Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-2644

Ambari-server can not find password for remote database with password encryption enabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.2.5
    • 1.2.5
    • ambari-server
    • None

    Description

      Performed cluster setup as proposed at E2E test scenario. 

      ambari-server setup
ambari-server setup-ldap
ambari-server encrypt-passwords
ambari-server setup-https
ambari-server start

      Server does not start. It complains about missing password file / db password alias

      19:03:36,249  INFO Configuration:300 - Generation of file with password
19:03:37,320  INFO CredentialProvider:146 - action => PUT, alias => ambari.db.password
19:03:37,885  INFO Configuration:313 - Reading password from existing file
19:03:38,838  INFO CredentialProvider:146 - action => PUT, alias => ambari.ldap.manager.password
19:12:02,925  INFO Configuration:313 - Reading password from existing file
19:12:02,946  INFO Configuration:324 - API SSL Authentication is turned on.
19:12:02,946  INFO Configuration:329 - Reading password from existing file
19:12:02,948  INFO Configuration:481 - Hosts Mapping File null
19:12:02,951  INFO HostsMap:60 - Using hostsmap file null
19:12:04,467  INFO MasterKeyServiceImpl:209 - Loading from persistent master: #1.0# Fri, Jul 12 2013 19:03:34.717
19:12:06,016  INFO AmbariServer:446 - Getting the controller
19:12:11,146  INFO CertificateManager:68 - Initialization of root certificate
19:12:11,147  INFO CertificateManager:70 - Certificate exists:false
19:12:11,147  INFO CertificateManager:137 - Generation of server certificate
19:12:16,383  INFO ShellCommandUtil:43 - Command openssl genrsa -des3 -passout pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -out /var/lib/ambari-server/keys/ca.key 4096  was finished with exit code: 0 - the operation was completely successfully.
19:12:16,431  INFO ShellCommandUtil:43 - Command openssl req -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -new -key /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt -batch was finished with exit code: 0 - the operation was completely successfully.
19:12:16,483  INFO ShellCommandUtil:43 - Command openssl x509 -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -req -days 365 -in /var/lib/ambari-server/keys/ca.crt -signkey /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt 
 was finished with exit code: 0 - the operation was completely successfully.
19:12:16,496  INFO ShellCommandUtil:43 - Command openssl pkcs12 -export -in /var/lib/ambari-server/keys/ca.crt -inkey /var/lib/ambari-server/keys/ca.key -certfile /var/lib/ambari-server/keys/ca.crt -out /var/lib/ambari-server/keys/keystore.p12 -password pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG 
 was finished with exit code: 0 - the operation was completely successfully.
19:12:16,883  INFO AmbariServer:123 - ********* Meta Info initialized **********
19:12:16,896  INFO ClustersImpl:88 - Initializing the ClustersImpl
19:12:17,115 ERROR Configuration:610 - Error reading from credential store.
19:12:17,116 ERROR Configuration:616 - Cannot read password for alias = /etc/ambari-server/conf/password.dat
19:12:17,117 ERROR AmbariServer:455 - Failed to run the Ambari Server
java.lang.RuntimeException: Unable to read database password
        at org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:596)
        at org.apache.ambari.server.configuration.Configuration.getRcaDatabasePassword(Configuration.java:583)
        at org.apache.ambari.eventdb.webservice.WorkflowJsonService.setDBProperties(WorkflowJsonService.java:95)
        at org.apache.ambari.server.controller.AmbariServer.performStaticInjection(AmbariServer.java:437)
        at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:125)
        at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:452)
Caused by: java.io.FileNotFoundException: File '/etc/ambari-server/conf/password.dat' does not exist
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:265)
        at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1457)
        at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1475)
        at org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:594)
        ... 5 more
19:12:17,118 ERROR AmbariServer:420 - Error stopping the server
java.lang.NullPointerException
        at org.apache.ambari.server.controller.AmbariServer.stop(AmbariServer.java:418)
        at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:457)

