Reply
SPK
New Contributor
Posts: 3
Registered: ‎02-24-2018

TLS enable failing with SSLError

Hi,

 

We are trying to enable TLS in our cloudera cluster. When we try to start our agent, we are getting the below error.

 

[02/May/2018 19:16:51 +0000] 65681 Dummy-1 daemonize WARNING Stopping daemon.
[02/May/2018 19:19:17 +0000] 66199 MainThread __init__ INFO Agent UUID file was last modified at 2018-04-30 22:18:50.967064
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO ================================================================================
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO SCM Agent Version: 5.14.3
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Agent Protocol Version: 4
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using Host ID: 053c3756-93a9-4c43-9ff5-bd0e1d6b4941
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using directory: /run/cloudera-scm-agent
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using supervisor binary path: /usr/lib64/cmf/agent/build/env/bin/supervisord
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Agent Logging Level: DEBUG
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO No command line vars
[02/May/2018 19:19:17 +0000] 66199 MainThread https ERROR Error while setting up SSL context
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.14.3-py2.7.egg/cmf/https.py", line 99, in make_ssl_context
lambda * arg, **kw: key_password)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Context.py", line 117, in load_cert_chain
m2.ssl_ctx_use_privkey(self.ctx, keyfile)
SSLError: No such file or directory
[02/May/2018 19:19:17 +0000] 66199 Dummy-1 daemonize WARNING Stopping daemon.

 

We followed the instructions provided below:

https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#concept...

 

We are doing self signed certificate. We also create a root certificate and signed the server certificate with the root certificate.  We tried to ensure that agent ini file is appropriately configured. We confirmed the path for the verify certificate file variables and it all looks good.

 

Kinda stuck here. Request assistance. Thanks. 

Champion
Posts: 765
Registered: ‎05-16-2016

Re: TLS enable failing with SSLError

client_cert_file - does it have pem file? 

Posts: 1,028
Topics: 1
Kudos: 257
Solutions: 127
Registered: ‎04-22-2014

Re: TLS enable failing with SSLError

Hi @SPK,

 

This error:

 

2.ssl_ctx_use_privkey(self.ctx, keyfile)
SSLError: No such file or directory

 

Indicates that the private key is missing. Check your /etc/cloudera-scm-agent/config.init for this value:

 

# PEM file containing client private key.
client_key_file=/etc/cdep-ssl-conf/CA_STANDARD/cm_server-enc_key.pem

 

Make sure that the path is correct and that the file specified there exists.  Then, try restarting the agent with "service cloudera-scm-agent restart"

 

-Ben

Announcements