Reply
Contributor
Posts: 41
Registered: ‎05-12-2016
Accepted Solution

oozie cli doesn't work after enabling tls option

Hi Guys,

 

I have a problem with oozie on my cloudera cluster. I enabled TLS encryption for admin console and Agents. I specified Keystore and Truststore File location and passwords in configuration tab for oozie.

 

When i try to curl oozie:

oozie admin -oozie https://ukgs2hdm02.cwglobal.local:11443/oozie -status

 

Error: IO_ERROR : java.io.IOException: Error while connecting Oozie server. 
No of retries = 1. Exception = sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I was thinking about importing host certificate to a default java keystore but find this:

 

/opt/jdk1.7.0_79/jre/lib/security/cacerts
/opt/cloudera/parcels/CDH-5.5.4-1.cdh5.5.4.p0.9/lib/hue/build/env/lib/python2.6/site-packages/boto-2.38.0-py2.6.egg/boto/cacerts
/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.39.x86_64/jre/lib/security/cacerts
/usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
/usr/java/jdk1.6.0_31/jre/lib/security/cacerts
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/java/cacerts

and I don't know which one should I use?

 

Here are my files related to cert:

-rw-r-----. 1 root         tls  1996 May 31 13:08 cdh_host.key
-rw-r-----. 1 root         tls  2159 May 31 13:08 cdh_host.keystore
-r--r-----. 1 oozie        tls  2159 Sep 13 09:45 cdh_host.oozie.keystore
-rw-r-----. 1 root         tls  1123 May 31 13:08 cdh_host.pem
-r-xr--r--. 1 cloudera-scm tls  8754 Sep  7 13:39 truststore.jks
-rw-r-----. 1 root         tls 11961 Sep  7 13:39 truststore.pem
-rw-r-----. 1 root         tls   789 May 31 13:08 ukgs2hdm02.cwglobal.local.cer

oozie keystore is the same as the host keystore.

 

I have added certificate to all default java truststores and still the same problem.

 

Oozie web console works just fine.

 

Any ideas?

Contributor
Posts: 41
Registered: ‎05-12-2016

Re: oozie cli doesn't work after enabling tls option

Solved. I missed one of the java default truststore files..........
Explorer
Posts: 10
Registered: ‎03-24-2015

Re: oozie cli doesn't work after enabling tls option

Hi @andrzejj, can you explain how can you solve this problem? 

thank you.

Highlighted
New Contributor
Posts: 1
Registered: ‎11-09-2017

Re: oozie cli doesn't work after enabling tls option

can you explain how did you resolve this issue.

Announcements