      Content of ambari.properties:

      server.jdbc.rca.driver=oracle.jdbc.driver.OracleDriver
authentication.ldap.managerDn=uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
authentication.ldap.primaryUrl=localhost:389
server.jdbc.rca.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
server.connection.max.idle.millis=900000
server.jdbc.port=1521
server.version.file=/var/lib/ambari-server/resources/version
server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat
api.authenticate=true
jce_policy.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip
server.persistence.type=remote
client.api.ssl.key_name=https.key
authentication.ldap.useSSL=false
ambari-server.user=ambar-server
client.api.ssl.port=8443
authentication.ldap.usernameAttribute=uid
server.jdbc.user.name=ambari
server.jdbc.schema=XE
java.home=/usr/jdk64/jdk1.6.0_31
server.os_type=redhat6
api.ssl=true
bootstrap.script=/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py
client.api.ssl.cert_name=https.crt
authentication.ldap.bindAnonymously=false
client.security=ldap
server.jdbc.hostname=ip-10-34-79-165.ec2.internal
resources.dir=/var/lib/ambari-server/resources
security.passwords.encryption.enabled=true
bootstrap.setup_agent.script=/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
server.jdbc.driver=oracle.jdbc.driver.OracleDriver
jdk.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin
security.server.keys_dir=/var/lib/ambari-server/keys
server.jdbc.rca.user.name=ambari
webapp.dir=/usr/lib/ambari-server/web
metadata.path=/var/lib/ambari-server/resources/stacks
server.jdbc.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname
bootstrap.dir=/var/run/ambari-server/bootstrap
authentication.ldap.baseDn=dc=apache,dc=org
server.jdbc.user.passwd=${alias=ambari.db.password}
authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password}
server.jdbc.database=oracle
security.server.two_way_ssl=true

      File /etc/ambari-server/conf/password.dat is missing

      Setup flow:

      [root@ip-10-116-65-200 kerb]# ambari-server setup
Using python  /usr/bin/python2.6
Initializing...
Setup ambari-server
Checking SELinux...
SELinux status is 'enabled'
SELinux mode is 'enforcing'
Temporarily disabling SELinux
WARNING: SELinux is set to 'permissive' mode and temporarily disabled.
OK to continue [y/n] (y)? y
Customize user account for ambari-server daemon [y/n] (n)? y
Enter user account for ambari-server daemon (root):ambar-server
Adjusting ambari-server permissions and ownership...
Checking iptables...
iptables is disabled now. please reenable later.
Checking JDK...
Downloading JDK from http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin to /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
JDK distribution size is 85581913 bytes
jdk-6u31-linux-x64.bin... 100% (81.6 MB of 81.6 MB)
Successfully downloaded JDK distribution to /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
To install the Oracle JDK you must accept the license terms found at http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u21-license-159167.txt. Not accepting will cancel the Ambari Server setup.
Do you accept the Oracle Binary Code License Agreement [y/n] (y)? 
Installing JDK to /usr/jdk64
Successfully installed JDK to /usr/jdk64/jdk1.6.0_31
Downloading JCE Policy archive from http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip to /var/lib/ambari-server/resources/jce_policy-6.zip
Successfully downloaded JCE Policy archive to /var/lib/ambari-server/resources/jce_policy-6.zip
Completing setup...
Configuring database...
Enter advanced database configuration [y/n] (n)? y
Select database:
1 - PostgreSQL (Embedded)
2 - Oracle
[1]:2
Hostname [localhost]:ip-10-34-79-165.ec2.internal
Port [1521]:
Select Oracle identifier type:
1 - Service Name
2 - SID
[1]:XE
Invalid number.
Select Oracle identifier type:
1 - Service Name
2 - SID
[1]:1
Service Name [ambari]:XE
Username [ambari]: 
Enter Database Password [bigdata]: 
WARNING: Before starting Ambari Server, you must copy the Oracle JDBC driver JAR file to /usr/share/java.
Press <enter> to continue.
Copying JDBC drivers to server resources...
Configuring remote database connection properties...
WARNING: Cannot find oracle sqlplus client in the path to load the Ambari Server schema. Before starting Ambari Server, you must run the following DDL against the database to create the schema 
sqlplus ambari/bigdata < /var/lib/ambari-server/resources/Ambari-DDL-Oracle-CREATE.sql 
Press <enter> to continue.
WARNING: The cli was not found
Ambari Server 'setup' completed with warnings.
[root@ip-10-116-65-200 kerb]# less /etc/passwd

      Attachments

        1. AMBARI-2644.patch
          2 kB
          Siddharth Wagle
        2. AMBARI-2644-1.patch
          7 kB
          Siddharth Wagle

        Activity

          People

            swagle Siddharth Wagle
            swagle Siddharth Wagle
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: