Reply
New Contributor
Posts: 2
Registered: ‎02-07-2017

Passive database failed to start during setting up HDFS data at rest encryption

CM&CDH version is Cloudera Enterprise 5.8.2, KEYTRUSTEE parcel version is 5.8.2-5.KEYTRUSTEE5.8.2.p0.1, KEYTRUSTEE_SERVER parcel version is 5.8.0-1.keytrustee5.8.0.p0.10. Encoutered two quesitons below during setting up HDFS data at rest encryption via Cloudera manager. 1. Passive database role failed to start, other roles(Active/Passive Key Trustee Server, Active Database) started successfully. Found the following fragment in stderr log of passive database. + exec /opt/cloudera/parcels/KEYTRUSTEE_SERVER-5.8.0-1.keytrustee5.8.0.p0.10/meta/../PG_DB/opt/postgres/9.3/bin/postmaster -D /var/lib/keytrustee/db postmaster cannot access the server configuration file "/var/lib/keytrustee/db/postgresql.conf": No such file or directory The folder /var/lib/keytrustee/db/ is actually empty. I tried to copy files missed from the active database, but got the following error: FATAL: could not load server certificate file "server.crt": No such file or directory I don't sure where to find the file "server.crt" 2. The command "keytrustee-orgtool add -n my.com -c root@localhost" always hangs when setuping organization and authorization secret for KMS, even if pressed "ctrl+c" keys can not also interrupt it. Of course, the result to execute "keytrustee-orgtool list" is empty. I don't sure whether there is a relation between the two probelems. Any ideas can be appreciated!
Posts: 37
Topics: 0
Kudos: 7
Solutions: 6
Registered: ‎01-05-2015

Re: Passive database failed to start during setting up HDFS data at rest encryption

Hello, 

 

If you are a licensed customer please open a case with our support teams through the support portal. The deployment process for Key Trustee is fairly straight forward but you do have to perform certain steps in the commandline during deployment that are outlined in the wizard. 

 

Also please ensure that communication between both systems which will host Key Trustee is unobstructed during deployment. If these host are in AWS please review your security controls, if these are stand alone systems in an on-prem environment please make sure that there are no firewalls or proxies which might interfer with communication. Part of the setup process include data replication between these host as well the setup of synchronous replication. 

 

There are ways to recover from the state you are presently in however they can be complex. It may be easier for you to remove the roles, clean up the host, and try again after ensuring that there are no firewalls, or other controls blocking or manipulating traffic between the host.

 

 

Customer Operations Engineer | Cloudera, Inc.
New Contributor
Posts: 2
Registered: ‎02-07-2017

Re: Passive database failed to start during setting up HDFS data at rest encryption

You are right, the two problems were caused by firewall, everything become okay after closing it. Thank you.
Announcements
New Solutions