Reply
New Contributor
Posts: 1
Registered: ‎10-14-2014

getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

OS:CentOS6.5 CDH5.1.0 

 

I followed this document to configuring TLS Encryption only for Cloudera Manager

http://www.cloudera.com/content/cloudera/en/documentation/cloudera-manager/v5-latest/Cloudera-Manage...

 

[root@SH01 ~]keytool -validity 1095 -keystore /etc/cloudera-scm-server/keystore/scm-keystore -alias jetty -genkeypair -keyalg RSA

 

"What is your first and last name?" I valued: SH01.com

 

[root@SH01 ~]# hostname

SH01

 

[root@SH01 ~]hostname -f

SH01.com

 

[root@SH01 ~]# vi /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

190.16.1.38 SH01.com SH01
190.16.1.39 SH02.com SH02
190.16.1.40 SH03.com SH03
190.16.1.41 SH04.com SH04
190.16.1.42 SH05.com SH05
190.16.1.43 SH06.com SH06
190.16.1.44 SH07.com SH07
190.16.1.45 SH08.com SH08

 

I can login CM mainpage but I can't start CM service after I finished all steps and restart all

 

It alert this :Service did not start successfully; not all of the required roles started: Service has only 0 Service Monitor roles running instead of minimum required 1.

 

  • cloudera-scm-server.log:

 

2014-10-11 00:04:09,994 INFO [main:mortbay.log@67] Registered SubjectType IMPALA-IMPALAD
:$
at com.cloudera.server.cmf.components.ClouderaManagerMetricsForwarder.run(ClouderaManagerMetricsForwarder.java:99)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.avro.AvroRemoteException: java.net.ConnectException: Connection refused
at org.apache.avro.ipc.specific.SpecificRequestor.invoke(SpecificRequestor.java:88)
... 11 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
at sun.net.www.http.HttpClient.New(HttpClient.java:308)
at sun.net.www.http.HttpClient.New(HttpClient.java:326)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:996)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:850)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
at org.apache.avro.ipc.HttpTransceiver.writeBuffers(HttpTransceiver.java:71)
at org.apache.avro.ipc.Transceiver.transceive(Transceiver.java:58)
at org.apache.avro.ipc.Transceiver.transceive(Transceiver.java:72)
at org.apache.avro.ipc.Requestor.request(Requestor.java:147)
at org.apache.avro.ipc.Requestor.request(Requestor.java:101)
at org.apache.avro.ipc.specific.SpecificRequestor.invoke(SpecificRequestor.java:72)
... 11 more

 

 

  • cloudera-scm-agent.log:

[15/Oct/2014 00:20:07 +0000] 1762 MainThread agent ERROR Heartbeating to 190.16.1.38:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/src/cmf/agent.py", line 781, in send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/src/cmf/https.py", line 92, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: unknown group

 

 

 

 

 

New Contributor
Posts: 5
Registered: ‎09-11-2016

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

Facing similar issue (RHEL 6.5, CM 5.7)

 

 

Was this issues fixed/resolved, appreciate inputs here

Posts: 1,042
Topics: 1
Kudos: 262
Solutions: 130
Registered: ‎04-22-2014

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

Hello,

 

The "unknown group" error is usually caused by an older package of OpenSSL being installed on your hosts.

Run rpm -qa openssl

If you see a version like this: openssl-1.0.1e-15.el6 then upgrade your openssl to a later package, restart the agent, then try again.

 

Regards,

 

Ben

Highlighted
New Contributor
Posts: 5
Registered: ‎09-11-2016

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

Thanks Team

 

Yes, the issue was due to older version of ssl, had fixed this issue last week.

Thanks for the details shared.

 

 

Thank you

Kashi

Announcements