Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Unable to start ambari-server - Problem with encrypt password

avatar
author-rank florentmair
New Member

Created ‎02-13-2017 11:18 AM

Hello

Ambari-server can't start, i have this error :

 cat /var/log/ambari-server/ambari-server.out
java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
       at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:104)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:97)
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:51)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.configuration.Configuration.loadCredentialProvider(Configuration.java:858)
       at org.apache.ambari.server.configuration.Configuration.readPasswordFromStore(Configuration.java:1494)
       at org.apache.ambari.server.configuration.Configuration.getDatabasePassword(Configuration.java:1442)
       at org.apache.ambari.server.controller.ControllerModule.buildJpaPersistModule(ControllerModule.java:368)
       at org.apache.ambari.server.controller.ControllerModule.configure(ControllerModule.java:313)
       at com.google.inject.AbstractModule.configure(AbstractModule.java:59)
       at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:223)
       at com.google.inject.spi.Elements.getElements(Elements.java:101)
       at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:133)
       at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:103)
       at com.google.inject.Guice.createInjector(Guice.java:95)
       at com.google.inject.Guice.createInjector(Guice.java:72)
       at com.google.inject.Guice.createInjector(Guice.java:62)
       at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:803)
Exception in thread "main" java.lang.ExceptionInInitializerError
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.configuration.Configuration.loadCredentialProvider(Configuration.java:858)
       at org.apache.ambari.server.configuration.Configuration.readPasswordFromStore(Configuration.java:1494)
       at org.apache.ambari.server.configuration.Configuration.getDatabasePassword(Configuration.java:1442)
       at org.apache.ambari.server.controller.ControllerModule.buildJpaPersistModule(ControllerModule.java:368)
       at org.apache.ambari.server.controller.ControllerModule.configure(ControllerModule.java:313)
       at com.google.inject.AbstractModule.configure(AbstractModule.java:59)
       at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:223)
       at com.google.inject.spi.Elements.getElements(Elements.java:101)
       at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:133)
       at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:103)
       at com.google.inject.Guice.createInjector(Guice.java:95)
       at com.google.inject.Guice.createInjector(Guice.java:72)
       at com.google.inject.Guice.createInjector(Guice.java:62)
       at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:803)
Caused by: java.lang.NullPointerException
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:52)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       ... 15 more

Ambari is unable to read encrypt passwords and i don't know why :

 #  /usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/bin/java -cp '/etc/ambari-server/conf:/usr/lib/ambari-server/*' org.apache.ambari.server.security.encryption.CredentialProvider GET ambari.db.password
java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
       at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:104)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:97)
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:51)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.security.encryption.CredentialProvider.main(CredentialProvider.java:151)
Exception in thread "main" java.lang.ExceptionInInitializerError
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.security.encryption.CredentialProvider.main(CredentialProvider.java:151)
Caused by: java.lang.NullPointerException
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:52)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       ... 2 more

any idea ?

thanks

4,740 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank florentmair
New Member

Created ‎02-13-2017 05:25 PM

Found it ... some change i have made into java.security file ...

Thanks for your time

View solution in original post

4,482 Views
0 Kudos
6 REPLIES 6

avatar
author-rank pvillard author-rank
Guru

Created ‎02-13-2017 11:21 AM

Hi @Florent M,

Is JCE installed? It looks like it is using an algorithm you don't have available on your server.

4,482 Views
0 Kudos

avatar
author-rank florentmair
New Member

Created ‎02-13-2017 12:40 PM

hi Pierre Villard

i think i have jce installed, because it should be included with openjdk

i have this lib with the jdk :

/usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/jre/lib/jce.jar

Everything works fine until i have rebooted the server

4,482 Views
0 Kudos

avatar
author-rank pvillard author-rank
Guru

Created ‎02-13-2017 12:43 PM

It is not installed by default with the JDK:

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/_distribute_and_install_...

To check if it is installed, you can execute the following command:

jrunscript -e ‘exit (javax.crypto.Cipher.getMaxAllowedKeyLength(“RC5”) 
>= 256);’; if [ $? -eq 1 ]; then echo “JCE Unlimited OK”; else echo 
“JCE NOT Unlimited”; fi

jrunscript is located in bin directory where your Java is installed.

4,482 Views
0 Kudos

avatar
author-rank florentmair
New Member

Created ‎02-13-2017 01:29 PM

it's look like good

/usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/bin/jrunscript -e 'exit (javax.crypto.Cipher.getMaxAllowedKeyLength("RC5") >= 256);'; if [ $? -eq 1 ]; then echo "JCE Unlimited OK"; else echo "JCE NOT unlimited"; fi
JCE Unlimited OK
4,482 Views
0 Kudos

avatar
author-rank florentmair
New Member

Created ‎02-13-2017 05:25 PM

Found it ... some change i have made into java.security file ...

Thanks for your time

4,483 Views
0 Kudos

avatar
author-rank aervits
Master Mentor

Created ‎02-13-2017 05:30 PM

@Florent M can you ellaborate on what the issue was, that this can be used as reference material.

4,482 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements