Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

2.5.3 to 2.6.5 upgrade pre check fails on Ranger - Truststore path or password is not set.

avatar
Contributor

Upgrading 2.5.3 to 2.6.2 , actual Ambari is 2.6.2.2

Last pre check left to resolve. Ranger complains at ambari-server.log :

27 Oct 2018 02:41:41,564  INFO [ambari-client-thread-55] RangerSSLConfigCheck:72 - Ranger is SSL enabled, need to show Configuration changes warning before upragade proceeds.
27 Oct 2018 02:42:43,084 ERROR [ambari-client-thread-52] URLStreamProvider:297 - Can't get secure connection to https://emlpsn01.emprd.lpemrz.com:6182/service/public/api/repository/count.  Truststore path or password is not set.
27 Oct 2018 02:42:43,085 ERROR [ambari-client-thread-52] CheckHelper:109 - Check SERVICES_RANGER_PASSWORD_VERIFY failed
java.lang.IllegalStateException: Can't get secure connection to https://emlpsn01.emprd.lpemrz.com:6182/service/public/api/repository/count.  Truststore path or password is not set.
	at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:298)
	at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:181)
	at org.apache.ambari.server.controller.internal.URLStreamProvider.processURL(URLStreamProvider.java:160)
	at org.apache.ambari.server.checks.RangerPasswordCheck.checkLogin(RangerPasswordCheck.java:243)
	at org.apache.ambari.server.checks.RangerPasswordCheck.perform(RangerPasswordCheck.java:132)
	at org.apache.ambari.server.state.CheckHelper.performChecks(CheckHelper.java:104)
1 ACCEPTED SOLUTION

avatar
Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
7 REPLIES 7

avatar
Master Mentor

@Marek Martofel

Can you please check if you have setup Abari Truststore?

Do you see any 'truststore' related settings in your current or old "/etc/ambari-server/conf/ambari.properties" ?

# grep 'trust' /etc/ambari-server/conf/ambari.properties
# grep 'trust' /etc/ambari-server/conf/ambari.properties.rpmsave

Based on the error it looks like Your Ranger UI is running on HTTPs and ambari truststore does not have the Ranger certificate imported to it.

You can refer to the following doc to know more about Setting up Truststore for Ambari : https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.2/bk_ambari-security/content/set_up_truststor...

.

The following HCC article also explains the cause and remedy of "Truststore path or password is not set"

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

avatar
Master Mentor

@Marek Martofel

So basically you should do the following:

1. Setup truststore for Ambari Server : (option-4)

# ambari-server setup-seturity
[4] Setup truststore


2. Import Ranger certificate inside the ambari truststore it can also be done manually or using the following option (option-5)

# ambari-server setup-seturity
[5] Import certificate to truststore.

.

avatar
Contributor

Have only one line for Kerberos:

[mmartofel@emlpsn01 conf]$ grep 'trust' /etc/ambari-server/conf/ambari.properties
kerberos.operation.verify.kdc.trust=true
[mmartofel@emlpsn01 conf]$ grep 'trust' /etc/ambari-server/conf/ambari.properties.rpmsave.20181026104227
[mmartofel@emlpsn01 conf]$

avatar
Contributor

I set same password for admin and amb_ranger_admin as of the instructions from:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Ranger_Install_Guide/content/updating_ra...

and

https://community.hortonworks.com/questions/19948/this-alert-is-used-to-ensure-that-the-ranger-admin...

Also I created new truststore file as of article:

https://community.hortonworks.com/articles/16373/ranger-ssl-pitfalls.html

There is many truststore files and accompaining passwords along Ranger but can't find which one really is considered by upgrade pre check process.

Could you please point me to correct on?

Any more tracing, debugging I can do here?

avatar
Contributor

YES! This works now! Many thanks for your prompt support Jay!

Will sum up my steps later on for the next folks hitting this issue.

avatar
Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Master Mentor

@Marek Martofel

Wonderful!!! thank you for sharing so detailed steps.

I am marking this thread as answered.