[
https://issues.apache.org/jira/browse/AMBARI-2644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddharth Wagle updated AMBARI-2644:
------------------------------------
Attachment: AMBARI-2644.patch
> Ambari-server can not find password for remote database with password
> encryption enabled
> ----------------------------------------------------------------------------------------
>
> Key: AMBARI-2644
> URL: https://issues.apache.org/jira/browse/AMBARI-2644
> Project: Ambari
> Issue Type: Bug
> Components: controller
> Affects Versions: 1.2.5
> Reporter: Siddharth Wagle
> Assignee: Siddharth Wagle
> Fix For: 1.2.5
>
> Attachments: AMBARI-2644.patch
>
>
> Performed cluster setup as proposed at E2E test scenario.
> {code}
> ambari-server setup
> ambari-server setup-ldap
> ambari-server encrypt-passwords
> ambari-server setup-https
> ambari-server start
> {code}
> Server does not start. It complains about missing password file / db password
> alias
> {code}
> 19:03:36,249 INFO Configuration:300 - Generation of file with password
> 19:03:37,320 INFO CredentialProvider:146 - action => PUT, alias =>
> ambari.db.password
> 19:03:37,885 INFO Configuration:313 - Reading password from existing file
> 19:03:38,838 INFO CredentialProvider:146 - action => PUT, alias =>
> ambari.ldap.manager.password
> 19:12:02,925 INFO Configuration:313 - Reading password from existing file
> 19:12:02,946 INFO Configuration:324 - API SSL Authentication is turned on.
> 19:12:02,946 INFO Configuration:329 - Reading password from existing file
> 19:12:02,948 INFO Configuration:481 - Hosts Mapping File null
> 19:12:02,951 INFO HostsMap:60 - Using hostsmap file null
> 19:12:04,467 INFO MasterKeyServiceImpl:209 - Loading from persistent master:
> #1.0# Fri, Jul 12 2013 19:03:34.717
> 19:12:06,016 INFO AmbariServer:446 - Getting the controller
> 19:12:11,146 INFO CertificateManager:68 - Initialization of root certificate
> 19:12:11,147 INFO CertificateManager:70 - Certificate exists:false
> 19:12:11,147 INFO CertificateManager:137 - Generation of server certificate
> 19:12:16,383 INFO ShellCommandUtil:43 - Command openssl genrsa -des3
> -passout pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -out
> /var/lib/ambari-server/keys/ca.key 4096 was finished with exit code: 0 - the
> operation was completely successfully.
> 19:12:16,431 INFO ShellCommandUtil:43 - Command openssl req -passin
> pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -new -key
> /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt
> -batch was finished with exit code: 0 - the operation was completely
> successfully.
> 19:12:16,483 INFO ShellCommandUtil:43 - Command openssl x509 -passin
> pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -req -days 365 -in
> /var/lib/ambari-server/keys/ca.crt -signkey
> /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt
> was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,496 INFO ShellCommandUtil:43 - Command openssl pkcs12 -export -in
> /var/lib/ambari-server/keys/ca.crt -inkey /var/lib/ambari-server/keys/ca.key
> -certfile /var/lib/ambari-server/keys/ca.crt -out
> /var/lib/ambari-server/keys/keystore.p12 -password
> pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -passin
> pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG
> was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,883 INFO AmbariServer:123 - ********* Meta Info initialized
> **********
> 19:12:16,896 INFO ClustersImpl:88 - Initializing the ClustersImpl
> 19:12:17,115 ERROR Configuration:610 - Error reading from credential store.
