Siddharth Wagle created AMBARI-2644:
---------------------------------------
Summary: Ambari-server can not find password for remote database
with password encryption enabled
Key: AMBARI-2644
URL: https://issues.apache.org/jira/browse/AMBARI-2644
Project: Ambari
Issue Type: Bug
Components: controller
Affects Versions: 1.2.5
Reporter: Siddharth Wagle
Assignee: Siddharth Wagle
Fix For: 1.2.5
Performed cluster setup as proposed at E2E test scenario.
{code}
ambari-server setup
ambari-server setup-ldap
ambari-server encrypt-passwords
ambari-server setup-https
ambari-server start
{code}
Server does not start. It complains about missing password file / db password
alias
{code}
19:03:36,249 INFO Configuration:300 - Generation of file with password
19:03:37,320 INFO CredentialProvider:146 - action => PUT, alias =>
ambari.db.password
19:03:37,885 INFO Configuration:313 - Reading password from existing file
19:03:38,838 INFO CredentialProvider:146 - action => PUT, alias =>
ambari.ldap.manager.password
19:12:02,925 INFO Configuration:313 - Reading password from existing file
19:12:02,946 INFO Configuration:324 - API SSL Authentication is turned on.
19:12:02,946 INFO Configuration:329 - Reading password from existing file
19:12:02,948 INFO Configuration:481 - Hosts Mapping File null
19:12:02,951 INFO HostsMap:60 - Using hostsmap file null
19:12:04,467 INFO MasterKeyServiceImpl:209 - Loading from persistent master:
#1.0# Fri, Jul 12 2013 19:03:34.717
19:12:06,016 INFO AmbariServer:446 - Getting the controller
19:12:11,146 INFO CertificateManager:68 - Initialization of root certificate
19:12:11,147 INFO CertificateManager:70 - Certificate exists:false
19:12:11,147 INFO CertificateManager:137 - Generation of server certificate
19:12:16,383 INFO ShellCommandUtil:43 - Command openssl genrsa -des3 -passout
pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -out
/var/lib/ambari-server/keys/ca.key 4096 was finished with exit code: 0 - the
operation was completely successfully.
19:12:16,431 INFO ShellCommandUtil:43 - Command openssl req -passin
pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -new -key
/var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt
-batch was finished with exit code: 0 - the operation was completely
successfully.
19:12:16,483 INFO ShellCommandUtil:43 - Command openssl x509 -passin
pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -req -days 365 -in
/var/lib/ambari-server/keys/ca.crt -signkey /var/lib/ambari-server/keys/ca.key
-out /var/lib/ambari-server/keys/ca.crt
was finished with exit code: 0 - the operation was completely successfully.
19:12:16,496 INFO ShellCommandUtil:43 - Command openssl pkcs12 -export -in
/var/lib/ambari-server/keys/ca.crt -inkey /var/lib/ambari-server/keys/ca.key
-certfile /var/lib/ambari-server/keys/ca.crt -out
/var/lib/ambari-server/keys/keystore.p12 -password
pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -passin
pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG
was finished with exit code: 0 - the operation was completely successfully.
19:12:16,883 INFO AmbariServer:123 - ********* Meta Info initialized **********
19:12:16,896 INFO ClustersImpl:88 - Initializing the ClustersImpl
19:12:17,115 ERROR Configuration:610 - Error reading from credential store.
