Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Datanode Can't connect to Namenode due to SSL Error

Solved Go to solution

Datanode Can't connect to Namenode due to SSL Error

Explorer

I have a 5 node cluster with 4 data nodes which is in a good condition.

But in order to add a secondary name node, I tried to generate the ssh key again instead of copying the already existing key onto the new machine. The new host was not registering with the following error:

INFO 2017-09-21 17:24:06,811 NetUtil.py:67 - Connecting to https://asterix01.cem.spirent.com:8440/ca
ERROR 2017-09-21 17:24:06,934 NetUtil.py:93 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
ERROR 2017-09-21 17:24:06,934 NetUtil.py:94 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2017-09-21 17:24:06,937 NetUtil.py:121 - Server at https://asterix01.cem.spirent.com:8440 is not reachable, sleeping for 10 seconds...

So I stopped trying to add the new host and checked if the existing hosts are doing any good and restarted ambari-agent of one of them. The logs show failure with the same error as above- which confirms there is an issue with the keys.

What can I do to resolve this? I tried to setup passwordless SSH as root user afresh as given in the documentation but it still fails. Can someone help me fix this please?

I definitely can ssh without passwords from the command line.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Datanode Can't connect to Namenode due to SSL Error

Super Mentor

@Sree Kupp

It happens Python version is "python-2.7.5" or higher, hence you should try to either downgrade the python version to lower than python-2.7.5 as it causes this issue.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

(OR)

Else you will need to following the steps mentioned in the following doc to fix the "certificate verify failed (_ssl.c" issue while using RHEL7: Controlling and troubleshooting certificate verification: https://access.redhat.com/articles/2039753#controlling-certificate-verification-7

# vi /etc/python/cert-verification.cfg
[https]
verify=disable

.
Valid values are enable (verification is enabled by default), disable (verification is disabled by default),
.


Also please check the related threads:
1. https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certif...
2. https://community.hortonworks.com/questions/121978/openssl-compatibility.html
3. https://community.hortonworks.com/questions/138820/ambari-server-failing-to-communicate-with-ambari-...

.

View solution in original post

2 REPLIES 2
Highlighted

Re: Datanode Can't connect to Namenode due to SSL Error

Super Mentor

@Sree Kupp

It happens Python version is "python-2.7.5" or higher, hence you should try to either downgrade the python version to lower than python-2.7.5 as it causes this issue.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

(OR)

Else you will need to following the steps mentioned in the following doc to fix the "certificate verify failed (_ssl.c" issue while using RHEL7: Controlling and troubleshooting certificate verification: https://access.redhat.com/articles/2039753#controlling-certificate-verification-7

# vi /etc/python/cert-verification.cfg
[https]
verify=disable

.
Valid values are enable (verification is enabled by default), disable (verification is disabled by default),
.


Also please check the related threads:
1. https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certif...
2. https://community.hortonworks.com/questions/121978/openssl-compatibility.html
3. https://community.hortonworks.com/questions/138820/ambari-server-failing-to-communicate-with-ambari-...

.

View solution in original post

Highlighted

Re: Datanode Can't connect to Namenode due to SSL Error

Explorer

Thanks a ton @Jay SenSharma. That really helped.

Don't have an account?
Coming from Hortonworks? Activate your account here