Reply
Explorer
Posts: 16
Registered: ‎12-05-2018

how to encrypt password on /etc/cloudera-scm-server/db.property

Hello.

 

I've Changed Database from Embedded Database to Mysql before starting cloudera-scm-server.

 

and than that is my db.property

vi /etc/cloudera-scm-server/db.property

 

ex)

com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=localhost
com.cloudera.cmf.db.name=scm
com.cloudera.cmf.db.user=scm
com.cloudera.cmf.db.setupType=EXTERNAL
com.cloudera.cmf.db.password=password

 

I hope to encrypt password on db.property.

how to encrypt password in what format?

 

or 

 

I've seen

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_redaction.html

 

https://www.cloudera.com/documentation/enterprise/latest/topics/prepare_cm_database.html#scm_prepare...

 

but I don't know how to use this option --scm-password-script and what argument do I write that.

 

Thank you.

Cloudera Employee
Posts: 207
Registered: ‎01-15-2015

Re: how to encrypt password on /etc/cloudera-scm-server/db.property

Cloudera Manager Server Database Password Handling has the corresponding instructions:

You can also replace an existing cleartext password in /etc/cloudera-scm-server/db.properties by replacing the com.cloudera.cmf.db.password setting with com.cloudera.cmf.db.password_script and setting the name of the script or executable:

Make sure the referenced script passes the password to stdout.

Highlighted
Explorer
Posts: 16
Registered: ‎12-05-2018

Re: how to encrypt password on /etc/cloudera-scm-server/db.property

Thanks for the reply.  So to test it out, I made a very simple script that simply echo "password"  My plan was to verify that the scripting mechanism works and then I can worry about making the script more secure.

 

I called --

/opt/cloudera/cm/schema/scm_prepare_database.sh mysql scm scm --scm-password-script /root/password.s

and received a message the setup was properly completed.

 

In reviewing the db.properties file, I see the following:

# Auto-generated by scm_prepare_database.sh on Thu Mar 14 13:58:43 KST 2019
#
# For information describing how to configure the Cloudera Manager Server
# to connect to databases, see the "Cloudera Manager Installation Guide."
#
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=localhost
com.cloudera.cmf.db.name=scm
com.cloudera.cmf.db.user=scm
com.cloudera.cmf.db.setupType=EXTERNAL
com.cloudera.cmf.db.password_script=/root/password.sh

 

Next, I proceeded with starting cloudera-scm-server and received the following error message:

2019-03-14 14:02:39,360 ERROR main:com.cloudera.server.cmf.Main: Server failed.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.cloudera.server.cmf.TrialState': Cannot resolve reference to bean 'entityManagerFactoryBean' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException: Could not find or parse database configuration file: 'db.properties'.
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
at com.cloudera.server.cmf.Main.bootstrapSpringContext(Main.java:415)
at com.cloudera.server.cmf.Main.<init>(Main.java:258)
at com.cloudera.server.cmf.Main.main(Main.java:231)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException: Could not find or parse database configuration file: 'db.properties'.
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
... 17 more
Caused by: java.lang.RuntimeException: Could not find or parse database configuration file: 'db.properties'.
at com.cloudera.enterprise.CommonMain.setupHibernate(CommonMain.java:175)
at com.cloudera.server.cmf.bootstrap.EntityManagerFactoryBean.getObject(EntityManagerFactoryBean.java:158)
at com.cloudera.server.cmf.bootstrap.EntityManagerFactoryBean.getObject(EntityManagerFactoryBean.java:75)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
... 22 more
Caused by: java.io.IOException: Password script "/root/password.sh" failed with return value 126.
Stdout:
Stderr: bash: /root/password.sh: Permission denied
at com.cloudera.enterprise.ORMProperties.execPassScript(ORMProperties.java:108)
at com.cloudera.enterprise.ORMProperties.<init>(ORMProperties.java:73)
at com.cloudera.enterprise.CommonMain.setupHibernate(CommonMain.java:119)

 

 

Cloudera Employee
Posts: 207
Registered: ‎01-15-2015

Re: how to encrypt password on /etc/cloudera-scm-server/db.property

Stderr: bash: /root/password.sh: Permission denied

Please put the script into an other directory than /root and adjust db.properties accordingly. Make sure the cloudera-scm user has permissions to read and execute that file.

Announcements