19:12:17,116 ERROR Configuration:616 - Cannot read password for alias =
/etc/ambari-server/conf/password.dat
19:12:17,117 ERROR AmbariServer:455 - Failed to run the Ambari Server
java.lang.RuntimeException: Unable to read database password
at
org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:596)
at
org.apache.ambari.server.configuration.Configuration.getRcaDatabasePassword(Configuration.java:583)
at
org.apache.ambari.eventdb.webservice.WorkflowJsonService.setDBProperties(WorkflowJsonService.java:95)
at
org.apache.ambari.server.controller.AmbariServer.performStaticInjection(AmbariServer.java:437)
at
org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:125)
at
org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:452)
Caused by: java.io.FileNotFoundException: File
'/etc/ambari-server/conf/password.dat' does not exist
at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:265)
at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1457)
at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1475)
at
org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:594)
... 5 more
19:12:17,118 ERROR AmbariServer:420 - Error stopping the server
java.lang.NullPointerException
at
org.apache.ambari.server.controller.AmbariServer.stop(AmbariServer.java:418)
at
org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:457)
{code}
Content of ambari.properties:
{code}
server.jdbc.rca.driver=oracle.jdbc.driver.OracleDriver
authentication.ldap.managerDn=uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
authentication.ldap.primaryUrl=localhost:389
server.jdbc.rca.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
server.connection.max.idle.millis=900000
server.jdbc.port=1521
server.version.file=/var/lib/ambari-server/resources/version
server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat
api.authenticate=true
jce_policy.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip
server.persistence.type=remote
client.api.ssl.key_name=https.key
authentication.ldap.useSSL=false
ambari-server.user=ambar-server
client.api.ssl.port=8443
authentication.ldap.usernameAttribute=uid
server.jdbc.user.name=ambari
server.jdbc.schema=XE
java.home=/usr/jdk64/jdk1.6.0_31
server.os_type=redhat6
api.ssl=true
bootstrap.script=/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py
client.api.ssl.cert_name=https.crt
authentication.ldap.bindAnonymously=false
client.security=ldap
server.jdbc.hostname=ip-10-34-79-165.ec2.internal
resources.dir=/var/lib/ambari-server/resources
security.passwords.encryption.enabled=true
bootstrap.setup_agent.script=/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
server.jdbc.driver=oracle.jdbc.driver.OracleDriver
jdk.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin
security.server.keys_dir=/var/lib/ambari-server/keys
server.jdbc.rca.user.name=ambari
webapp.dir=/usr/lib/ambari-server/web
metadata.path=/var/lib/ambari-server/resources/stacks
server.jdbc.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname
bootstrap.dir=/var/run/ambari-server/bootstrap
authentication.ldap.baseDn=dc=apache,dc=org
server.jdbc.user.passwd=${alias=ambari.db.password}
authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password}
server.jdbc.database=oracle
security.server.two_way_ssl=true
{code}
File /etc/ambari-server/conf/password.dat is missing
Setup flow:
{code}
[root@ip-10-116-65-200 kerb]# ambari-server setup
Using python /usr/bin/python2.6
Initializing...
Setup ambari-server
Checking SELinux...
SELinux status is 'enabled'
SELinux mode is 'enforcing'
Temporarily disabling SELinux
WARNING: SELinux is set to 'permissive' mode and temporarily disabled.
OK to continue [y/n] (y)? y
Customize user account for ambari-server daemon [y/n] (n)? y
Enter user account for ambari-server daemon (root):ambar-server
Adjusting ambari-server permissions and ownership...
Checking iptables...
iptables is disabled now. please reenable later.
Checking JDK...
Downloading JDK from
http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin to
/var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
JDK distribution size is 85581913 bytes
jdk-6u31-linux-x64.bin... 100% (81.6 MB of 81.6 MB)
Successfully downloaded JDK distribution to
/var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
To install the Oracle JDK you must accept the license terms found at
http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u21-license-159167.txt.
Not accepting will cancel the Ambari Server setup.
Do you accept the Oracle Binary Code License Agreement [y/n] (y)?
Installing JDK to /usr/jdk64
Successfully installed JDK to /usr/jdk64/jdk1.6.0_31
Downloading JCE Policy archive from
http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip to
/var/lib/ambari-server/resources/jce_policy-6.zip
Successfully downloaded JCE Policy archive to
/var/lib/ambari-server/resources/jce_policy-6.zip
Completing setup...
Configuring database...
Enter advanced database configuration [y/n] (n)? y
Select database:
1 - PostgreSQL (Embedded)
2 - Oracle
[1]:2
Hostname [localhost]:ip-10-34-79-165.ec2.internal
Port [1521]:
Select Oracle identifier type:
1 - Service Name
2 - SID
[1]:XE
Invalid number.
Select Oracle identifier type:
1 - Service Name
2 - SID
[1]:1
Service Name [ambari]:XE
Username [ambari]:
Enter Database Password [bigdata]:
WARNING: Before starting Ambari Server, you must copy the Oracle JDBC driver
JAR file to /usr/share/java.
Press <enter> to continue.
Copying JDBC drivers to server resources...
Configuring remote database connection properties...
WARNING: Cannot find oracle sqlplus client in the path to load the Ambari
Server schema. Before starting Ambari Server, you must run the following DDL
against the database to create the schema
sqlplus ambari/bigdata <
/var/lib/ambari-server/resources/Ambari-DDL-Oracle-CREATE.sql
Press <enter> to continue.
WARNING: The cli was not found
Ambari Server 'setup' completed with warnings.
[root@ip-10-116-65-200 kerb]# less /etc/passwd
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
