Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

SmartSense cannot create encrypted bundles when ambari server is running as non-root user

avatar
author-rank apathak author-rank
Rising Star

Created on ‎04-28-2017 12:27 AM

Affected versions:

1.2.x

Symptoms:

Ambari was running as root during installation, then after configured for non-root, the issue occurs.

When we create a bundle, we are not able to encrypt it because ambari is not able to read the public key under /var/lib/smartsense/hst-common/encryption/keys.

File permissions

[root@DPDev hdfs]# ls -lsR /var/lib/smartsense/hst-common
/var/lib/smartsense/hst-common:total 8
4 drwxr-xr-x 3 ambari ambari 4096 Apr 20 16:59 anonymization
4 drwxr-xr-x 3 ambari ambari 4096 Apr 20 16:59 encryption

/var/lib/smartsense/hst-common/anonymization:total 4
4 drwxr-xr-x 2 ambari ambari 4096 Apr 20 18:21 keys

/var/lib/smartsense/hst-common/anonymization/keys:total 8
4 -rw-r--r-- 1 root root 44 Apr 20 16:59 private_anonymization.key
4 -rw-r--r-- 1 root root 44 Apr 20 18:01 shared_anonymization.key

/var/lib/smartsense/hst-common/encryption:total 4
4 drw-r----- 2 ambari ambari 4096 Apr 20 16:59 keys

/var/lib/smartsense/hst-common/encryption/keys:total 8

4 -rw-r----- 1 ambari ambari 216 Mar 10 12:52 public.key4 -rw-r----- 1 ambari ambari 216
Mar 10 12:52 test_public.key

Encrypted download error

The webpage at
http://10.20.30.40:8080/api/v1/views/HORTONWORKS_SMARTSENSE/versions/1.2.1.0-70/instances/SmartSense...
might be temporarily down or it may have moved permanently to a new web
address.ERR_INVALID_RESPONSE

hst-server.out or hst-server.log

Apr 20, 2016 6:46:45 PM com.hortonworks.support.tools.server.streaming.EncryptedStreamingOutput write

INFO: Encrypting file : /var/lib/smartsense/hst-server/data/a-00000000-c-00000000_dpdev_0_2016-04-20_18-21-02.tgz

Apr 20, 2016 6:46:45 PM com.hortonworks.smartsense.anonymization.Configuration loadKey

INFO: Path /var/lib/smartsense/hst-common/encryption/keys/public.key doesn't exists or not a file to load key.

Apr 20, 2016 6:46:45 PM com.hortonworks.smartsense.anonymization.crypto.impl.RSACrypto encrypt

SEVERE: Invalid key: No installed provider supports this key: (null).

Apr 20, 2016 6:46:45 PM org.eclipse.jetty.servlet.ServletHandler doHandle

WARNING: /api/v1/bundles/a-00000000-c-00000000_dpdev_0_2016-04-20_18-21-02

com.hortonworks.smartsense.anonymization.crypto.CryptoException: No installed provider supports this key: (null)

at com.hortonworks.smartsense.anonymization.crypto.impl.RSACrypto.encrypt(RSACrypto.java:106)

at com.hortonworks.smartsense.anonymization.crypto.impl.ArchiveFileCrypto.encrypt(ArchiveFileCrypto.java:159)

at com.hortonworks.smartsense.anonymization.crypto.FileEncryptor.encrypt(FileEncryptor.java:75)

at com.hortonworks.support.tools.server.streaming.EncryptedStreamingOutput.write(EncryptedStreamingOutput.java:61)

at com.sun.jersey.core.impl.provider.entity.StreamingOutputProvider.writeTo(StreamingOutputProvider.java:71)

at com.sun.jersey.core.impl.provider.entity.StreamingOutputProvider.writeTo(StreamingOutputProvider.java:57)

at com.sun.jersey.spi.container.ContainerResponse.write(ContainerResponse.java:306)

at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1437)

at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)

at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)

at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)

at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)

at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1329)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at com.hortonworks.support.tools.server.security.authorization.SupportToolAuthorizationFilter.doFilter(SupportToolAuthorizationFilter.java:93)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)

at com.hortonworks.support.tools.servlet.SupportToolPersistFilter.doFilter(SupportToolPersistFilter.java:54)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:559)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)

at org.eclipse.jetty.server.Server.handle(Server.java:363)

at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)

at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:920)

at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:982)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:635)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.security.InvalidKeyException: No installed provider supports this key: (null)

at javax.crypto.Cipher.chooseProvider(Cipher.java:893)

at javax.crypto.Cipher.init(Cipher.java:1249)

at javax.crypto.Cipher.init(Cipher.java:1186)

at com.hortonworks.smartsense.anonymization.crypto.impl.RSACrypto.encrypt(RSACrypto.java:102)

... 64 more

Reason:

The permission for the public key under /var/lib/smartsense/hst-common/encryption/keys

folder is 640. So only root could read it. As ambari was running as non-root user, it could not access this folder.

Solution:

Executed the command below and download the encrypted bundle again or re-upload the bundle.

chmod -R 750
/var/lib/smartsense/hst-common/encryption
811 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎04-28-2017 12:27 AM
Updated by:
Rising Star Rising Star
Contributors