java:466)
>>
>> at
>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:141)
>>
>> at
>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:117)
>>
>> at
>> org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:113)
>>
>> at
>> org.apache.accumulo.core.client.impl.ServerClient.executeRaw(ServerClient.java:95)
>>
>> at
>> org.apache.accumulo.core.client.impl.ServerClient.execute(ServerClient.java:61)
>>
>> at
>> org.apache.accumulo.core.client.impl.ConnectorImpl.<init>(ConnectorImpl.java:67)
>>
>> at
>> org.apache.accumulo.core.client.ZooKeeperInstance.getConnector(ZooKeeperInstance.java:248)
>>
>> at org.apache.accumulo.shell.Shell.config(Shell.java:362)
>>
>> at org.apache.accumulo.shell.Shell.execute(Shell.java:571)
>>
>> at org.apache.accumulo.start.Main$1.run(Main.java:93)
>>
>> at java.lang.Thread.run(Thread.java:745)
>>
>> Caused by: java.io.IOException: Keystore was tampered with, or password
>> was incorrect
>>
>> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>>
>> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>>
>> at java.security.KeyStore.load(KeyStore.java:1214)
>>
>> at
>> org.apache.accumulo.core.rpc.ThriftUtil.createSSLContext(ThriftUtil.java:348)
>>
>> ... 14 more
>>
>> Caused by: java.security.UnrecoverableKeyException: Password verification
>> failed
>>
>>  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>>
>> This error repeats for every slave.
>> I have tested the password for every keystore and truststore file in the
>> cluster and it is correct--it is the same everywhere.  I am very positive
>> about this at this point.  Do you have any suggestion on what else could be
>> wrong?
>>
>> I appreciate your help. I am stuck!
>>
>> pundutech
>>
>> On Tue, Jul 7, 2015 at 2:56 PM, Josh Elser <josh.elser@gmail.com> wrote:
>>
>>> Pundu,
>>>
>>> The password to use would be the "root" user's password that you set
>>> when calling `accumulo init`. A limitation of the SSL approach is that it
>>> only uses sets up a secure RPC, it isn't a "complete" security
>>> implementation (as you might get with Kerberos in 1.7).
>>>
>>> Sadly, the error messages for SSL are very sparse when the client fails
>>> to negotiate the handshake with a server. With the Accumulo shell, you can
>>> try passing in the --debug option to get more information.
>>>
>>> Alternatively, try turning up org.apache.accumulo.core.client to DEBUG
>>> or TRACE in $ACCUMULO_CONF_DIR/log4j.properties.
>>>
>>> - Josh
>>>
>>>
>>> pundu tech wrote:
>>>
>>>> I have a SSL enabled-accumulo setup.
>>>>
>>>> I have followed:
>>>>
>>>> https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
>>>>   to the teeth and as far as my undersatnding goes on SSL it is all
>>>> correct.
>>>>
>>>> I have created a $ACCUMULO_HOME/conf/client.conf with the following
>>>> properties
>>>>
>>>> INSTANCE_NAME=accumulo
>>>>
>>>> INSTANCE_RPC_SSL_ENABLED=true
>>>>
>>>> NSTANCE_RPC_SSL_CLIENT_AUTH=true
>>>>
>>>> INSTANCE_ZK_HOST=host1
>>>>
>>>> RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/truststore.jks
>>>>
>>>> RPC_SSL_TRUSTSTORE_TYPE=JKS
>>>>
>>>> RPC_SSL_TRUSTSTORE_PASSWORD=mypass
>>>>
>>>> RPC_SSL_KEYSTORE_PATH=/home/hadoop/server.jks
>>>>
>>>> RPC_SSL_KEYSTORE_TYPE=JKS
>>>>
>>>> RPC_SSL_KEYSTORE_PASSWORD=mypass
>>>>
>>>>
>>>> but when I try to connect via shell I am prompted for a password. Which
>>>> password is this? It does not seem to be the tracer password (which user
>>>> is "root").
>>>>
>>>> ./accumulo shell -u root
>>>>
>>>> /usr/local/zookeeper-3.4.6
>>>>
>>>> /usr/local/jdk1.7.0_79
>>>>
>>>> Password:   ----> ?
>>>>
>>>>
>>>> Thanks
>>>>
>>>> pundu tech
>>>>
>>>>
>>
>

Mime
View raw message