Support Questions

@Ali Nazemian

You are using 2.4.1 where this can happen when the encrypted password is null/empty.

      if (result != null) {
        password = new String(result);
      } else {
        LOG.error("Cannot read password for alias = " + aliasStr);
      }

https://github.com/apache/ambari/blob/release-2.4.1/ambari-server/src/main/java/org/apache/ambari/se...

- So i am suspecting that your Password encryption was not done successfully. So try the encryption again. Or try removing the encryption and then freshly enable the password encryption:

(OLD Doc but should work) https://ambari.apache.org/current/installing-hadoop-using-ambari/content/ch02s06s01s02.html

- And do not forget to restart ambari server after enabling the encryption.

A special character should not really affect this, however it may depend on how special that character is. If it is just a normal ASCII letter, number, or punctuation, it will be fine. However if the character is not in the western latin character set, it may not have a valid translation. But I do not think that you would see the error message you posted.

That said, it is possible that your key did not make it into the Ambari credential store. Yo can check that by listing the keys in the credential store:

$JAVA_HOME/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS

In my case $JAVA_HOME is /usr/jdk64/jdk1.8.0_77, so you might want to call the command using something like

/usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS

After running this command, you will be prompted for a password. That password is the master password you set when enabling this feature.

Example:

# /usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS
Enter keystore password:

Keystore type: JCEKS
Keystore provider: SunJCE

Your keystore contains 2 entries

ambari.ldap.manager.password, Jan 4, 2017, SecretKeyEntry,
ambari.db.password, Jan 4, 2017, SecretKeyEntry,

Here we see that the ambari.ldap.manager.password alias exists.

In my ambari.properties, we see that the ambari.ldap.manager.password alias is assigned to the LDAP manager password property:

authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password} 

If your credential store does not have the ambari.ldap.manager.password entry, then we should be able to add it by rerunning the ambari-server setup-ldap command. Or you can try to manually add the password to the credential store using the keytool command like:

$JAVA_HOME/bin/keytool -importpass -alias ambari.ldap.manager.password -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS 

For example,

/usr/jdk64/jdk1.8.0_77/bin/keytool -importpass -alias ambari.ldap.manager.password -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS
Enter keystore password:
Enter the password to be stored:
Re-enter password:
Enter key password for <ambari.ldap.manager.password>
	(RETURN if same as keystore password):

I entered the master password at the first prompt and the LDAP manager password for the next 2 prompts. I simply hit the return key for the last prompt.

Maybe this will help.