> 19:12:17,116 ERROR Configuration:616 - Cannot read password for alias =
> /etc/ambari-server/conf/password.dat
> 19:12:17,117 ERROR AmbariServer:455 - Failed to run the Ambari Server
> java.lang.RuntimeException: Unable to read database password
> at
> org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:596)
> at
> org.apache.ambari.server.configuration.Configuration.getRcaDatabasePassword(Configuration.java:583)
> at
> org.apache.ambari.eventdb.webservice.WorkflowJsonService.setDBProperties(WorkflowJsonService.java:95)
> at
> org.apache.ambari.server.controller.AmbariServer.performStaticInjection(AmbariServer.java:437)
> at
> org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:125)
> at
> org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:452)
> Caused by: java.io.FileNotFoundException: File
> '/etc/ambari-server/conf/password.dat' does not exist
> at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:265)
> at
> org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1457)
> at
> org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1475)
> at
> org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:594)
> ... 5 more
> 19:12:17,118 ERROR AmbariServer:420 - Error stopping the server
> java.lang.NullPointerException
> at
> org.apache.ambari.server.controller.AmbariServer.stop(AmbariServer.java:418)
> at
> org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:457)
> {code}
> Content of ambari.properties:
> {code}
> server.jdbc.rca.driver=oracle.jdbc.driver.OracleDriver
> authentication.ldap.managerDn=uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> authentication.ldap.primaryUrl=localhost:389
> server.jdbc.rca.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
> server.connection.max.idle.millis=900000
> server.jdbc.port=1521
> server.version.file=/var/lib/ambari-server/resources/version
> server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat
> api.authenticate=true
> jce_policy.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip
> server.persistence.type=remote
> client.api.ssl.key_name=https.key
> authentication.ldap.useSSL=false
> ambari-server.user=ambar-server
> client.api.ssl.port=8443
> authentication.ldap.usernameAttribute=uid
> server.jdbc.user.name=ambari
> server.jdbc.schema=XE
> java.home=/usr/jdk64/jdk1.6.0_31
> server.os_type=redhat6
> api.ssl=true
> bootstrap.script=/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py
> client.api.ssl.cert_name=https.crt
> authentication.ldap.bindAnonymously=false
> client.security=ldap
> server.jdbc.hostname=ip-10-34-79-165.ec2.internal
> resources.dir=/var/lib/ambari-server/resources
> security.passwords.encryption.enabled=true
> bootstrap.setup_agent.script=/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
> server.jdbc.driver=oracle.jdbc.driver.OracleDriver
> jdk.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin
> security.server.keys_dir=/var/lib/ambari-server/keys
> server.jdbc.rca.user.name=ambari
> webapp.dir=/usr/lib/ambari-server/web
> metadata.path=/var/lib/ambari-server/resources/stacks
> server.jdbc.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
> server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname
> bootstrap.dir=/var/run/ambari-server/bootstrap
> authentication.ldap.baseDn=dc=apache,dc=org
> server.jdbc.user.passwd=${alias=ambari.db.password}
> authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password}
> server.jdbc.database=oracle
> security.server.two_way_ssl=true
> {code}
> File /etc/ambari-server/conf/password.dat is missing
> Setup flow:
> {code}
> [root@ip-10-116-65-200 kerb]# ambari-server setup
> Using python /usr/bin/python2.6
> Initializing...
> Setup ambari-server
> Checking SELinux...
> SELinux status is 'enabled'
> SELinux mode is 'enforcing'
> Temporarily disabling SELinux
> WARNING: SELinux is set to 'permissive' mode and temporarily disabled.
> OK to continue [y/n] (y)? y
> Customize user account for ambari-server daemon [y/n] (n)? y
> Enter user account for ambari-server daemon (root):ambar-server
> Adjusting ambari-server permissions and ownership...
> Checking iptables...
> iptables is disabled now. please reenable later.
> Checking JDK...
> Downloading JDK from
> http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin to
> /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
> JDK distribution size is 85581913 bytes
> jdk-6u31-linux-x64.bin... 100% (81.6 MB of 81.6 MB)
> Successfully downloaded JDK distribution to
> /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
> To install the Oracle JDK you must accept the license terms found at
> http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u21-license-159167.txt.
> Not accepting will cancel the Ambari Server setup.
> Do you accept the Oracle Binary Code License Agreement [y/n] (y)?
> Installing JDK to /usr/jdk64
> Successfully installed JDK to /usr/jdk64/jdk1.6.0_31
> Downloading JCE Policy archive from
> http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip to
> /var/lib/ambari-server/resources/jce_policy-6.zip
> Successfully downloaded JCE Policy archive to
> /var/lib/ambari-server/resources/jce_policy-6.zip
> Completing setup...
> Configuring database...
> Enter advanced database configuration [y/n] (n)? y
> Select database:
> 1 - PostgreSQL (Embedded)
> 2 - Oracle
> [1]:2
> Hostname [localhost]:ip-10-34-79-165.ec2.internal
> Port [1521]:
> Select Oracle identifier type:
> 1 - Service Name
> 2 - SID
> [1]:XE
> Invalid number.
> Select Oracle identifier type:
> 1 - Service Name
> 2 - SID
> [1]:1
> Service Name [ambari]:XE
> Username [ambari]:
> Enter Database Password [bigdata]:
> WARNING: Before starting Ambari Server, you must copy the Oracle JDBC driver
> JAR file to /usr/share/java.
> Press <enter> to continue.
> Copying JDBC drivers to server resources...
> Configuring remote database connection properties...
> WARNING: Cannot find oracle sqlplus client in the path to load the Ambari
> Server schema. Before starting Ambari Server, you must run the following DDL
> against the database to create the schema
> sqlplus ambari/bigdata <
> /var/lib/ambari-server/resources/Ambari-DDL-Oracle-CREATE.sql
> Press <enter> to continue.
> WARNING: The cli was not found
> Ambari Server 'setup' completed with warnings.
> [root@ip-10-116-65-200 kerb]# less /etc/passwd
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
